Registry Decoder

History

Registry Decoder was initially funded by the National Institute of Justice in late 2009 in the form of a research and development grant. Since the expiration of that grant, it has continued to be developed by Digital Forensics Solutions in order to add new features and perform more complex analysis. The main developers of Registry Decoder are Lodovico Marziale and Andrew Case.

Registry Decoder is a free and open source tool, and serves as great foundation for future registry forensics research. Parts of Registry Decoder utilize other open source projects, such as The Sleuthkit, PyTSK, RegLookup, and PyQT. The rest of the functionality was written by Digital Forensics Solution’s developers.

Registry Decoder was inspired by a number of other registry analysis projects including:

Access Data's Registry Viewer - for browsing specific hives
Regripper - for the plug-in based analysis system
Reglookup - for automated registry analysis

The goal of Registry Decoder is to unify registry analysis into a unified tool and to provide a platform for new registry-related research. It has been designed to be useful to investigators of all skill levels.