Registry Decoder

Accurate, efficient analysis of the Windows registry

Registry Decoder provides a single tool in which to perform browsing, searching, analysis, and reporting of registry hive contents. All functionality is exposed through an intuitive GUI interface and accommodates even novice investigators.

Registry Decoder also acts as a great resource for new research and experimenting within the registry.

Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.

Registry Decoder is a free and open source tool. The online acquisition component can be found here and the offline analysis component here.

Permanent link to this article: