Registry Analysis

analyzing-windows-shellbag-artifacts helps DFIR analysts interpret Windows Shellbag registry artifacts to reconstruct folder browsing, deleted-folder access, removable media use, and network share activity with SBECmd and ShellBags Explorer. It is a practical analyzing-windows-shellbag-artifacts guide for incident response and forensics.

analyzing-usb-device-connection-history helps investigate USB device connection history on Windows using registry hives, event logs, and setupapi.dev.log for Digital Forensics, insider threat work, and incident response. It supports timeline reconstruction, device correlation, and removable-media evidence analysis.