Windows Registry
Dan Tobias (Talk | contribs) |
|||
Line 2: | Line 2: | ||
|formattype=electronic | |formattype=electronic | ||
|subcat=System files | |subcat=System files | ||
− | |extensions={{ext| | + | |extensions={{ext|dat}} |
}} | }} | ||
− | The [[Windows Registry]] is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. | + | The [[Windows Registry]] is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. Registry contents are stored in several separate files called hives, whose location and format differ by version of Windows. |
== Windows 3.11 == | == Windows 3.11 == | ||
Line 23: | Line 23: | ||
== .REG files == | == .REG files == | ||
− | + | {{FormatInfo | |
+ | |formattype=electronic | ||
+ | |subcat=System files | ||
+ | |extensions={{ext|reg}} | ||
+ | }} | ||
Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4". | Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4". | ||
== Links == | == Links == | ||
− | + | * [https://github.com/libguestfs/hivex hivex] | |
* [http://www.forensicswiki.org/wiki/Windows_Registry Forensics Wiki: Windows Registry] | * [http://www.forensicswiki.org/wiki/Windows_Registry Forensics Wiki: Windows Registry] | ||
* [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | * [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] |
Revision as of 22:10, 7 March 2015
The Windows Registry is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. Registry contents are stored in several separate files called hives, whose location and format differ by version of Windows.
Contents |
Windows 3.11
The registry file is called REG.DAT and is in the %WINDIR% directory (the directory configured as the one holding system files).
Windows 9x, ME
The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories.
Windows NT and up
The registry is stored in binary files in %SystemRoot%\System32\Config\.
.REG files
Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4".