{ "info": { "author": "Adam Witt", "author_email": "accidentalassist@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Information Technology", "License :: OSI Approved :: Apache Software License", "Topic :: Security" ], "description": "Windows-Prefetch-Carver\n======================== \nPython script to carve Windows Prefetch artifacts from arbitrary binary data\n\nDescription\n-------------\nThe Windows application prefetch mechanism is in place to offer performance benefits when launching applications. It's also one of the more beneficial forensic artifacts regarding evidence of applicaiton execution. prefetch-carve.py provides functionality for carving prefetch artifacts from binary data - such as unallocated disk space, raw memory images, etc. prefetch-carve.py will output to the specified file, and supports multiple output formats.\n\nSupported Prefetch Types\n--------------------------\nWindows 10 Prefetch files are compressed, and are unable to be carved from disk in this manner. All other Prefetch formats are supported (Windows XP - Windows 8.1)\n\nCommand-Line Options\n---------------------\n\n::\n\n optional arguments:\n -h, --help show this help message and exit\n -f FILE, --file FILE Carve Prefetch files from the given file\n -o OUTFILE, --outfile OUTFILE\n Write results to the given file\n -c, --csv Output results in csv format\n -m, --mactime Output results in mactime format\n -t, --tln Output results in tln format\n -s SYSTEM, --system SYSTEM\n System name (use with -t)\n\nTesting\n--------\nThorough teseting is still underway. I plan to integrate this project with Travis CI shortly.\n\n\nInstallation \n--------------\nUsing setup.py:\n\n::\n \n python setup.py install\n \nUsing pip:\n\n::\n \n pip install prefetchcarve", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/PoorBillionaire/Windows-Prefetch-Carver", "keywords": null, "license": "Apache Software License", "maintainer": null, "maintainer_email": null, "name": "prefetchcarve", "package_url": "https://pypi.org/project/prefetchcarve/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/prefetchcarve/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/PoorBillionaire/Windows-Prefetch-Carver" }, "release_url": "https://pypi.org/project/prefetchcarve/1.1.2/", "requires_dist": null, "requires_python": null, "summary": "A Python script to carve Windows Prefetch artifacts from arbitrary binary data", "version": "1.1.2" }, "last_serial": 2941212, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "6318df0a8e236093a21f1c10fe600704", "sha256": "d7218c7f456625f9f9f3c1055f716381f8ab2631148d80b3793de7b3cf8bf8ad" }, "downloads": -1, "filename": "prefetchcarve-1.0.0.tar.gz", "has_sig": false, "md5_digest": "6318df0a8e236093a21f1c10fe600704", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3481, "upload_time": "2017-05-26T17:21:08", "url": "https://files.pythonhosted.org/packages/76/45/24733089dc428d2fc3129e0f11ae993ac7855a3503a8f1c670778dfc8e0d/prefetchcarve-1.0.0.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "25752812de7776ef2e736c63d6eb5349", "sha256": "f65864ee2d721981e3cd372626ccbd1371ba0697454260e8810a40e19532eb6b" }, "downloads": -1, "filename": "prefetchcarve-1.1.0.tar.gz", "has_sig": false, "md5_digest": "25752812de7776ef2e736c63d6eb5349", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3504, "upload_time": "2017-05-29T22:18:58", "url": "https://files.pythonhosted.org/packages/05/bd/407582fd89804c8e63565126e7ab8731b6b77ee17d3dbf89915b3138af35/prefetchcarve-1.1.0.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "b032de0affe43ba74056f8921fe756ed", "sha256": "5bf30a22f12271d8a6205bc8b68ad0abbd9481bfd7f956a48a57dd2f2200e5b1" }, "downloads": -1, "filename": "prefetchcarve-1.1.1.tar.gz", "has_sig": false, "md5_digest": "b032de0affe43ba74056f8921fe756ed", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3526, "upload_time": "2017-06-11T00:22:32", "url": "https://files.pythonhosted.org/packages/63/f8/0bc508eca5d70e6179e78b7bb9ce2dbbdfafb5322264b2973e99d312dbc6/prefetchcarve-1.1.1.tar.gz" } ], "1.1.2": [ { "comment_text": "", "digests": { "md5": "6e616b6e2fc2cfd0dfa49729e20d749b", "sha256": "b358c59b30ffa234ef3fba3a1ad482cb2d89df12ab8d4f2fec2b1e20ccd82380" }, "downloads": -1, "filename": "prefetchcarve-1.1.2.tar.gz", "has_sig": false, "md5_digest": "6e616b6e2fc2cfd0dfa49729e20d749b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3533, "upload_time": "2017-06-11T01:33:20", "url": "https://files.pythonhosted.org/packages/b3/29/4d0f72379f953393b3ce356f939c6b791d3b07cf073d7497bd6bb474f25d/prefetchcarve-1.1.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "6e616b6e2fc2cfd0dfa49729e20d749b", "sha256": "b358c59b30ffa234ef3fba3a1ad482cb2d89df12ab8d4f2fec2b1e20ccd82380" }, "downloads": -1, "filename": "prefetchcarve-1.1.2.tar.gz", "has_sig": false, "md5_digest": "6e616b6e2fc2cfd0dfa49729e20d749b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3533, "upload_time": "2017-06-11T01:33:20", "url": "https://files.pythonhosted.org/packages/b3/29/4d0f72379f953393b3ce356f939c6b791d3b07cf073d7497bd6bb474f25d/prefetchcarve-1.1.2.tar.gz" } ] }