Elcomsoft System Recovery V.6.0 Bootable Tool for Unlocking Windows Accounts and Accessing Encrypted Volumes
Introduces workflow for full-disk encryption, allowing to extract information required to launch password recovery attacks on volumes encrypted with BitLocker, PGP and TrueCrypt/VeraCrypt.
This is a Press Release edited by StorageNewsletter.com on May 2, 2019 at 2:19 pmElcomSoft Co. Ltd. releases an update of its System Recovery, a bootable tool for unlocking Windows accounts and accessing encrypted volumes.
V6.0 introduces a workflow for full-disk encryption, allowing to extract information required to launch password recovery attacks on volumes encrypted with BitLocker, PGP, and TrueCrypt/VeraCrypt. In addition, the tool can extract the computer’s hibernation file to allow instant access to information stored in crypto containers.
Full disk encryption workflow with faster access to critical evidence
System Recovery 6.0 changes the way forensic experts access evidence stored on computers protected with full disk encryption, offering a simpler and faster approach for accessing evidence stored on encrypted computers. The traditional acquisition approach requires disassembling the computer, removing and imaging all of its storage devices. It allows starting the investigation faster by booting the computer from a portable flash drive with read-only access to computer’s storage devices. The tool automatically detects full disk encryption on all built-in and removable drives, allowing experts to extract information required to brute-force the original password to encrypted disk volumes with the firm’s Distributed Password Recovery.
Full-disk encryption passwords can be difficult to break. A quicker alternative to brute-forcing the password might be available in a case the computer was hibernated while the encrypted partition was mounted. If this is the case, the decryption key could be stored in the system’s hibernation file. This decryption key can be extracted and used to instantly mount or decrypt the encrypted volume with the company’s Forensic Disk Decryptor without a lengthy attack.
Compatibility
The company’s System Recovery offers compatibility by using genuine Windows PE environment. The tool creates a bootable Windows PE flash drive, allowing loading additional drivers if required. The tool is compatible with 32-bit and 64-bit BIOS and UEFI computers running all versions of Windows including the latest versions of Windows 10 and Windows Server 2019.
Blog: A Bootable Flash Drive to Extract Encrypted Volume Keys, Break Full-Disk Encryption