From cybersecurity-skills
Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:analyzing-windows-prefetch-with-pythonThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Windows Prefetch files (.pf) record application execution data including executable names, run counts, timestamps, loaded DLLs, and accessed directories. This skill covers parsing Prefetch files using the windowsprefetch Python library to reconstruct execution timelines, detect renamed or masquerading binaries by comparing executable names with loaded resources, and identifying suspicious progr...
Windows Prefetch files (.pf) record application execution data including executable names, run counts, timestamps, loaded DLLs, and accessed directories. This skill covers parsing Prefetch files using the windowsprefetch Python library to reconstruct execution timelines, detect renamed or masquerading binaries by comparing executable names with loaded resources, and identifying suspicious programs that may indicate malware execution or lateral movement.
windowsprefetch library (pip install windowsprefetch)Gather .pf files from target system's C:\Windows\Prefetch\ directory.
Extract executable name, run count, last execution timestamps, and volume information.
Flag known attack tools (mimikatz, psexec, etc.), renamed binaries, and unusual execution patterns.
Reconstruct chronological execution timeline from all Prefetch files.
JSON report with execution history, suspicious executables, renamed binary indicators, and timeline reconstruction.
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Enforces test-driven development: write failing test first, then minimal code to pass. Use when implementing features or bugfixes.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
6plugins reuse this skill
First indexed Jul 8, 2026
npx claudepluginhub 5mehulhelp5/anthropic-cybersecurity-skills