utility to analysis for Windows NT-based registry

 RegLookup is a system to direct analysis of Windows NT-based registry
 files providing command line tools, a C API, and a Python module for
 accessing registry data structures. The project has a focus on providing
 tools for digital forensics investigations (though is useful for many
 purposes), and includes algorithms for retrieving deleted data structures
 from registry hives.
 .
 Currently the program allows one to read an entire registry and output it
 in a (mostly) standardized, quoted format. It also provides features for
 filtering of results based on registry path and data type. The package
 provides the following commands: reglookup, reglookup-recover and
 reglookup-timeline.