Some useful scripts for extraction and correlation of forensic artifacts in Windows Registry
Some interesting scripts, probably outdated but still useful.
During her research she realised a set of bash script for forensic interpretation of Windows registry keys, including UserAssist and the keys related to USB devices.
A useful starting point for anyone who wants to develop their own analysis scripts.
Below a brief overview:
Collect and preserve registry files
Utility to unzip registry files collected via extraxtreg.sh
Correlate and present registry networking information in a concise manner
Present System information information in a clear and connected manner
Present information about previously connected USB devices in a clear and related manner.
Present information about users in a clear and related manner