Hunting For Attackers’ Tactics And Techniques With Prefetch Files

by

by Oleg Skulkin

Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution.

These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that their names consist of two parts: an executable name, and an eight-character hash of the executable’s location.

Read More

Leave a Comment

Latest Articles

Digital Forensics Round-Up, March 26 2025
News

Digital Forensics Round-Up, March 26 2025

ByForensic FocusMar 26, 2025
What’s Happening At Techno Security Wilmington, June 03 – 05 2025
News

What’s Happening At Techno Security Wilmington, June 03 – 05 2025

ByForensic FocusMar 25, 2025
Oxygen Remote Explorer v.1.8 Is Now Available
News

Oxygen Remote Explorer v.1.8 Is Now Available

ByOxygenForensicsMar 24, 2025
Oxygen Forensics Helps Clients Take Their Data Strategy To The Next Level
News

Oxygen Forensics Helps Clients Take Their Data Strategy To The Next Level

ByOxygenForensicsMar 21, 2025
Forensic Focus Digest, March 21 2025
News

Forensic Focus Digest, March 21 2025

ByForensic FocusMar 21, 2025
Now Available: XRY 11.0, XAMN 8.1, And XEC 7.13  
News

Now Available: XRY 11.0, XAMN 8.1, And XEC 7.13  

ByMSABMar 20, 2025