Hunting For Attackers’ Tactics And Techniques With Prefetch Files

by Oleg Skulkin

Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution.

These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that their names consist of two parts: an executable name, and an eight-character hash of the executable’s location.

Read More

Leave a Comment

Latest Articles