Windows Registry
Dan Tobias (Talk | contribs) (Created page with "{{FormatInfo |formattype=electronic |subcat=System files }} The Windows Registry is used in various versions of Microsoft Windows to hold a number of configuration setting...") |
Dan Tobias (Talk | contribs) |
||
| Line 2: | Line 2: | ||
|formattype=electronic | |formattype=electronic | ||
|subcat=System files | |subcat=System files | ||
| + | |extensions={{ext|reg}} | ||
}} | }} | ||
The [[Windows Registry]] is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. The location and format differs by version of Windows. | The [[Windows Registry]] is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. The location and format differs by version of Windows. | ||
| − | == Windows 9x == | + | == Windows 3.11 == |
| + | |||
| + | The registry file is called REG.DAT and is in the %WINDIR% directory. | ||
| + | |||
| + | == Windows 9x, ME == | ||
| + | |||
| + | The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories. | ||
* [http://www.forensicswiki.org/wiki/Windows_9x_Registry_File_%28CREG%29 Forensics Wiki: Windows 9x Registry File (CREG)] | * [http://www.forensicswiki.org/wiki/Windows_9x_Registry_File_%28CREG%29 Forensics Wiki: Windows 9x Registry File (CREG)] | ||
| − | == Windows NT == | + | == Windows NT and up == |
| + | |||
| + | The registry is stored in binary files in %SystemRoot%\System32\Config\. | ||
* [http://www.forensicswiki.org/wiki/Windows_NT_Registry_File_%28REGF%29 Forensics Wiki: Windows NT Registry File (REGF)] | * [http://www.forensicswiki.org/wiki/Windows_NT_Registry_File_%28REGF%29 Forensics Wiki: Windows NT Registry File (REGF)] | ||
| + | |||
| + | == .REG files == | ||
| + | |||
| + | Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4". | ||
== Links == | == Links == | ||
| − | * [http://www.forensicswiki.org/wiki/Windows_Registry | + | * [http://www.forensicswiki.org/wiki/Windows_Registry Forensics Wiki: Windows Registry] |
| + | * [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | ||
* [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | * [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | ||
Revision as of 02:03, 25 October 2013
The Windows Registry is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. The location and format differs by version of Windows.
Contents |
Windows 3.11
The registry file is called REG.DAT and is in the %WINDIR% directory.
Windows 9x, ME
The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories.
Windows NT and up
The registry is stored in binary files in %SystemRoot%\System32\Config\.
.REG files
Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4".
