Windows Systems and Artifacts in Digital Forensics: Part III: Prefetch Files

Windows Systems and Artifacts in Digital Forensics: Part III: Prefetch Files: In this article, I’m going to focus on prefetch files, specifically, their characteristics, structure, points of interest in terms of forensic importance, uses, configuration, forensic value and metadata.

For part one of the series, which discusses the Windows Registry, please visit: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/

For part two of the series, which discusses event logs, deleted data, computer sleep and the erasure of artifacts in Windows, please visit: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-ii/
Windows Prefetch files first appeared in Windows XP, and their purpose is to boost the startup process of launched applications.