What hives and entries are forensically interesting when doing an investigation?

Hives seen when doing an investigation include system hives (including hardware and software information), software hives, which includes any software downloaded on the devices, security hives which include checking security settings and password policies (can be how the victims security is set up as well), and NTUSER.DAT (which looks at user settings). As far as entries go there is the window registry, which shows what happened and when exactly it occured. This includes the information in files that was potentially changed or edited or even just accessed. You can use the tools listed below to figure out that information.

What forensic tools are available?

Some forensic tools that are available for digital forensics are Wireshark, which is used for protocol analysis by capturing network traffics. Magnet RAM Capture accesses computer RAM to recover and analyze data stored in the memory. Autopsy is a platform that allows for timeline analysis and hash filtering. FTK Imager which preserves copies of evidence and analyzes the images without changing the evidence.

Sources:
https://www.forensicscolleges.com/blog/resources/guide-digital-forensics-toolsLinks to an external site.

https://www.hackingarticles.in/forensic-investigation-windows-registry-analysis/Links to an external site.