Share

Windows File Analyzer is a portable computer forensics tool which analyzes key Windows and application files to tell you more about how a PC is being used.

Click File > Analyze Prefetch and browse to \Windows\Prefetch, for example, and the program decodes your system prefetch files to display information about the programs you've been running. (Assuming prefetch is enabled, anyway - if you have an SSD then it may be turned off.)

On our test system we could sort the list by "Last Accessed" and see all the executables we'd launched for the past few days, along with other EXEs run by Windows or our applications.

Clicking File > Analyze Shortcuts and pointing the program at a folder of shortcuts displayed even more information: the shortcut file name, path, created/ written/ last used dates, file sizes, volume data, network information and more.

There are also tools to display the contents of various thumbnail databases, including Windows' old Thumbs.db, ACDSee's *.fpt, Google Picasa's *.db, FastStone Viewer's fsviewer.db and HP Digital Imaging's *.db or *.dat files.

Other modules can report on old Internet Explorer (IE9 or earlier) Index.dat files or analyze Recycle Bin Info2 files.

What's new?
    - Visual fixes

Verdict ratingsratingsratingsratingsratings

Windows File Analyzer is very old - the "target platforms" list stops at Windows 7, the "guidance" PDF is dated 1995 - and it doesn't offer much help on how to get started.

Despite that, it was reasonably easy to get some useful information on our Windows 8 test PC (analyzing \Windows\Prefetch, and running the Shortcut Analyzer on our desktop). Although even here, some of the fine detail, like the "Run Counts" on our prefetch files, seemed to be wrong.

Still, there's no penalty in trying it, no installation hassles or anything else. If you're at all interested in PC forensics then it's worth a look.