Forensic Tools logo
    • Home
    • Forensic Tools
    • Insights
    Sign in or Register

    Registry Recon

    • Price
      $756
    • sales@ArsenalRecon.com
    • Website
    • Profile
    • Reviews 0
    • prev
    • next
    • Bookmark
    • Share
    • Send an email
    • Leave a review
    • prev
    • next
    Gallery
    Description

    Harness huge volumes of Registry information to see how Registries changed over time

    Registry forensics has long been relegated to analyzing only readily accessible Windows® Registries, often one at a time, in a needlessly time-consuming and archaic way. Registry Recon is not just another Registry parser. Arsenal developed powerful new methods to parse Registry data so that Registries which have existed on a Windows system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.

    Registry Recon Features
    Unlock the potential of huge volumes of Windows Registry data and see how Registries changed over time.

    Reveal

    • Application usage
    • Recently accessed files
    • Removable storage activity
    • Network connections
    • Malware remnants
    • Usernames and Passwords

    Features

    • Efficient harvesting of Registry data from entire disk images
    • Resurrection of Registries long since forgotten
    • Access to enormous amounts of deleted Registry data
    • Unique keys and values shown by default in historical fashion
    • Seamless access to all instances of keys and values
    • Windows restore point and Volume Shadow Copy support
    • Ability to view keys (and their values) at particular points in time
    • Automatic decoding of particularly interesting Registry keys

    Registry Recon is often very successful rebuilding Registries which have been deleted and only exist in unallocated (deleted) space. It cannot however rebuild Registries if they have been overwritten – for example, if a data scrubbing tool has been used to overwrite unallocated space.

    Registry Recon supports adding forensic images in EnCase (E01) and raw (dd) formats, VHD disk images, physically mounted slave drives, and the contents of directories as evidence.

    Registry Recon requires Microsoft Windows 7 or later, .NET 4, and the Visual C++ 2010 Redistributable Package (x86/x64).

    Technical Specifications
    • Supported Platforms
      Windows
    • Supported Sources
      Computer, Server, 3rd Party Device
  • No comments yet.
    • Add a review

    Leave a Reply · Cancel reply

    You must be logged in to post a comment.

    You May Also Be Interested In

    MAGNET AXIOM

    MAGNET AUTOMATE Enterprise

    MAGNET IGNITE

    • About Us
    • Privacy Policy
    • Contact Us

    © 2024 – Lexeprint Inc.

    Cart

      • Facebook
      • Twitter
      • WhatsApp
      • Telegram
      • LinkedIn
      • Tumblr
      • VKontakte
      • Mail
      • Copy link
      Manage Consent
      To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
      Functional Always active
      The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
      Preferences
      The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
      Statistics
      The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
      Marketing
      The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
      Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
      View preferences
      {title} {title} {title}

      Subscribe to Our Newsletter!

      * indicates required






      Please select all the ways you would like to hear from :


      You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

      We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.