EncryptedRegView reveals encrypted Registry data

EncryptedRegView is a free portable program for Microsoft Windows operating systems that reveals encrypted data in the Registry.

The program is another Nirsoft application which means that you can run it from any location without installation. All you need to do is download the archive -- a version for 32-bit and 64-bit versions of Windows is provided -- and extract it afterwards to the local system.

You may use the program to scan the local Registry for encrypted data, or point it to a Registry file in another location instead.

EncryptedRegView scans the Registry based on your selection on the start screen and displays any data that is encrypted with the Data Protection API (DPAPI). This API is used by Microsoft and third-party software.

EncryptedRegView review

The scan takes a moment to complete and displays the data sorted by Registry key path by default. You can change the order with a click on any of the table headers, for instance by decrypted value, decryption result or hash algorithm.

A click on an entry lists the decrypted information in the lower pane. You may go through any to reveal names, web addresses, email addresses, location information, passwords and other data this way.

You will get "failed" entries by default. The program is run without elevation by default which means that any data that is system protected may not be decrypted. A right-click on the program executable and selecting run as administrator should resolve this issue.

As far as options are concerned, you may use search functionality to find keywords that you enter, save selected items to several different formats (txt, csv, xml), or generate HTML reports.

You may load Registry files as well as mentioned earlier. The program displays a dialog on start, also available via Options > Advanced Options, that provides you with these loading options.

Simply switch to "scan the Registry of an external drive" to enable it, and pick one of the available files that EncryptedRegView supports:

1. Registry Hives Folder
2. User Registry File
3. User Classes Registry File
4. Protect Folders

You may also select a root folder instead to have the program pick up the relevant Registry files automatically. Also, you may need to supply a Windows login password for the decryption process to complete successfully.

Closing Words

EncryptedRegView is one of those handy Nirsoft applications that you may have use for every now and then. Since it is portable and can be run from any location, it is a good addition to any troubleshooting or tools collection.