EncryptedRegView reveals encrypted Registry data

Martin Brinkmann
Nov 18, 2016
Updated • Nov 9, 2016
Software
|
13

EncryptedRegView is a free portable program for Microsoft Windows operating systems that reveals encrypted data in the Registry.

The program is another Nirsoft application which means that you can run it from any location without installation. All you need to do is download the archive -- a version for 32-bit and 64-bit versions of Windows is provided -- and extract it afterwards to the local system.

You may use the program to scan the local Registry for encrypted data, or point it to a Registry file in another location instead.

EncryptedRegView scans the Registry based on your selection on the start screen and displays any data that is encrypted with the Data Protection API (DPAPI). This API is used by Microsoft and third-party software.

EncryptedRegView review

The scan takes a moment to complete and displays the data sorted by Registry key path by default. You can change the order with a click on any of the table headers, for instance by decrypted value, decryption result or hash algorithm.

A click on an entry lists the decrypted information in the lower pane. You may go through any to reveal names, web addresses, email addresses, location information, passwords and other data this way.

You will get "failed" entries by default. The program is run without elevation by default which means that any data that is system protected may not be decrypted. A right-click on the program executable and selecting run as administrator should resolve this issue.

As far as options are concerned, you may use search functionality to find keywords that you enter, save selected items to several different formats (txt, csv, xml), or generate HTML reports.

You may load Registry files as well as mentioned earlier. The program displays a dialog on start, also available via Options > Advanced Options, that provides you with these loading options.

Simply switch to "scan the Registry of an external drive" to enable it, and pick one of the available files that EncryptedRegView supports:

  1. Registry Hives Folder
  2. User Registry File
  3. User Classes Registry File
  4. Protect Folders

You may also select a root folder instead to have the program pick up the relevant Registry files automatically. Also, you may need to supply a Windows login password for the decryption process to complete successfully.

Closing Words

EncryptedRegView is one of those handy Nirsoft applications that you may have use for every now and then. Since it is portable and can be run from any location, it is a good addition to any troubleshooting or tools collection.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 4 votes
Software Name
EncryptedRegView
Operating System
Windows
Software Category
Administration
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Peter O said on November 22, 2016 at 12:44 am
    Reply

    Well yes I agree that Nirsoft stuff is original, well conceived, & generally appealing to the more tech savy.
    For the mere mortals amongst us things are not so rosey.
    This latest release for example has no explanation for it’s existence.
    Why/when would you use it?
    How would you interpret the results?
    How would you validate the results?
    And finally if it’s a problem for many Av’s as suggested here, is it worth the bother?

  2. Jojo said on November 19, 2016 at 8:46 am
    Reply

    When the X64 version starts running on my system, the advanced options screen is permitted that allows you to run as administrator, enter windows password and so on. None of these possibilities are live for me. All are grey out and I can’t type anything in.

    Even after running the program and trying to access advance options through the menus, all the options are locked to me.

  3. Tom said on November 18, 2016 at 3:10 pm
    Reply

    i always loved nir sofers tools. useful, small and no installation needed.

  4. Mark Hazard said on November 18, 2016 at 2:17 pm
    Reply

    I get a “Forbidden” and a 404 error when I click on either of the download links.

    1. Mark Hazard said on November 19, 2016 at 11:56 pm
      Reply

      It must be Firefox that prevents me from downloading the application, because I can download it with Opera and Pale Moon.

      1. satrow said on November 20, 2016 at 9:20 am
        Reply

        Ah – update Firefox – there was a similar problem asked about several days ago on Majorgeeks forum!

    2. Croatoan said on November 18, 2016 at 6:38 pm
      Reply

      Security software don’t like Nirsoft. Many, many false positivies.

      1. Mark Hazard said on November 18, 2016 at 9:24 pm
        Reply

        That’s not it. I can download other software from Nirsoft with no problem.

    3. satrow said on November 18, 2016 at 4:41 pm
      Reply

      What AV/Security software do you use?

      Those that go ballistic on cookies and ‘PUPs’ might be blocking the site.

  5. HanSolo said on November 18, 2016 at 1:19 pm
    Reply

    Another great peace of software form Nir Sofer.
    I use many applications from this man. Lightweight, but powerful.

    1. Marcin said on November 18, 2016 at 4:24 pm
      Reply

      So, Nirsoft is a single man ?!? o_O
      I always thought it was a team…
      This guy is so skilled and genius !

      1. Vrai said on November 19, 2016 at 12:27 am
        Reply

        @ Marcin –

        From the NirSoft about page: (quote)NirSoft is a Web site of one man. In NirSoft, there is no CTO or CEO, there is no secretary, there is no development team, and there are no rented offices. The entire Web site and all the utilities that you can find here were developed by me, and only by me.(/quote)

        Cool site. Cool guy. Nice tools.

  6. Ben said on November 18, 2016 at 12:40 pm
    Reply

    There is also a normal registry search tool from NirSoft (regscanner) that is a lot better than the Windows search.
    And you have to be aware, that windows saves some data in rot13.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.