Difference between revisions of "Windows NT Registry File (REGF)"

From Forensics Wiki
Jump to: navigation, search
(See also)
(File signature)
Line 6: Line 6:
  
 
The PFF has the following file signature:
 
The PFF has the following file signature:
 +
 
hexadecimal: 72 65 67 66
 
hexadecimal: 72 65 67 66
 +
 
ASCII: regf
 
ASCII: regf
  

Revision as of 02:03, 15 September 2010

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

Contents

MIME types

File signature

The PFF has the following file signature:

hexadecimal: 72 65 67 66

ASCII: regf

File types

Contents

The REGF basically contains a hierarchy of keys and values.

See also