Windows NT Registry File (REGF)

From ForensicsWiki
Revision as of 07:03, 15 September 2010 by Joachim Metz (Talk | contribs) (File signature)

Jump to: navigation, search

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

MIME types

File signature

The PFF has the following file signature:

hexadecimal: 72 65 67 66

ASCII: regf

File types


The REGF basically contains a hierarchy of keys and values.

See also