**Official writeup**

tl;dr

+ Extract process last run time from the windows registry.
+ Extract process run count from the windows registry.

Link to writeup: <https://blog.bi0s.in/2020/08/04/Forensics/Investigation-InCTFi2020/>

Author: [stuxn3t](https://twitter.com/_abhiramkumar)

Original writeup (https://blog.bi0s.in/2020/08/04/Forensics/Investigation-InCTFi2020/).