Here is a copy of the presenation I did for SecureWorld 2009 Detroit:

The Forensics Gold Mine of the Windows Registry in PDF format.

I am planning on doing a SANS blog on tracking USB devices for October. I have a good examples in mind. It should make it even clearer.

I would also like to thank Jolanta Thomassen, Harlan Carvey, and T.D. Morgan for their research into the Windows registry.

Also, Harlan has an excellent book out called "Windows Forensic Analysis." It is definetly worth picking up. Harlan has an entire chapter dedicated to registry forensics and his tools regripper.

Also if your visiting check out my forensics tools. I am planning on releasing more Data Carver Processors in October.