Home
Tool Search
Forensic Tool Taxonomy
Vendors
Contacts
Forensic Tool Functionalities
Deleted File Recovery
Disk Imaging
Email Parsing
Forensics Boot Environment
Forensic Tool Suite (Mac Investigations)
Forensic Tool Suite (Windows Investigations)
Hardware Write Block
Hash Analysis
Media Sanitization/Drive Re-use
Memory Capture and Analysis
Mobile Device Acquisition and Analysis
P2P Analysis
Remote Capabilities / Remote Forensics
Social Media
Software Write Block
Steganalysis
String Search
Windows Registry Analysis
Suggest new Forensic Tool Functionality
Home
> Tool Search
Search for forensic tools by functionality
find all Windows Registry Analysis tools
refine by search parameters
Forensic Functionality:
Windows Registry Analysis
Technical Parameters:
Tool host OS / runtime environment:
Input data type(s):
Automated hive extraction and parsing:
Registry rebuilding:
Deleted key recovery:
Key and value instance display:
Pre-built reports:
any
Windows
Mac
Linux
any
raw (dd)
EnCase Evidence File Format Version 2 (.ex01)
Expert Witness (.e01)
virtual disk format (e.g., .vdi, .vhd, .vmdk)
physically mounted slave drive
loose hive(s)
any
active Registry
active file system
Windows restore points
volume shadow copies
unallocated space
automated hive extraction and parsing not supported
any
supports Registry rebuilding
Registry rebuilding unsupported
any
supports deleted key recovery
deleted key recovery not supported
any
supports display of key and value instances
no support for displaying key and value instances
any
support for pre-built reports
pre-built reports not supported