AnyDesk is a widely used legitimate Remote Desktop (RDP) application that is frequently abused by malicious actors for unauthorized access, often in conjunction with ransomware deployments or Business Email Compromise (BEC) schemes. Because AnyDesk is a portable executable that does not strictly require installation, traditional file system artifacts may be absent. Consequently, the Windows Registry serves as a critical source of forensic artifacts. This paper provides a comprehensive analysis of the AnyDesk registry structure, detailing the locations of configuration data, user permissions, and security tokens, and outlines the forensic significance of these keys in incident response scenarios.