Registry forensics has long been relegated to analyzing only readily accessible Windows Registries, often one at a time, in a needlessly time-consuming and archaic way. Registry Recon is not just another Registry parser. Arsenal developed powerful new methods to parse Registry data so that Registries which have existed on a Windows® system over time can be rebuilt, providing unique insight into how Registry data has changed over time. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel.
“ Registry Recon helps cut through tedious work and recovers valuable information that is not available without burning enormous amounts of time.”
— Dennis O’Connor, Senior Investigator, U.S. Department of Labor
“ Registry Recon is a game changer. It allows an analyst to retrieve and work with valuable Registry data that would otherwise be lost or extremely difficult to recover.”
— Sean Cavanaugh, Forensic Analyst
“Typically my experiences with new digital forensic tools don’t turn out well. Registry Recon is the exception to this rule. I was quickly able to determine that a system I was analyzing had been compromised a full 6 months earlier than anyone realized, based on information Registry Recon recovered from unallocated space. It’s safe to say that Registry Recon has become part of my analysis toolkit.”
— Bill Spernow, Chief Forensic Advisor, Law & Forensics, Inc. and former Forensics and Incident Response Research Director with the Gartner Group, Inc.
“With other tools, each Registry file has to be analyzed separately in a very time-consuming fashion. With Registry Recon , large numbers of Registry files from both allocated and unallocated space are merged into Recon Registries. I am now able to see how the Registry has changed over the life of both currently and previously installed operating systems.”
— Stephen Swanson, President, Computer Forensic Services, LLC
“The sheer volume of Registry data that Registry Recon finds, and the methods used to visualize it, are astounding. We were able to analyze a nearly complete Registry from a previous installation of Windows