Prefetch Question

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Forensic_Tester 3 hours ago

1 Posts

1 Users

0 Reactions

33 Views

RSS

Forensic_Tester

(@forensic_tester)

New Member

Joined: 3 hours ago

Posts: 1

Topic starter 07/08/2025 8:19 am

Hello All,

I have a question regarding Windows prefetch. Working on the rule of thumb that the creation timestamp is the first time the executable has been run, my CMD and powershell prefetch files have very recent creation timestamps, and I know I have used them numerous times in the past. There are not 1024 entries in the path, and I cannot understand this. There are also not numerous entries with an earlier date. Can anyone explain this?

Cheers

Quote

Forum Jump:

Previous Topic

Currently viewing this topic 2 guests.

Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 3 hours ago
Webinar: Collaborative Forensics: Overcoming Challenges In Multi-Jurisdictional Investigations

Discover expert strategies for cross-border investigati...

By Zoe , 7 days ago
🔍 Seeking Collaborators for AI-Enhanced Digital Forensics Project

Hey everyone! I'm working on an exciting project that c...

By etinoxa , 1 week ago

8 Forums
15.7 K Topics
92.3 K Posts
193 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed