REGISTRY RECON

Registry Recon is not just another Registry parser. It’s developed with powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.

Are you interested in this product?

1300 55 33 24

contact@cdfs.com.au

Quote Request

REGISTRY RECON

Registry forensics has long been relegated to analyzing only readily accessible Windows Registries, often one at a time, in a needlessly time-consuming and archaic way. Registry Recon is not just another Registry parser. Arsenal developed powerful new methods to parse Registry data so that Registries which have existed on a Windows system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.

More information can be found in Arsenal Recon’s FAQ.

 

  • Browse rebuilt and resurrected Registries
  • Use Key History to view a key’s values at a particular time
  • View values in a unique and historical fashion
  • Seamless access to all instances of a particular value, both n term of time and source

 

 

One-Click Harvesting

Efficient collection of active, backed-up, and even deleted Windows Registry hives from forensic images

 

Registry Reconstruction

Automatic rebuilding of not only the active Registry, but Registries from previous Windows installations

 

Recon View

Harness the power of huge volumes of Registry information to see how Registries changed over time

 

 

Requirements

  • REGISTRY RECON requires Microsoft Windows 7 or later, .NET 4, and the Visual C++ 2010 Redistributable Package (x86/x64).

 

Features

  • Intuitive and efficient workflow
  • Resurrection of Windows Registries long since forgotten
  • Access to enormous amounts of deleted Registry data
  • Unique keys and values shown by default in historical fashion
  • Seamless access to all instances of keys and values
  • Windows restore point and volume shadow copy support
  • Ability to view keys (and their values) at particular points in time

 

What’s new

  • Fixed “All Locations” string highlighting in Search
  • Fixed a particular kind of SQLite crash
  • Updated integration with Arsenal Image Mounter
  • Fixed automatically decoded UserAssist date/time sorting
  • Added search filter for Registry key (LastWriteTime) date/times
  • Added search filter for Value Data size (Value Data search only)
  • Search now takes ROT13 decoded data into account
  • Better handling of hives containing multiple root keys
  • Multiple performance improvements