Recover Deleted Windows Registry Keys From Selected Hives With Yaru
Tweaking with Windows Registry requires in-depth knowledge about registry hives. Users who need to tweak with Windows or installed applications behaviors, reveal hidden features, and change non-customizable utilities’ settings are always advised to backup all relevant registry keys before making changes, so they can be easily restored if any system catastrophe happens. But what if you failed to backup your registry? Yaru (Yet Another Registry Utility) helps in restoring previously deleted keys from user-selected registry hives.
Note: Yaru is a low-level registry tool which is only meant for proficient Windows users. Before tweaking with keys and settings through it, make sure that you’ve ample understanding of Windows core registry hives.
Yaru comes with robust search feature which lets you find registry keys created or modified during a specified date range. You can also find keys by specifying text keywords,value names, and by byte patterns. Furthermore, it has the ability to compare snapshots of two registry hives to view, analyze and compare their structure. Yaru, unlike other registry tools, lets you view those active hives which Windows OS locks down; it can resort to raw NTFS disk reads to fetch any of the required registry hives. Yaru also includes logging feature which records user selections and data values in XML format.
After launching the application, the first step would be to choose the hive you want to open in Yaru. Under File menu, select the source of registry hives or live Windows registry hives, such as, Software, System, Security, BCD, etc.
Yaru opens the selected registry hive as well as finds and displays recently deleted keys. From right-click context menu, you can export deleted key raw data to text file or choose to display the exported file content on main screen.
The Options menu lets you find key by numerous attributes, such as, name, date range, value name, strings, pattern and unlinked chunks.You can find strings and patterns from unallocated space, compare 2 snapshots, and Dump Hex data.
The Reports menu deals with registry report generation features. You can create report for currently loaded drive or choose user, security, Sam, system and software hive from Live system.
Yaru is developed using C++, thus it provides a relatively quicker access to registry hives than other similar .Net Framework based applications. It runs on Windows XP, Windows Vista, and Windows 7. Versions for both 32-bit and 64-bit Windows OS editions are available.