# CurrentVersion Registry Key

The `CurrentVersion` registry key will provide you with the current operating system's version, service pack, and date of installation.

## Analysis Value

{% content-ref url="../../artifacts-by-activity/system-enumeration" %}
[system-enumeration](https://psmths.gitbook.io/windows-forensics/artifacts-by-activity/system-enumeration)
{% endcontent-ref %}

## Operating System Availability

| Major Version | Support | Major Version | Support |
| ------------- | ------- | ------------- | ------- |
| Windows 11    | ✅       | Server 2019   | ✅       |
| Windows 10    | ✅       | Server 2016   | ✅       |
| Windows 8     | ✅       | Server 2012   | ✅       |
| Windows 7     | ✅       | Server 2008   | ✅       |
| Windows Vista | ✅       | Server 2003   | ✅       |
| Windows XP    | ✅       |               |         |

## Artifact Location(s)

{% tabs %}
{% tab title="🔌 Offline System" %}

* File: `%SystemRoot%\System32\config\SOFTWARE`
* Key: `SOFTWARE\Microsoft\Windows NT\CurrentVersion`
  {% endtab %}

{% tab title="🔋 Live System" %}

* `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion`
  {% endtab %}
  {% endtabs %}

## Artifact Parsers

* RegistryExplorer (Eric Zimmerman)

## Artifact Interpretation

The `ProductName` value will provide the OS, such as `Windows Server 2019`.

The `ReleaseId` value will provide the version of the specified OS.

The `InstallDate` is an Epoch timestamp of when the OS was either first installed or received a major update, or was reset.

## Example

```
PS> Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name *

SystemRoot                : C:\Windows
BaseBuildRevisionNumber   : 1
BuildBranch               : vb_release
BuildGUID                 : ffffffff-ffff-ffff-ffff-ffffffffffff
BuildLab                  : 19041.vb_release.191206-1406
BuildLabEx                : 19041.1.amd64fre.vb_release.191206-1406
CompositionEditionID      : Enterprise
CurrentBuild              : 19044
CurrentBuildNumber        : 19044
CurrentMajorVersionNumber : 10
CurrentMinorVersionNumber : 0
CurrentType               : Multiprocessor Free
CurrentVersion            : 6.3
EditionID                 : Professional
EditionSubManufacturer    :
EditionSubstring          :
EditionSubVersion         :
InstallationType          : Client
InstallDate               : 1666804042
ProductName               : Windows 10 Pro
ReleaseId                 : 2009
SoftwareType              : System
UBR                       : 3086
PathName                  : C:\Windows
ProductId                 : 00330-80000-00000-AA949
DisplayVersion            : 21H2
RegisteredOwner           : user1
RegisteredOrganization    :
InstallTime               : 133112776429018501
```

> This example was produced on Windows 10, Version 10.0.19044 Build 19044