Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Prefetch File Recovery

APPS | Artifact

This script is designed to find deleted prefetch files in both compressed and uncompressed formats.

Output is via bookmarks and a logical evidence file whose contents can be parsed using the Prefetch Dump (PFDump) EnScript.

Compressed prefetch files will be decompressed automatically as part of the validation/extraction process.

The script provides the option to exclude prefetch files above a certain size. The main purpose of this is to help validate hits relating to compressed prefetch files.

Feedback is provided via the console and status-bar.

This script was developed for use in EnCase training. For more details, please click the following link:

OpenText EnCase Training

Download Now

DISCUSSION BOARD

FAQ

Version: 1.0.0

Tested with:
EnCase Forensic 21.2

Developer: Simon Key

Category: Artifact

183 Downloads

29 Downloads in last 6 months