Registry Decoder: Digital registry forensics

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Registry Decoder is a free and open source tool for the acquisition, analysis, and reporting of registry contents.

It comes with an online acquisition component and an offline analysis component. All functionality contained within the two components is exposed to a graphical user interface, and the tool aims to provide even novice investigators with powerful analysis capabilities.

Another goal of Registry Decoder is to become the project in which all future registry-related research is performed in and developed for.

New features in version 1.1 include:

  • Support for processing Encase (E01) files and split images
  • Full wildcard searching
  • Adding evidence after a case is created
  • Exporting of paths and their key/value pairs
  • Timelining of keys from the GUI into the Sleuthkit format
  • Running plugins from the command line
  • Running custom plugins outside the main executable/package
  • Support for dual boot machines.