OSForensics™ includes a Prefetch viewer for viewing application execution metrics stored by the operating system's Prefetcher. The Prefetcher is a component that improves the performance of the system by pre-caching applications and its associated files into RAM, reducing disk access. To facilitate this, the Prefetcher collects application usage details such as:
- Application run count
- Last run time
- Files/disks that the application uses while executing
Using this information, forensics investigators can determine a suspect's application usage patterns (eg. "Cleaner" software used recently) and files that have been opened (eg. documents).
