https://xn--e-br-noa.de/ 2026-06-10T22:55:18+00:00 https://xn--e-br-noa.de/ https://xn--e-br-noa.de/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-06-09T15:17:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://xn--e-br-noa.de/doku.php?id=soc:forensics:windows:start&rev=1781018227&do=diff Windows OS Basics Registry * Binary file storage, %WinDir%\System32\config * For OS, applications and users * Classes/Hives (key value store) * HKCR, Classes Root * HKCU, Current User, %UserProfile%\ntuser.dat, mirrored/alias to HKU\SID\ (?)