While general techniques for Windows registry analysis during incident response and digital forensics investigations are well known, there are many advanced techniques that are probably not yet in your arsenal. In this session, we will demonstrate these advanced techniques using Registry Decoder in three scenarios: coordinated data exfiltration, malware analysis and defeating anti-forensics.