Skip to content

Latest commit

 

History

History
46 lines (36 loc) · 1.26 KB

computer-name.md

File metadata and controls

46 lines (36 loc) · 1.26 KB
Raw

ComputerName Registry Key

The ComputerName registry key will provide the Computer Name of the endpoint.

Analysis Value

  • Endpoint - Enumeration

Operating System Availability

  • Windows 11
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Vista
  • Windows XP
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003 R2
  • Windows Server 2003

Artifact Location(s)

🔋 Live System:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName

🔌 Offline system:

  • File: %SystemRoot%\System32\config\SYSTEM
  • Key: SYSTEM\{CURRENT_CONTROL_SET}\Control\ComputerName\ComputerName

ℹ️ More information on {CURRENT_CONTROL_SET}

Artifact Parsers

  • RegistryExplorer (Eric Zimmerman)

Artifact Interpretation

The ComputerName value's data field will provide the system's configured Computer Name.

Example

PS> Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName" -Name *

ComputerName : HLPC01

This example was produced on Windows 10, Version 10.0.19044 Build 19044