Windows NT Registry File (REGF)
REGF has the following file signature:
hexadecimal: 72 65 67 66
There are multiple types of REGF files:
- normal (data) file
- transaction log file
In Vista the Transactional Registry (TxR) was introduced. TxR creates transaction log files similar to:
TxR is similar to Transactional NTFS (TxF) and uses the Common Log File System (CLFS).
The REGF basically consists of a set of hive bins. These hive bins contain cells that make up a hierarchy of keys and values.