CurrentVersion Registry Key
The CurrentVersion registry key will provide you with the current operating system's version, service pack, and date of installation.
Analysis Value
π₯οΈSystem EnumerationOperating System Availability
Windows 11
β
Server 2019
β
Windows 10
β
Server 2016
β
Windows 8
β
Server 2012
β
Windows 7
β
Server 2008
β
Windows Vista
β
Server 2003
β
Windows XP
β
Artifact Location(s)
File:
%SystemRoot%\System32\config\SOFTWAREKey:
SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Artifact Parsers
RegistryExplorer (Eric Zimmerman)
Artifact Interpretation
The ProductName value will provide the OS, such as Windows Server 2019.
The ReleaseId value will provide the version of the specified OS.
The InstallDate is an Epoch timestamp of when the OS was either first installed or received a major update, or was reset.
Example
This example was produced on Windows 10, Version 10.0.19044 Build 19044
Last updated