REGA & RegEX : forensic and registry analyzer

REGA is the forensic tool performing collection and analysis of the windows registry hives. (GUI application)
RegEX is a console application for collecting registry hive files.
Supported platforms
Windows (written in C/C++ and MFC)

Platform : Windows

Target OS
Windows NT / 2000 / XP / 2003 / 2008 / VISTA / 7 / 8 (consumer preview)
Korean, English, Japanese

  • Intuitive GUI based application
  • Automatically search a target computer and quickly collect registry hive files (using RegEX)
  • Extract forensicically meaningful information in pre-defined categories
  • Decrypt and decode registry data to enhance the readabiilty
  • Rapid search with keywords and time preriods
  • Timeline analysis
  • Create result reports (CSV format)

Automatically search a target computer and quickly collect registry hive files (using RegEX)
Recovery deleted registry data (key, value and data)
Analyze windows installation information including:
Owner, Organization, Installation date, and so on
Analyze user activities such as:
User accounts, Protected storage, Run commands, Search keywords
Typed URLs of internet explorer
Remote desktop connection, Network drive connection
Recently accessed folders and files
Analyze system configuration information such as:
List of services and drives
– Autoruns
Analyze installed application and the usage history
Installed application, Application usage history
Application compatibility cache
Word process application usage history (Microsoft office 1997-2010 and Haansoft hangle 2000-2010)
Analyze installed hardware and the usage history
Installed network interface cards
Installed hardware (device managers)
Installed storage devices (hdd, fdd, cd-rom, usb …)
Create result reports (analyzed information is saved in the CSV file format)

Download : REGA v1.5.0.0 (1.8 MB)
Note : REGA (REGistry Analyzer) v1.5.0.0 (freeware), RegEx (Registry Extractor) v1.0.0.0
Provided executable files only. (not included the source code), Freeware has functional restrictions like the result shows some of all items.
Read more right here :