It could be possible to recover registry hives from a previous Windows installation.
Sure it is possible, but highly unlikely.
jaclaz
I very rarely disagree with you, but this is one of those times.
It is perfectly fine disagreeing with me, no need for the preamble/disclaimer ) .
But you are seemingly (and of course IMHO) losing the focus from the actual original scope.
Sure you can recover whole (or more likely fragments of ) registry hives from previous installations in some cases.
Logically, if it was easy to recover whole hives, there would be no need whatsoever to have the Registry Recon software nor the yarp-carver thefuf mentioned, so it is more likely that you get on average "fragments" of hives.
And surely you can do amazing things with the parts that you recover. )
But the original questions are rather narrow
Is there a way to find out how many times windows was reinstalled.
Bonus would be to find when exactly.
So, as soon as you will post a report saying that out of a "random"[1] sample of (say) 100 PC's where windows was reinstalled once or more times you can determine[1] through recovered registry hives how many times windows was reinstalled and (bonus) when exactly in at least 25 of the samples (i.e. 1/4 of the examined PC's) I will gladly change the highly unlikely to "in some cases possible" and if you can get it for at least 51 (i.e. 1/2 of the examined PC's +1 ) to "likely".
About specific reliability of these recovered data, see also
https://www.forensicfocus.com/Forums/viewtopic/p=6594697/#6594697
jaclaz
[1] random in the sense that they need to be "real world" PC's, actually used by actual people for some time after the reinstall, including automated defrag having some chances to run, etc., not "artificial" samples where you attempt the recover just after the reinstall of the sheer OS.
[2] with a confidence suitable to be put in an official report, i.e. capable of making a court consider it sufficient proof to condemn a suspect
Sure you can recover whole (or more likely fragments of ) registry hives from previous installations in some cases.
Often enough that recovering hives (whether complete or partial) from unallocated space on HDDs, related to previous Windows installations, should not be considered an edge case as it often is now. Of course recovered hives related to the current installation are useful as well, and in most of our cases we tend to be more interested in those as our persons of interest were using the current Windows installation.
But the original questions are rather narrow
Is there a way to find out how many times windows was reinstalled.
Bonus would be to find when exactly.
Yes, I drifted from the original question if you consider it narrowly. I suspect the OP would be interested in knowing as much as possible about previous installations, even if we all concede that he will probably not get an authoritative answer to "how many times" and "exactly when." It may be for the OP, as it often is with us in this kind of situation, that the most important previous installation was the one just prior to the current.
Anyway, the point of my response is that you may be able to learn quite a bit about previous Windows installations (while conceding you will not learn everything), particularly when dealing with HDDs and populated unallocated space.
Mark