Elcomsoft System Recovery, a digital field triage tool, is updated to support PIN-protected Windows 10 and Windows 11 accounts with in-place PIN recovery. The update adds LUKS2 support, detects Microsoft Azure accounts, and improves bootable forensic tools with custom filters.
The updated Elcomsoft System Recovery 8.30 further improves support for Windows 10 and Windows 11 computers, adding the ability to attack PIN-protected user accounts on systems without a TPM.
In Windows 8, Microsoft started steering users to use a PIN code instead of account passwords. Subsequent versions of Windows inherited this ability. By default, PIN codes only contain digits, yet alphanumeric PINs are also possible. Their typical length is 4 or 6 characters, making it possible to break such PIN codes with a simple brute-force attack in almost no time.
Elcomsoft System Recovery 8.30 brings the ability to detect PIN-protected accounts and brute-force the PIN code on systems without a Trusted Platform Module (TPM). For digit-only PIN codes, the length of the PIN is detected and displayed.
Update to bootable forensic tools
Originally released as a simple tool for resetting Windows users’ passwords, Elcomsoft System Recovery is now evolving into a feature-rich bootable forensic toolkit. The tool offers several bootable forensic tools including the timeline, which includes the list of launched apps and past activities laid out in the convenient timeline view, the list of recently accessed files and folders, and the list of installed applications.
The new release further improves usability of these tools, adding the ability to filter the results. The filters allow experts to concentrate on what’s important while excluding activities with unwanted data such as access to Windows system files.
Support for LUKS 2 encryption
In addition, the update can now detect disks encrypted with LUKS2 and extract encryption metadata for subsequent attacks. An updated version of Elcomsoft Distributed Password Recovery will be required to run an attack on a LUKS2 volume.
Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.
Elcomsoft System Recovery 8.30 change log:
Lire la suite
• 'Lire l'article «New in Elcomsoft System Recovery: Microsoft Azure Accounts, LUKS2 and Forensic Tool Filters» dans notre blog' (version anglaise)Liens