The Windows Registry is an important source of evidence for examiners in the field of computer and digital forensics. Some information in the Registry such as MRU files, recently accessed applications, System Information, Autorun Softwares, User Details, Timestamp Information etc. are extremely valuable to the forensic Examiner.
Forensic Registry Analysis Tool extracts those significant information from the registry and displays it in user understandable format. It provides GUI for extracting information from either “Raw registry files(not a live registry file)” or “Live System Registry”. In case of Raw Registry Files, it provides facility for user to load the raw registry files, which is extracted from acquired images, then F-RAT reads those registry files and extracts important registry keys information from them. In case of Live System Registry, F-RAT directly uses Windows API to extract information from important registry keys. Actual information extracted from those registry keys may not be in understandable format. F-RAT translates binary and other non-ASCII (i.e., binary encoded, ROT-13 encrypted, etc.) data into user understandable format and writes into a html file. Finally it displays registry information in Html Viewer.
|
|
|
Click to Download !
|
|
5482 KB
|
| |
F-RAT 1.0