Table of Contents
- Page 1 – Introduction, Screenshots, Usage Scenarios
- Page 2 – Registry Explorer – GUI
- Page 3 – RECmd – Command Line, How to Use rla.exe, Examining RECmd Output (CSV)
- Page 4 – Conclusion, Registry-Related CTFs, Related Blogs Posts/Videos, Change Log
Registry Explorer/RECmd is an essential tool for any digital forensic examiners toolkit. There are lots of important artifacts stored in the registry that can help strengthen or even make a case. Plus, the tool is free and examining the registry either in the GUI or in CSV output in Timeline Explorer, there’s something for everyone with multiple ways to find the same answers.
Registry Explorer/RECmd-Related Blog Posts/Videos
- 10/6/2020 – Initial version published.
- 10/7/2020 – Added new details based on feedback from the community.
- 12/13/2020 – Added link to GitHub repository that hosts KAPE !EZParser output