Tags: forensics
Rating: 5.0
**tl;dr**
+ Digging into windows registry to find process run counts.
+ Extracting and parsing AmCache to find the hash of process images.
To view to full writeup, click [here](https://blog.bi0s.in/2020/06/07/Forensics/Defenit20-USB2/)