Windows Registry Recovery

Martin Brinkmann
Dec 20, 2008
Data recovery, Software, Windows

Windows Registry Recovery is a software program that has been designed to recover data after a computer crash. It was designed to extract data from the Registry hives of a crashed system with the option to analyze and export these information to import them on a new computer system.

Why could this be important? The Windows Registry contains important information about configured devices, users, software programs, network configurations or services and drivers and it might be faster and easier to copy those settings to the new installation instead of configuring the system manually.

The data recovery program can read all Registry hives. The hives can be found in the Windows\System32\config directory and can only be loaded if they are not in use. This is usually the case if you are accessing a crashed installation from a new system,

Data can be exported into Regedit4 format which makes it easy to import it to a different system. It is also possible to save the data as CSV files to analyze them in other applications.

Windows Registry Recovery provides access to the following information:

  • File Information - In this explorer you can see basic file properties and checksums.
  • Security Record Explorer - Displays all security records used in registry. Usage counter, owner SID, group SID, list of affected keys and list of SACL and DACL is displayed for every record with flags and permissions enumerated. This explorer is available only for NT based system registry hives.
  • SAM - Displays Machine SID and part of SYSKEY. Enumerates local user and group accounts and some of their properties. This explorer is available only for NT based system registry SAM hive.
  • Windows Installation - Displays Windows name, ID and key, install date and user registration info. Enumerates installed software with descriptions and install date and list of installed hotfixes wih description. This explorer is available only SOFTWARE registry hive (Product ID and key are extracted in SYSTEM hive too).
  • Control Set - Displays all configured devices that worked on host machine. They are displayed in "like Device Manager" tree with some properties. This explorer is available for SYSTEM registry hive.
  • User Data - Displays user and machine name and tree based Start menu for selected USER hive. This explorer is available for USER registry hive.
  • Startup Applications - Enumerates applications that are registered to be run after startup. This explorer is available for SOFTWARE registry hive.
  • Services and Drivers - Enumerates all installed services and drivers with properties. This explorer is available only for NT based system registry SYSTEM hive.
  • Network Configuration - Displays all installed network clients, protocols and services. Enumerates all defined network connections with its TCP/IP configuration. This explorer is available only for NT based system registry SYSTEM hive.
  • Environment - Displays all environment variables. This explorer is available only for NT based system registry SYSTEM hive.
  • Shell Folders - Displays shell folders (folders known to system). This explorer is available only for NT based system registry SYSTEM hive.
  • Outlook Express - Digs out all Outlook Express accounts and their settings. This explorer is available only for NT based system registry USER hive.
  • Raw Data - This explorer displays whole registry in known tree format. Contains powerful searching and data interpreter.

The data recovery software can be downloaded directly from the developers homepage. It is compatible with all Windows versions from Windows 95 to Windows Vista. The software program is fully portable.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Henk said on December 21, 2008 at 1:22 am

    The evident problem with this “recover” approach is its after-crash timing itself. If your system crashed, then there’s a fair chance that the crash’s cause lies within, or is reflected in, that system’s registry data. So if you “recover” that registry, you run the risk of restoring the crash-related data as well, meaning the system may crash the very next time again!
    So a regular **pre-crash** registry backup works much better and safer, because it does make sure you always have some “last-known-good” registry copies at hand. For example, the freeware ERUNT registry backup-and-restore utility can be set to automatically backup the Vista registry at every bootup. If you use this, then apart from a complete System Restore you always have some **working** registry copies at hand. These can be quickly restored using ERUNT, and because the copies are literal copies, even if the system won’t start at all you can copy back a previous registry backup manually (using something like a Ubuntu bootup cd).
    In short, I think the pre-crash approach is safer (and also more logical) than the after-crash restoring discussed above.

  2. Joseph said on December 20, 2008 at 11:28 pm

    This is wonderful and much needed! Thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.