Difference between revisions of "Windows NT Registry File (REGF)"

From ForensicsWiki
Jump to: navigation, search
(See also)
(File signature)
Line 6: Line 6:
  
 
The PFF has the following file signature:
 
The PFF has the following file signature:
 +
 
hexadecimal: 72 65 67 66
 
hexadecimal: 72 65 67 66
 +
 
ASCII: regf
 
ASCII: regf
  

Revision as of 03:03, 15 September 2010

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

MIME types

File signature

The PFF has the following file signature:

hexadecimal: 72 65 67 66

ASCII: regf

File types

Contents

The REGF basically contains a hierarchy of keys and values.

See also