tag:blogger.com,1999:blog-443344754704959046.post2659931141645980691..comments2024-03-19T00:07:10.134-07:00Comments on Invoke-IR: What's New in the Prefetch for Windows 8??Anonymoushttp://www.blogger.com/profile/00418494025739956012noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-443344754704959046.post-62162534555637539762014-01-11T09:45:33.325-08:002014-01-11T09:45:33.325-08:00Chad I find your investigation very useful. I am l...Chad I find your investigation very useful. I am looking forward to having it available.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-443344754704959046.post-1435620652600658542013-12-06T09:20:08.712-08:002013-12-06T09:20:08.712-08:00Thanks Jared for the detailed explanation. I was w...Thanks Jared for the detailed explanation. I was wondering if there are any tools out in the community that parses these 8 latest timestamps from the prefetch files.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-443344754704959046.post-86803216477429056302013-10-08T05:51:53.832-07:002013-10-08T05:51:53.832-07:00Do you have the relevant offsets and lengths for p...Do you have the relevant offsets and lengths for pre windows 8 prefetch files you can share?Anonymoushttps://www.blogger.com/profile/09622092264218597848noreply@blogger.comtag:blogger.com,1999:blog-443344754704959046.post-38629315807572679672013-10-01T19:50:54.332-07:002013-10-01T19:50:54.332-07:00a few typos, but otherwise concise. well done ;)a few typos, but otherwise concise. well done ;)patch-tuesday.nethttps://www.blogger.com/profile/10457957961275262172noreply@blogger.comtag:blogger.com,1999:blog-443344754704959046.post-79066947185016170682013-09-30T20:47:47.619-07:002013-09-30T20:47:47.619-07:00Great find Jared. Thanks for sharing and for writi...Great find Jared. Thanks for sharing and for writing up your approach so well. Articles like this are a real benefit for everyone. Nick Kleinhttp://www.kleinco.com.aunoreply@blogger.comtag:blogger.com,1999:blog-443344754704959046.post-56353463160195846642013-09-30T10:12:35.728-07:002013-09-30T10:12:35.728-07:00Jared -
Awesome work! Few artifacts can beat Pref...Jared -<br />Awesome work! Few artifacts can beat Prefetch for evidence of application execution, and even more so with these new Win8 features. Unfortunately we are going to see less of it as SSDs become more prevalent. Readers should keep in mind that prefetching can be turned back on via Group Policy for these devices. While your at it, turn it on for your Windows servers as well. -Chad Chad Tilburyhttps://www.blogger.com/profile/15453513755465665381noreply@blogger.com