Windows Prefetch Forensics

Windows prefetch file system has an important place in cyber forensics. The prefetch system was implemented in order to improve the performance of the windows operating system. It prefetches the program into the system memory before the user actually uses it. In this way, it makes the whole process faster. The windows prefetch system helps us a lot in cyber forensics. It gives us information about the programs that have been run on the system, the last time the program was used, how many times it has been used and the path were the exe file is located. For example, let us assume that the suspect has used any prohibited software or program on the system. With the help of prefetch system, we can find out whether the suspect has actually used that particular program or software or not. Let us see its practical in the video below: