Registry

General info

  • System hives refer to SYSTEM, SECURITY, SOFTWARE, SAM

    • Path : %systemroot%\System32\config

  • User hives refer to

    • ntuser.dat

      • Path : drive:\users\<profile>\ntuser.dat

      • Map : HKEY_USERS\SID - HKEY_CURRENT_USER

    • usrclass.dat

      • Path : drive:\AppData\Local\Microsoft\Windows\usrclass.dat

      • Map : HKEY_USERS\SID\Software\Classes - HKEY_CURRENT_USER\Software\Classes

Host information

Item
Key

Hostname

SYSTEM\ControlSetX\Control\ComputerName\ComputerName

Timezone

SYSTEM\ControlSetX\Control\TimeZoneInformation

OS Versions

SOFTWARE\Microsoft\Windows NT\CurrentVersion

Install dates

SOFTWARE\Microsoft\Windows NT\CurrentVersion

OS Owner

SOFTWARE\Microsoft\Windows NT\CurrentVersion

OS Organization

SOFTWARE\Microsoft\Windows NT\CurrentVersion

IP

SYSTEM\ControlSetX\Services\Tcpip\Parameters\Interfaces

Domain

SYSTEM\ControlSetX\Services\Tcpip\Parameters\Domain

Users

SAM\Domains\Account\Users

PreviousNTFSNextMISC

Last updated

Was this helpful?