software:microsoft:windows:info
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| software:microsoft:windows:info [2019/10/22 05:26] – [what version of Windows is installed on a hard drive] superwizard | software:microsoft:windows:info [2019/10/22 05:27] (current) – [what version of Windows is installed on a hard drive] superwizard | ||
|---|---|---|---|
| Line 69: | Line 69: | ||
| < | < | ||
| Step 1: Get the registry hive | Step 1: Get the registry hive | ||
| - | This step is pretty simple. The file is called software and is located in %SYSTEMROOT%\system32\config. You're going to have problems if you try grabbing this file from a running system, but fortunately we have an offline version of the harddrive. Copy that file to a USB stick, or some other device, following your standard evidence collection policies. I also recommend working from an image, not the live drive, if you're doing actual forensic work. | + | This step is pretty simple. The file is called software and is located in %SYSTEMROOT%\system32\config. |
| + | You're going to have problems if you try grabbing this file from a running system, but fortunately we | ||
| + | have an offline version of the harddrive. Copy that file to a USB stick, or some other device, following | ||
| + | your standard evidence collection policies. I also recommend working from an image, not the live drive, | ||
| + | if you're doing actual forensic work. | ||
| </ | </ | ||
software/microsoft/windows/info.1571722015.txt.gz · Last modified: by superwizard