Does this skill require external Python libraries?

Yes, it requires Python 3.9+ and the 'windowsprefetch' library, which can be installed via pip.

Can I export the analysis results?

Yes, the skill is designed to produce a structured JSON report that includes the timeline, suspicious indicators, and execution frequency analysis.

How does it detect renamed or masquerading binaries?

It analyzes the DLLs and directories referenced within the Prefetch file and compares them against known signatures and common paths for legitimate executables.

What versions of Windows Prefetch are supported?

The skill supports Windows Prefetch formats from version 17 through 30, which covers Windows 7 through Windows 11, including MAM-compressed files.

Windows Prefetch Forensic Analysis

Name: Windows Prefetch Forensic Analysis
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Analyzes Windows Prefetch files using Python to reconstruct application execution timelines and detect malicious activity.

This skill empowers security analysts and forensic investigators to automate the parsing of Windows Prefetch (.pf) files using the windowsprefetch Python library. It extracts critical metadata including execution timestamps, run counts, and loaded DLLs to provide a clear picture of system activity. By identifying suspicious patterns such as renamed binaries, first-time executions during an incident window, and the use of anti-forensics tools, this skill significantly accelerates the digital forensics and incident response (DFIR) process within Claude Code and other AI-driven development environments.

Key Features

01Detection of masquerading binaries through DLL resource comparison

02Structured JSON reporting for integration with SOC workflows

03Identification of common attack tools and anti-forensics utilities

044,121 GitHub stars

05Chronological execution timeline reconstruction with millisecond precision

06Automated parsing of Windows 10/11 MAM-compressed Prefetch files

Use Cases

01Validating security monitoring coverage by analyzing execution history

02Investigating suspicious program execution during incident response triage

03Threat hunting for lateral movement indicators in Windows environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-windows-prefetch-with-python

For use in Claude.ai and ChatGPT

Key Features

01Detection of masquerading binaries through DLL resource comparison

02Structured JSON reporting for integration with SOC workflows

03Identification of common attack tools and anti-forensics utilities

044,121 GitHub stars

05Chronological execution timeline reconstruction with millisecond precision

06Automated parsing of Windows 10/11 MAM-compressed Prefetch files

Use Cases

01Validating security monitoring coverage by analyzing execution history

02Investigating suspicious program execution during incident response triage

03Threat hunting for lateral movement indicators in Windows environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-windows-prefetch-with-python

For use in Claude.ai and ChatGPT