diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58e981555..c8668dbf4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -67,6 +67,8 @@ Thankyou! -->
     3. Added `state_id`, `state` to `Digital Signature` object. #1069
     4. Added `ticket` to `Incident Finding` object. ticket. #1068
     5. Added `domain` to `Uniform Resource Locator` object. #1096
+    6. Added `reg_key` and `reg_value` to `Evidence Artifacts` object. #1078
+
 * #### Platform Extensions
 
 ### Bugfixes
@@ -285,4 +287,4 @@ Thankyou! -->
 
 ## [v1.0.0]
 
-Initial release of OCSF.
\ No newline at end of file
+Initial release of OCSF.
diff --git a/extensions/windows/objects/evidences.json b/extensions/windows/objects/evidences.json
new file mode 100644
index 000000000..18d13ad4e
--- /dev/null
+++ b/extensions/windows/objects/evidences.json
@@ -0,0 +1,36 @@
+{
+  "caption": "Windows Evidence Artifacts",
+  "description": "Extends the evidences object to add Windows specific fields",
+  "extends": "evidences",
+  "attributes": {
+    "reg_key": {
+      "description": "Describes details about the registry key that triggered the detection.",
+      "requirement": "recommended"
+    },
+    "reg_value": {
+      "description": "Describes details about the registry value that triggered the detection.",
+      "requirement": "recommended"
+    }
+  },
+  "constraints": {
+    "at_least_one": [
+      "actor",
+      "api",
+      "connection_info",
+      "data",
+      "database",
+      "databucket",
+      "device",
+      "dst_endpoint",
+      "email",
+      "file",
+      "process",
+      "query",
+      "src_endpoint",
+      "url",
+      "user",
+      "reg_key",
+      "reg_value"
+    ]
+  }
+}