We are writing to announce updates to both Registry Decoder and Registry Decoder Live.
Registry Decoder, now version 1.4, had a number of enhancements, usability improvements, and updates to existing plugins. These include:
- Diffing enhancements:
- The ability to export diffs from both search and plugins
- Diff exports now include the matching entries
- Diff tabs have a color legend to explain the diffs
- All reporting fields add default file extensions if not provided by the user
- The 'value' of a registry 'name' is now added in search results
- Fixed a bug where the same entry could appear multiple times in search results
- Updates to the StreamMRU, ShellBags, ShellBagsMRU, and RecentDocsOrdered plugins by Kevin Moore
The new files can be downloaded from the downloads pages per project:
Registry Decoder
Registry Decoder Live
On a side note, it was very exciting to see nearly 50 people using Registry Decoder at once during the workshop at DFRWS. We appreciate all the feedback we received from this workshop, and have already incorporated many of the fixes into this release. We have also slotted some of the bigger fixes suggested into future releases.
Also, Harlan Carvey has been doing some extensive research into ShellBags, and has chronicled his efforts so far into two excellent blog posts (here and here). These are well worth while reads for anyone using ShellBags in your own investigations (which you should be!).
If you have any questions or comments, please reply in the comments section or Email us at: registrydecoder [@] digdeeply.com
