Episode 06 covers the RunMRU artifact that is particularly useful when investigating RubberDucky attacks.
DFIR120 – RunMRU
Category: DFIR in 120 seconds
DFIR120 – Prefetch
This episode of DFIR in 120 seconds covers Windows Prefetch.
DFIR120 – Userassist
The UserAssist keys carry some value as they indicate the execution of GUI software.
DFIR120 – Shimcache
A very important artifact that can show you the name of malware that has long been gone.
DFIR120 – The power of Stacking
Stacking is one of the most powerfull hunting techniques. See a short primer below.