Go here for more info
http://binaryforay.blogspot.com/2016/01/pecmd-v0600-released.html
Prefetch Explorer Command Line
PECmd version 0.5.0.0
Author: Eric Zimmerman ([email protected])
https://github.com/EricZimmerman/PECmd
d Directory to recursively process. Either this or -f is required
f File to search. Either this or -d is required
k Comma separated list of keywords to highlight in output. By default, 'temp' and 'tmp' are highlighted. Any additional keywords will be added to these.
json Directory to save json representation to. Use --pretty for a more human readable layout
pretty When exporting to json, use a more human readable layout
Examples: PECmd.exe -f "C:\Temp\CALC.EXE-3FBEF7FD.pf"
PECmd.exe -f "C:\Temp\CALC.EXE-3FBEF7FD.pf" --json "D:\jsonOutput" --jsonpretty
PECmd.exe -f "C:\Temp\CALC.EXE-3FBEF7FD.pf" -k "system32, fonts"
PECmd.exe -d "C:\Windows\Prefetch"