Get evidence of file execution on Windows Systems.
Welcome to the Surviving Digital Forensics series. This class is focused on helping you become a better computer forensic examiner by understanding how to use Windows Prefetch data to prove file use and knowledge – all in about one hour. The class covers prefetch file from Windows XP through Windows 10.
As with previous SDF classes you will learn by doing. The class begins with a brief overview of the Windows Prefetch and an understanding of how it works. Then we will get into a number of validation exercises to see how user activity really affects Windows Prefetch data. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.
Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or with any forensic tool you choose. Therefore you are not just going to learn about the Windows Prefetch but you will learn a method you can use to answer questions that may come up in the future.
- Windows Prefetch – Setup for Practicals
- Windows Prefetch – Running a Program for the First Time
- Windows Prefetch – Program Last Run Time
- Windows Prefetch – Flushing Out Rogue Applications
- Windows Prefetch – Programs Run from USBs
- Windows Prefetch – Proving File Use & Knowledge
- Windows Prefetch – Setup for Student Practical
- Windows Prefetch – Student Practical Questions
- Windows Prefetch – Student Practical Questions – Answers
- Windows Prefetch – Windows 7 vs Windows 8
- Windows Prefetch – Windows 10 Prefetch