REGA – Forensic Windows Registry Analyzer
REGA is a forensic tool that performs collection and analysis of the windows registry hives (GUI application). The tool will automatically search a target computer and quickly collect registry hive files (using RegEx).

The tool include the following feature:
- Intuitive GUI based application
- Automatically search a target computer and quickly collect registry hive files (using RegEx)
- Extract forensically meaningful information in pre-defined categories
- Decrypt and decode registry data to enhance the readability
- Rapid search with keywords and time periods
- Timeline analysis
- Create result reports (CSV format)
During the incident response process it will be possible to have the following:
- Analyze windows installation information including:
- Owner, Organization, Installation date, and so on
- Analyze user activities such as:
- User accounts, Protected storage, Run commands, Search keywords
- Typed URLs of internet explorer
- Remote desktop connection, Network drive connection
- Recently accessed folders and files
- Analyze system configuration information such as:
- List of services and drives
- Autoruns
- Analyze installed application and the usage history
- Installed application, Application usage history
- Application compatibility cache
- Word process application usage history (Microsoft office 1997-2010 and Haansoft hangle 2000-2010)
- Analyze installed hardware and the usage history
- Installed network interface cards
- Installed hardware (device managers)
- Installed storage devices (hdd, fdd, cd-rom, usb …)
- Reporting
- Create result reports (analyzed information is saved in the CSV file format)
You can read more and download this tool over here: http://forensic.korea.ac.kr/tools/20151030_REGA_Freeware.zip
Subscribe
0 Comments