Windows registry stores two types of data: settings and logs. These are not usual logs, like event logs, but rather some stats or recent activity snapshots.
Hives
C:\Documents and Settings |*\ntuser.dat
C:\Users\ |*\ ntuser. dat
C: \Users\ \*\ntuser.dat. LOG|*
C: \ Users\ |*\ AppData\Local\Microsoft\Windows| UsrClass.dat
C: | Users\|*\ AppData\ Local\Microsoft Windows| UsrClass.dat.LOG|*
C: \Windows\System32\config\SAM. LOG|*
C: Windows\ System32\ config SECURITY. LOG\ *
C: Windows\ System32\ config\ SOFTWARE. LOG| *
C: Windows\ System32\ config SYSTEM. LOG\*
C: \Windows\System32\config\ SAM
C: \Windows\System32\config\ SECURITY
C: \Windows\System32\config\ SOFTWARE
C: \Windows\System32\config\ SYSTEM
C: \Windows\System32\config\RegBack\\*. LOG|*
C: \Windows\System32\config\RegBack\SAM
C: \Windows\System32\config\RegBack\SECURITY
C: \Windows\System32\config\RegBack\SOFTWARE
C: \Windows\System32\config\RegBack\SYSTEM
Registryives: Path: C: \Windows\System32\config\RegBack\SYSTEMI