Registry Recon is not just another Registry parser. It’s developed with powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.
Registry Recon is not just another Registry parser. It’s developed with powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.
Registry forensics has long been relegated to analyzing only readily accessible Registries from Microsoft Windows®, often one at a time, in a needlessly time-consuming and archaic way.
Your timelines can now include Registry data that was active, backed up in restore points or volume shadow copies, or carved from unallocated space. While Registry Recon displays unique Registry data by default, seamless access to all instances of particular Registry keys and values is available (with full paths and sector offsets) so your findings can be efficiently authenticated.
Efficient collection of active, backed-up, and even deleted Windows Registry hives from forensic images
Automatic rebuilding of not only the active Registry, but Registries from previous Windows installations
Harness the power of huge volumes of Registry information to see how Registries changed over time
Features
What’s new