Windows Registry Forensics


Describe the System & User Hives in the Windows Registry:

1) What information is retained in the System hive?

2) Specifically, what security incident information could be gleaned from the System Hive?

3) What information is maintained in the User Hive of the Windows Registry?

4) In general, what information could be gleaned from the User Hive in a forensics investigation? 

600 words