lol...thanks nihil...yes, you are correct, I would indeed be owned...

From a forensics standpoint though, let's say I have an employee whom I suspect is stealing company secrets...he manages to install a keylogger on my system...if I were able to coroborate the time a keylogger was installed, with my event logs, or my firewall logs, or my video surveillance, then I would have stronger evidence against the employee.

Files have dates of creation, dates modified, and dates accessed....it was logical to me that the registry would have the same information....again, I'm looking at it from a forensics standpoint, not a prevention standpoint...

If I can narrow my search parameters, then I save time....