REGA – Forensic Windows Registry Analyzer

REGA is a forensic tool that performs collection and analysis of the windows registry hives (GUI application). The tool will automatically search a target computer and quickly collect registry hive files (using RegEx).

REGA - Windows Registry Analyzer
REGA – Windows Registry Analyzer

The tool include the following feature:

  • Intuitive GUI based application
  • Automatically search a target computer and quickly collect registry hive files (using RegEx)
  • Extract forensically meaningful information in pre-defined categories
  • Decrypt and decode registry data to enhance the readability
  • Rapid search with keywords and time periods
  • Timeline analysis
  • Create result reports (CSV format) 

During the incident response process it will be possible to have the following:

  • Analyze windows installation information including:
    • Owner, Organization, Installation date, and so on
  • Analyze user activities such as:
    • User accounts, Protected storage, Run commands, Search keywords
    • Typed URLs of internet explorer
    • Remote desktop connection, Network drive connection
    • Recently accessed folders and files
  • Analyze system configuration information such as:
    • List of services and drives
    • Autoruns
  • Analyze installed application and the usage history
    • Installed application, Application usage history
    • Application compatibility cache
    • Word process application usage history (Microsoft office 1997-2010 and Haansoft hangle 2000-2010)
  • Analyze installed hardware and the usage history
    • Installed network interface cards
    • Installed hardware (device managers)
    • Installed storage devices (hdd, fdd, cd-rom, usb …)
  • Reporting
    • Create result reports (analyzed information is saved in the CSV file format) 

You can read more and download this tool over here: http://forensic.korea.ac.kr/tools/20151030_REGA_Freeware.zip

Share