Prefetch Deep Dive

This is the kind of content I enjoy the most. Thank you for your effort in producing such high quality content!

Really liked it a lot. Great length and complete explanations. Thank you, have been learning a lot. Linux forensics would be a great addition.

Extremely valuable! Like all your previous videos, they will be helpful for years to come.

Extremely useful .. expecting more videos like this

Excellent content and explanation on Pre-fetch. I still learned a few new things considering i passed my 508 already :) Looking forward to deep dive videos for AMCACHE, SHIMCACHE and SHELLBAGS

In my opinion these are a little better than the shorts

Thank you for making these, things I learn here get used to help me build better products for users, often in the tiniest details and offhanded comments. It's really appreciated.

Thank you. This was amazing. Would love a dive into Windows Search. How it works, where to look for evidence and how to parse. For instance a user searching for IP before copying to an external drive etc.

Excellent! Thanks 😊 suggestions for new episodes: Mac osX unified logs, Shim cache

Excellent content, can you do a video on ShimCache and AmCache?

Excellent tutorial, keep going one-by-one like this, it helps the community a LOT!

yes please more deep dives thank you! kinda exciting when you have new vids with detailed info, its like sitting at cinema and the show is about to start!

This is a very good video, great effort Audience centric. Appreciated it and look forward to the next deepdive episode.

I wish all your videos are a deep dive ,, it is just a one-stop-shop for the topic

This was excellent. Thank you for such a great explanation of prefetch files.

Really liked the deep dive. Please keep them coming. :)

Great content and the efforts are much appreciated. This is going to help me a lot in preparing for 508. Thanks a lot Richard..!

Thank you @13Cubed!!

After creating my own youtube channel I stumbled across your channel. I really enjoyed your videos and hope to have you as a mentor. I have subscribed to you and look forward to watching your videos.

I saw this, and was clueless earlier, now I know, this is something I would want to do all my life. Maybe Forensics was my love at first sight!
😁

Thank you for all your hard work. I always get help from your content, If we have chance MacOS systems forensics would be super cool

Love the deep dives and would love to see more.

Great new format!!

I found 2 anti-forensics method for prefetch: First is secure delete prefetch folder twice and the second is use USB boot to secure delete prefetch folder.

very cool stuff....easy to learn.

Best channel indeed!

Thank you for the deep dive on prefetch. Really useful 👍🏻

Valuable Content.. Thank you for this..

I think it is a great video about prefetch files.

Thank you for your efforts, appreciated.

Very informative videos, is it possible for you to make detailed video on Windows process and registry analysis.
I know you have created videos on these topics but I am referring to video can cover much more in detail.
Thanks!

This is awesome!!! Thank you!!

Can you bring a Complete Malware Analysis and Reverse Engineering course for absolute beginners so that complete newbies find it easy and can get started easily ? Please ?.....

Fantastic episode. I have question. What tools do you use for windows 10 memory acquisition. Really appreciate your time and efforts to produce such contents.

I know it’s been a bit since this episode, but I still use it occasionally for review, have you seen or looked into malwarearcheology\ARTHIR at all? It’s based on the Kansa framework but extends it to be able to push binaries and retrieve output. Could make for an interesting episode. Thanks for all of this great information!

Very well explained, thanks!

Shimcache would be GREAT. Thank you !!!! Also, I would like to know how to perform threat hunting from parquet files. I have converted it to data frames in python, what do I do next, how do I prepare the report? It doesn't seem to be available anywhere online and I'd love it if you could help me out. GREAT content. loved it.

This is amazing content, keep it coming!

Hey, excellent deep dive! One question, are there any prefetch files generated for the execution of PowerShell scripts, etc?

very good video. thank you!

Thank you so much for the rich content.

Keep going! Nice videos!

premium content, thank you ;)

Like before watching

New to the channel. Excellent content! Thanks!

Thanks for the video...

Amazing Video! Sorry if this is a silly question and is answered elsewhere but I tried to find some reference material regarding how to pass prefetch by hand ( e.g., from Hex) but can't to see if this would be possible. You mentioned that sometimes executable like SVCHost or RunDLL32 will have a separate prefetch file for different command line arguments, is it possible to extract these arguments from the prefetch file itself. again sorry if I misunderstood this

Does anyone know if the prefetch file NTOSBOOT still exists in Win10 systems or was it 8 and prior? Also if it is now gone, has it been replaced by anything? TIA

What is the relation with superfetch ? it’s seems dB files but I did not find any parser for it

Thanks for posting. Asking from a past case: What about ntosboot prefetch? Is it only present on servers, and on by default? (in spite of prefetch being off by default)

How to convert the volume{…} to driver letters in python bro :)

When .DS_Store etc.. Coming ??

If possible can you start Linux forensic training in your channel.

Ok, but I want a simple answer, SSDs are STUPID FAST, especially with high speed DDR 3, 4, and now 5, and soon DDR 6, so why the hell do we need Prefetch, when history tells us that things will get faster? Asking your OS to write useless files to an SSD that is ALREADY fast, is rather pointless right? Am I wrong? Am I right? Can I just disable something stupid like Prefetch and let my ram and SSD do all the heavy lifting?