Windows NT Registry File (REGF)

From ForensicsWiki
Revision as of 15:02, 15 October 2010 by Joachim Metz (Talk | contribs)

Jump to: navigation, search

Microsoft Windows NT 4 (and later) uses the Windows NT Registry File (REGF) to store system and application related data, e.g. configurations, most recently used (MRU) files,

MIME types

File signature

REGF has the following file signature:

hexadecimal: 72 65 67 66

ASCII: regf

File types

Contents

The REGF basically consists of a set of hive bins. These hive bins contain cells that make up a hierarchy of keys and values.

See also