If you have been following the recipes in this book, you already know what Magnet AXIOM is, and have even used it for forensic analysis of some Windows artifacts. AXIOM is a really good tool, so we are going to continue to show you how to use it for parsing and analysis of different useful operating system artifacts: this time, prefetch files.
Prefetch file analysis with Magnet AXIOM
Getting ready
As you have already used AXIOM, there is no need to install it - it's already on your workstation. If, for some reason, it's not, refer to the See Also section to learn how to get a trial version of the tool. Also, you will need an evidence source: a forensic image or a folder with prefetch files (this is located in C:...