Forensic Windows Registry Software Registry Report
Registry Report is a forensic software program for the Windows operating system that can generate Windows Registry reports by loading Registry hives into the software. It should be noted that the Registry software can only load hives that are not currently in use by the operating system and is therefor ideal for analysing Registry hives that have been copied, backed up. The portable software program displays a minimal interface upon system start. The default language is set to German which can be changed by clicking on the extras > Sprache / Language menu entry on the top of the application window. Available languages are English, Japanese, Chinese and Dutch.
Registry hives can be loaded into the software program by clicking on File > Open Registry Files.
A click on File > Create Report or pressing CTRL R will create the report of the selected Registry hive. The report will display various information about the hive which can be summed up as various system settings. Depending on the hives that are loaded in the software information such as Windows accounts and users, Windows services, printers, firewalls, network settings and various other information.
The Ntuser.dat file is probably the most interesting hive that can be loaded in the Registry software as it displays recently opened documents, recently opened applications and last typed applications. The settings can be used to add or remove data from the report. Various modules are not enabled by default. Enabling them can increase the depth of the report. Registry Report can be downloaded from the developer's website.Advertisement