Episode 06 covers the RunMRU artifact that is particularly useful when investigating RubberDucky attacks.
Category: DFIR in 120 seconds
This episode of DFIR in 120 seconds covers Windows Prefetch.
The UserAssist keys carry some value as they indicate the execution of GUI software.
A very important artifact that can show you the name of malware that has long been gone.
Stacking is one of the most powerfull hunting techniques. See a short primer below.