Registry Recon


  Registry Recon


Registry Recon is a computer forensics tool used to extract, recover, and analyze registry data from Windows OS. This program can be used to efficiently determine external devices that have been connected to any PC.

Registry Recon, developed by Arsenal Recon, is a powerful computer forensics tool used to extract, recover, and parse registry data from Windows systems. The process of manually scouring Windows Registry files proves to be extremely time consuming and leaves gaping holes in the ability to recover critical information.

What is registry in cyber forensics?

On the Windows system, the registry is a source of evidence against the cyber criminal as it maintains the details of the activity on the system. The digital forensic investigation of the Windows registry helps in collecting forensic information relevant to the case.

Features:


.It supports Windows XP, Vista, 7, 8, 10, and other operating systems.

.This tool automatically recovers valuable NTFS data.

.You can integrate it with the Microsoft Disk Manager utility tool.

.Quickly mount all VSCs (Volume Shadow Copies) VSCs within a disk.

.This program rebuilds the active registry database.

Registry Recon, developed by Arsenal Recon, is a powerful computer forensics tool used to extract, recover, and parse registry data from Windows systems. The process of manually scouring Windows Registry files proves to be extremely time consuming and leaves gaping holes in the ability to recover critical information. What makes this tool superior to others is its capability to examine registry files not only from the current installation of a Windows operating system, but former installations as well. In addition, this application can be used to quickly and efficiently determine external devices that have been connected to the computer. The company’s slogan is, “Computer forensics tools by computer forensics experts.” This tool certainly affirms the slogan!Installation


For the most part, the installation of the product was straightforward. However, installation requires Microsoft Visual Studio C++ 2010 Redistributable and the .NET Framework 4 packages. As shown in Figure 1, you may already have multiple versions of the Redistributable package installed. But each installation contains different libraries.

 Registry “hives” are backed by a set of files that are stored in the Windows\System32\Config folder (SAM, SYSTEM, SECURITY, SOFTWARE, and DEFAULT) or the USERS\username (NTUSER.DAT) folders. Forensic examiners can glean a wealth of information from these registry files, to include: system configuration; devices on the system; users; personal settings and browser preferences; network locations; web browsing activity; programs executed; passwords, and much, much more!

Comments

Popular posts from this blog

CAREER TECHNOLOGY CYBER SECURITY INDIA PVT LTD.

Cyber Security Audits

USB Port Hacking