The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup is released under the GNU GPL, and is implemented in ANSI C. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.

Usage: reglookup [-v] [-s] [-p <PATH_FILTER>] [-t <TYPE_FILTER>] <REGISTRY_FILE>
Options:
-v sets verbose mode.
-h enables header row. (default)
-H disables header row.
-s enables security descriptor output.
-S disables security descriptor output. (default)
-p restrict output to elements below this path.
-t restrict results to this specific data type.
-i includes parent key modification times with child values.

Usage: reglookup-recover [options] <REGISTRY_FILE>
Options:
-v sets verbose mode.
-h enables header row. (default)
-H disables header row.
-l enables leftover(raw) cell output.
-L disables leftover(raw) cell output. (default)
-r enables raw cell output for parsed cells.
-R disables raw cell output for parsed cells. (default)

The license of this software is Free, you can free download and free use this registry cleaner software.