REGISTRY RECON

Registry Recon is not just another Registry parser. It’s developed with powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.

Are you intersted in this product?

1300 55 33 24

contact@cdfs.com.au

Quote Request

REGISTRY RECON

Registry Recon is not just another Registry parser. It’s developed with powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.

Registry forensics has long been relegated to analyzing only readily accessible Registries from Microsoft Windows®, often one at a time, in a needlessly time-consuming and archaic way.

Your timelines can now include Registry data that was active, backed up in restore points or volume shadow copies, or carved from unallocated space. While Registry Recon displays unique Registry data by default, seamless access to all instances of particular Registry keys and values is available (with full paths and sector offsets) so your findings can be efficiently authenticated.

  • Browse rebuilt and resurrected Registries
  • Use Key History to view a key’s values at a particular time
  • View values in a unique and historical fashion
  • Seamless access to all instances of a particular value, both n term of time and source

One-Click Harvesting

Efficient collection of active, backed-up, and even deleted Windows Registry hives from forensic images

 

Registry Reconstruction

Automatic rebuilding of not only the active Registry, but Registries from previous Windows installations

Recon View

Harness the power of huge volumes of Registry information to see how Registries changed over time

Features

  • Intuitive and efficient workflow
  • Resurrection of Windows Registries long since forgotten
  • Access to enormous amounts of deleted Registry data
  • Unique keys and values shown by default in historical fashion
  • Seamless access to all instances of keys and values
  • Windows restore point and volume shadow copy support
  • Ability to view keys (and their values) at particular points in time

 

What’s new

  • Fixed “All Locations” string highlighting in Search
  • Fixed a particular kind of SQLite crash
  • Updated integration with Arsenal Image Mounter
  • Fixed automatically decoded UserAssist date/time sorting
  • Added search filter for Registry key (LastWriteTime) date/times
  • Added search filter for Value Data size (Value Data search only)
  • Search now takes ROT13 decoded data into account
  • Better handling of hives containing multiple root keys
  • Multiple performance improvements
/* Omit closing PHP tag at the end of PHP files to avoid "headers already sent" issues. */