Written by James McDonald

July 8, 2024

Just had to find the operating system of a remote computer so I copied the C:\Windows\System32\config\software.sav (the software hive file is locked by the OS so used the .sav instead) file to Ubuntu 2024 Linux and used hivexget to read the “ProductName”

sudo apt-get install libhivex-bin

hivexget ./software.sav 'Microsoft\Windows NT\CurrentVersion'

"CurrentBuild"="1.511.1 () (Obsolete data - do not use)"
"ProductName"="Microsoft Windows XP"


