System Information
Computername
Registry: HKLM\System\CurrentControlSet\Control\Computername\
Software: RegRipper3 (Plugin: compname)
Windows Version
Registry: HKLM\Software\Microsoft\Windows NT\Currentversion\
Software: RegRipper3 (Plugin: winver)
Timezone
Registry:
- HKLM\System\ControlSet001\Control\TimeZoneInformation\
- HKLM\System\CurrentControlSet\Control\TimeZoneInformation\
Software: RegRipper3 (Plugin: timezone)
Network Information
Registry: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{interface-name}
Software: RegRipper3 (Plugin: nic2, networklist)
Shutdown Time
Registry: HKLM\System\ControlSet001\Control\Windows\ShutdownTime\
Event Log:
| Event Source | Event-ID | Description |
|---|---|---|
| System | 1074 | System restart by e.g. Windows Update or user initiates a shutdown or restart. |
| System | 6005 | The Event log service was stopped. |
| System | 6008 | Dirty shutdown will be logged. |
Software: RegRipper3 (Plugin: shutdown), EvtxEcmd (EZ), Event Log Explorer
Windows Startup Time
Event Log:
| Event Source | Event-ID | Description |
|---|---|---|
| System | 12 | The operating system was started at system time 2024-05-28T20:35:17.500000000Z |
| System | 6005 | The Event log service was started. |
Software: EvtxECmd.exe (EZ), Event Log Explorer
Defender Settings
Registry: HKLM\Software\Microsoft\Windows Defender\
Software: RegRipper3 (Plugin: defender)