Vortex Prefetch

Execution Artifact Analysis

Deep Windows Prefetch (.pf) analysis tool. Decompresses files, patches version bugs, and extracts loaded modules/directories with volume serialization.

• Decompresses MAM-compressed files
• Resolves Volume paths and directory metrics
• Extracts MD5 hashes and signature status