What Windows registry artifacts are most valuable during a forensic investigation, and what information can each reveal about attacker activity?

Sample answer preview

The Windows registry is one of the richest sources of forensic evidence available to an investigator. It contains configuration data, user activity traces, and system information that can reveal a detailed picture of what occurred on a compromised system.