Getting Started with Windows Prefetch

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·6h ago
https://www.tcm.rocks/certs-y - New forensics coursework (and possible cert) coming later this year! Until then, check out our existing blue team certifications, like the PSAA (Practical SOC Analyst Associate) and PSAP (Practical SOC Analyst Professional). What is Windows Prefetch? And why does Windows use it? Most importantly, how can we use it to our advantage as forensic examiners? It turns out, Windows Prefetch can provide some solid evidence of program execution. You can learn a surprising amount from it - even without using any forensic tools. Andrew Prince walks you through all of the…
Watch on YouTube ↗ (saves to browser)

Chapters (8)

Introduction
0:44 What is Windows Prefetch?
2:43 Prefetch Configuration
5:40 Prefetch Files
8:58 Parsing Prefetch Files
11:49 Hunting Anti-Forensics
13:14 Scaling Prefetch Analysis
16:05 Conclusion
How your ISP tracks you (even with encrypted DNS)
Next Up
How your ISP tracks you (even with encrypted DNS)
David Bombal