Demystifying Windows Prefetch (solving real world security problems: hacking and protection)
The purpose of this project is to document the default behaviour of the Microsoft Windows Prefetecher and Superfetch components under the lens of digital forensics. This project covers the various limitations of the Windows Prefetecher which limits its reliability and capabilities as a forensic ar...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162393 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The purpose of this project is to document the default behaviour of the Microsoft Windows
Prefetecher and Superfetch components under the lens of digital forensics. This project covers the various limitations of the Windows Prefetecher which limits its reliability and capabilities as a
forensic artifact.
This paper will cover the default settings bundled with various Windows editions spanning
Windows 10 and 11. Next, various configuration options for Prefetcher, Superfetch and the Sysmain Service are evaluated along with their effects on the creation and retention of prefetch files. Lastly, it covers the various test cases attempted to circumvent the Prefetcher component aiming to recreate techniques attackers may employ. |
|---|