Registry analysis

Registry analysis

Name

From

Description

ForensicUserInfo Woanware Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
Process Monitor Microsoft Examine Windows processes and registry threads in real time
Registry Decoder US National Institute of Justice, Digital Forensics Solutions For the acquisition, analysis, and reporting of registry contents
RegRipper Harlan Carvey Registry data extraction and correlation tool
Regshot Regshot Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
sbag TZWorks Extracts data from Shellbag entries
USB Device Forensics Woanware Details previously attached USB devices on exported registry hives
USB Historian 4Discovery Displays 20+ attributes relating to USB device use on Windows systems
USBDeview Nirsoft Details previously attached USB devices
User Assist Analysis 4Discovery Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
UserAssist Didier Stevens Displays list of programs run, with run count and last run date and time
Windows Registry Recovery MiTec Extracts configuration settings and other information from the Registry

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.