Episode 06 covers the RunMRU artifact that is particularly useful when investigating RubberDucky attacks.
This episode of DFIR in 120 seconds covers Windows Prefetch.
The UserAssist keys carry some value as they indicate the execution of GUI software.
A very important artifact that can show you the name of malware that has long been gone.
Stacking is one of the most powerfull hunting techniques. See a short primer below.