Prefetch files store valuable information about the behavior of applications, which can be used for memory security forensics, system resources auditing, and rootkit detection. Many malicious activities can leave distinguishable traces in prefetch files. Even fileless malware, which are memory resident malicious programs, can leave residual trails in prefetch files after deleting their presence from the file system. Leveraging these unique features, Drexel’s researchers have now come up with an innovative light-weight behavioral malware detection technique based on Microsoft Windows prefetch files. The technique uses online machine learning algorithms and data from prefetch files to detect benign applications from malicious ones. It has no run-time overhead during the detection because it is only needed during the training process. Moreover its capable of adapting to new changes in platforms and can scale to large data without affecting its run-time performance. The malware detection achieves a high detection rate and near zero false positive rate and is also resilient to evasive malware.