Prefetching is an excellent Windows Vista/ 7/ 8 performance-boosting technology where the system monitors applications as they start, detects any dependent files they might need, and preloads them when the program next starts. This can drastically cut down disk access times as an application switches from one file to another, making a real difference to your system boot and application launch times.
There’s more to prefetching than PC optimisation, though. You can also use this data to monitor which programs are being launched on your system, and when. And you can view the files a program accesses when it first starts, which could be useful when troubleshooting. All you need is a forensics tool like Sanderson Forensic’s Prefetcher to interpret the data for you.
After a simple installation, the program must be launched as an administrator. Operation is then very straightforward: click File > Open Folder, the default Windows prefetch folder(\Windows\Prefetch) will be selected, and all you have to do is click OK and wait for the finished analysis.
The Prefetcher report appears in four tables, the most interesting being on the left. This lists every program which has been launched on your system recently, either automatically – at boot time, say – or by a user, along with a “last executed” time.
(You don’t see anything? Prefetcher needs to be run on a Vista or later system. Prefetching must be turned on; it could be disabled if you have an SSD. And you really do need to run the program as an administrator, as you won’t see a warning if you forget. Close Prefetcher and try it again).
If you do see the report, though, you can get more information just by clicking any program in the left-hand list and checking the three right-hand tables. The bottom one displays some of the most recent launch times (sometimes the same time would be listed more than once, we’re not sure why), while the others show the dependent files and folders accessed when your target application first starts.
In theory you can also click the “last executed” column header to sort by launch time, making it easy to see what’s been launched today, yesterday, or on some other date. In practice there’s a problem, because the program uses string rather than date ordering (it will sort into an order like 06/11/2013 > 07/09/2013 > 08/10/2013, even when the second number represents the month), but it can still give you at least some idea of how the system is being launched.
Prefetcher also has a powerful filtering system, which you can use to display only the files, folders or dates which interest you (click one of the Customize buttons to find out more). Or you could just copy particular data to the clipboard for analysis elsewhere: simply click any table, press Ctrl+A to select everything, right-click and choose “Copy selected to clipboard”.
There’s plainly a lot of scope for improvement here, but that’s because Prefetcher is really just a proof of concept tool, more about the technical details of what can be done than delivering a super-polished user interface. The program is still a useful way to interpret Windows Prefetch data, though, and if that’s at all interesting to you then we’d recommend you give it a try.