Difference between revisions of "Windows NT Registry File (REGF)"

From ForensicsWiki
Jump to: navigation, search
(Created page with "Microsoft Windows NT 4 (and later) uses the '''Windows NT Registry File (REGF)''' to store system and application related data, e.g. configurations, most recently used (M...")
 
(See also)
Line 17: Line 17:
 
== See also==
 
== See also==
  
 +
* [[Windows Registry]]
 
* [http://www.sentinelchicken.com/research/registry_format/ The Windows NT Registry File Format], Timothy D. Morgan
 
* [http://www.sentinelchicken.com/research/registry_format/ The Windows NT Registry File Format], Timothy D. Morgan
 
* [http://downloads.sourceforge.net/project/libregf/Documentation/Windows%20NT%20Registry%20File%20%28REGF%29%20format.pdf Windows NT Registry File (REGF) format]
 
* [http://downloads.sourceforge.net/project/libregf/Documentation/Windows%20NT%20Registry%20File%20%28REGF%29%20format.pdf Windows NT Registry File (REGF) format]
  
 
[[Category:File Formats]]
 
[[Category:File Formats]]

Revision as of 02:03, 15 September 2010

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

MIME types

File signature

The PFF has the following file signature: hexadecimal: 72 65 67 66 ASCII: regf

File types

Contents

The REGF basically contains a hierarchy of keys and values.

See also