Registry Recon helps cut through tedious work and recovers valuable information that is not available without burning enormous amounts of time.”

Dennis O’Connor

Senior Investigator, U.S. Department of Labor

Hibernation Recon allowed us to determine that remnants of a Skype chat involving child pornography existed in hiberfil.sys slack space (related to a previous hibernation) and to correct the date and time related to those remnants provided by another tool. Within the recovered chat the sender discussed not only possessing illegal material, but having over 70GB more to send, which was important to obtaining a search warrant.”

Torben Strand

Special Consultant, MSc, Danish National Police Cyber Crime Center (NC3)

Registry Recon is a game changer. It allows an analyst to retrieve and work with valuable Registry data that would otherwise be lost or extremely difficult to recover.”

Sean Cavanaugh

Forensic Analyst

“The sheer volume of Registry data that Registry Recon finds, and the methods used to visualize it, are astounding. We were able to analyze a nearly complete Registry from a previous installation of Windows that was over two years old.”

Ryan Maxwell

Director, Forensic West, DTI

“Typically my experiences with new digital forensic tools don’t turn out well. Registry Recon is the exception to this rule. I was quickly able to determine that a system I was analyzing had been compromised a full 6 months earlier than anyone realized, based on information Registry Recon recovered from unallocated space. It’s safe to say that Registry Recon has become part of my analysis toolkit.”

Bill Spernow

Chief Forensic Advisor, Law & Forensics, Inc. and former Forensics and Incident Response Research Director with the Gartner Group, Inc.

“With other tools, each Registry file has to be analyzed separately in a very time-consuming fashion. With Registry Recon, large numbers of Registry files from both allocated and unallocated space are merged into Recon Registries. I am now able to see how the Registry has changed over the life of both currently and previously installed operating systems.”

Stephen Swanson

President, Computer Forensic Services, LLC

“The cost of Registry Recon is justified by the Recon Reports alone. The pre-built USB Storage Devices report, for example, gives you historical information that no other computer forensics tool can.”

Alex Gessen

Computer Forensics Investigator, eMag Solutions

“I am thoroughly impressed with Registry Recon’s capabilities. Working in law enforcement, I can see how valuable it is to know how a suspect’s computer interacted with particular networks, documents, and storage devices over time.”

Sean Maloney

Trooper, Massachusetts State Police

As a former Linux developer, I miss many things under Windows. One of them is the flexible handling of loop devices and disk dumps. Arsenal Image Mounter ports this power to the Microsoft world. You know that “X:” is a virtual thumb drive residing in RAM, but Windows won’t. And that’s only one of the many possibilities with AIM.

Peter Schneider

Software Development Engineer, Cascade Microtech

“I will tell you that (Registry Recon) did an amazing job, even after (Windows) re-install and slight use I was able to recover over a year’s worth of USB device connections… I managed to recover almost all the Registry activity I needed from a re-installed system to prove some findings thanks to Registry Recon.”

David Cowen

Hacking Exposed Computer Forensics Blog

Hibernation Recon gives us the ability to quickly and accurately recover data from hibernation files missed by other tools. Output is very descriptive and helps us better understand the recovered data. Hibernation Reconwill be finding a permanent place in our workflow.”

Peter Kohler, Esq.

Digital Forensics and eDiscovery at Evidox Corporation

Hibernation Recon has become DoD’s must-have tool for extracting digital artifacts from Windows hibernation files. Not only does Hibernation Recon properly reconstruct active memory for all versions of Windows when other tools fail, it is the only tool that extracts various types of “slack space”, which has yielded critical forensic artifacts for DoD’s foreign intelligence mission that could not have been obtained any other way.

United States Department of Defense

22 Willow Street Chelsea, MA 02150



or (617) 277-3625

Site Map





















Privacy Policy


Terms & Conditions


Cookie Policy

Follow Us