Windows NT Registry File (REGF)

From ForensicsWiki
Revision as of 02:03, 15 September 2010 by Joachim Metz (Talk | contribs)

Jump to: navigation, search

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

MIME types

File signature

The PFF has the following file signature:

hexadecimal: 72 65 67 66

ASCII: regf

File types

Contents

The REGF basically contains a hierarchy of keys and values.

See also