Windows Registry

From ForensicsWiki
Revision as of 19:13, 18 November 2008 by .FUF (Talk | contribs)

Jump to: navigation, search


  • Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]
  • [1]


Open Source

  • reglookup — "small command line utility for reading and querying Windows NT-based registries."
  • regviewer — a tool for looking at the registry.
  • RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."


See Also