OS Version:
Using triage data that we have extracted from a target machine (typically a cloned copy of the hard drive) to perform forensics, we can determine the OS version from which this data was pulled through the registry. In order to find the OS version, we can use the following registry key:
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Current control set: