Registry forensics has long been relegated to analyzing only readily accessible Windows Registries, often one at a time, in a needlessly time-consuming and archaic way.

Registry Recon is not just another Registry parser. We have developed powerful new methods to parse Registry data, rather than relying on Microsoft APIs, so that Registries which have existed on a Windows system over time can be resurrected. Registry Recon provides access to an enormous volume of Registry data which has been effectively deleted, whether that deletion occurred due to benign system activity, malfeasance by a user, or even re-imaging by IT personnel. Your timelines can now include Registry data that was active, backed up in restore points or volume shadow copies, or carved from unallocated space. While Registry Recon displays unique Registry data by default, seamless access to all instances of particular Registry keys and values is available (with full paths and sector offsets) so your findings can be efficiently authenticated.


  • Intuitive and efficient workflow
  • Resurrection of Windows Registries long since forgotten
  • Access to enormous amounts of deleted Registry data
  • Unique keys and values shown by default in historical fashion
  • Seamless access to all instances of keys and values
  • Windows restore point and volume shadow copy support
  • Ability to view keys (and their values) at particular points in time


Registry Recon requires Microsoft Windows 7 or later, .Net4, and the Visual C++ 2010 Redistributable Package (x86/x64).


To receive your evaluation copy of Registry Recon, please contact our Sales Representative at and provide us your full name as well as your company name.

Download: Brochure

Subscribe To Our Newsletter - Nexia Pulse

Sign up now to get the latest accounting and business advisory news delivered to your inbox.