Location for Windows version


Sep 8, 2007
3
0
#1
Hello everyone,

First time poster here.

Where at in the registry would one look to find out what version of Windows someone is using. (this would be from an image)

Thanks for any help.
 
Dec 31, 2006
3,405
0
#2
Current Control Set (navigate to HKLM\System\Select to determine which is the Current)
SOFTWARE\Microsoft\Windows NT\CurrentVersion

"Windows Forensic Analysis" from Harlan Carvey is a great resource for this type of information and some good tools as well.
 
Dec 31, 2006
3,405
0
#3
keydet89 said:
Thanks for the recommendation on the book!
Gotta give credit where credit is due. The Perl book is on its way via USPS. I'll have to see if my old programming skills from my college days come flooding back or if all those brain cells have long since died off.
 
Sep 2, 2004
70
6
#4
I do hope you enjoy the book.

The funny thing is that since the book was published, I've had the opportunity to work on other things. For example, I just created/released a tool called RegRipper, which is a plugin based tool for extracting information from Registry hive files. So far, the folks who've used it appear to be happy with it, and I just keep churning out plugins!

Just something to look forward to...the RegRipper is a great complement to ch 4 of the book.

Thanks again,

H
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu