The registry on Windows systems contain a tremendous wealth of forensic artifacts, including application executions, recently accessed files, application-specific passwords, removable device activity, search terms used and more. Existing registry analysis tools are poorly suited for investigations involving more than one machine (or even more that one registry file), for either registry acquisition or analysis. This problem is only exacerbated by the now-standard Volume Shadow Service, which makes available multiple historical copies of the registry by default. In order to make large scale investigations of the registry feasible, we developed Registry Decoder, an open source tool for automated acquisitions and deep analysis of the large sets of Windows registry data. Registry Decoder includes powerful search functionality, activity timelining, plugin-based extensibility, a differencing engine and multi-format reporting. Since its release at Blackhat Vegas Arsenal 2011, it has been downloaded almost 10,000 times and has been nominated for the Computer Forensic Software Tool of the Year by Forensic 4cast. This year at Blackhat we plan to release Registry Decoder 2.0 which has a number of new features, including new plugins, better timelining, and huge performance enhancements.