Tags: forensics 

Rating: 5.0

**tl;dr**

+ Digging into windows registry to find process run counts.
+ Extracting and parsing AmCache to find the hash of process images.

To view to full writeup, click [here](https://blog.bi0s.in/2020/06/07/Forensics/Defenit20-USB2/)

Original writeup (https://blog.bi0s.in/2020/06/07/Forensics/Defenit20-USB2/).