Have you ever seen files like “Op-EXPLORER.EXE-03C49D11-000000F5.pf“?

TL;DR: these are operation-based prefetch files. An application can ask the NT kernel to record I/O traces for specific operations, either on a per-application or per-thread basis. Then, these traces will be used to prefetch file access requests for that application.

Continue reading “Operation-based prefetching” →