Registry Recon
-
Price$756
- sales@ArsenalRecon.com
- Website
Harness huge volumes of Registry information to see how Registries changed over time
Registry forensics has long been relegated to analyzing only readily accessible Windows® Registries, often one at a time, in a needlessly time-consuming and archaic way. Registry Recon is not just another Registry parser. Arsenal developed powerful new methods to parse Registry data so that Registries which have existed on a Windows system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.
Registry Recon Features
Unlock the potential of huge volumes of Windows Registry data and see how Registries changed over time.
Reveal
Features
Registry Recon is often very successful rebuilding Registries which have been deleted and only exist in unallocated (deleted) space. It cannot however rebuild Registries if they have been overwritten – for example, if a data scrubbing tool has been used to overwrite unallocated space.
Registry Recon supports adding forensic images in EnCase (E01) and raw (dd) formats, VHD disk images, physically mounted slave drives, and the contents of directories as evidence.
Registry Recon requires Microsoft Windows 7 or later, .NET 4, and the Visual C++ 2010 Redistributable Package (x86/x64).
Add a review