I'm not sure if I undertood very well, but you want to know if Traps can perform a forensic analysis, if is yes, Traps client take the events and send it to ESM, but you can create a rule on ESM to collect forensic or files from the client.
If the issue (registry deleted) was perform when traps was enabled, you need to check your policies, first 'cause traps has the option to protect the services against malware or malintentioned actions, then second if that happend you don't have configured traps correctly.
Check Policies>Forensics, on ESM console.
The best regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!