A. The files that make up the registry are stored in %systemroot%/system32/config directory and consist of

  • SAM - HKEY_LOCAL_MACHINE\SAM
  • SECURITY - HKEY_LOCAL_MACHINE\Security
  • software - HKEY_LOCAL_MACHINE\Software
  • system - HKEY_LOCAL_MACHINE\System & HKEY_CURRENT_CONFIG
  • default - HKEY_USERS\.DEFAULT
  • Ntuser.dat - HKEY_CURRENT_USER (this file is stored in %SystemRoot%\Profiles\%username%)

There are also other files with different extensions for some of them

  • .alt - Contains a backup copy of the HKEY_LOCAL_MACHINE\System hive. Only System has a .alt file
  • .log - A log of changes to the keys and values for the hive
  • .sav - A copy of the hive as it looks at the end of the text mode stage in setup