On May 12, 2026, a researcher operating under the handles Chaotic Eclipse and Nightmare-Eclipse dropped a working proof-of-concept on GitHub for a Windows zero-day called YellowKey. In short, it lets anyone with brief physical access to a BitLocker-protected Windows 11, Windows Server 2022, or Windows Server 2025 machine pop a command prompt with full read access to the encrypted volume. No password. No recovery key. No TPM sniffing rig. A USB stick and a key combination during reboot.
Elcomsoft System Recovery is a perfect tool for digital field triage, enabling safer and more secure in-field investigations of live computers by booting from a dedicated USB media instead of using the installed OS. The recent update added a host of features to the already great tool, making it easier to examine the file system and extract passwords from the target computer.
- ElcomSoft Phone Breaker 11: full overhaul of iCloud extraction30 April, 2026
- iOS Forensic Toolkit 10.02 adds agent-based extraction for iOS 2629 April, 2026
- Elcomsoft Quick Triage receives a major update28 April, 2026
- Elcomsoft System Recovery 8.37 expands support for Microsoft Accounts, adds Entra ID23 April, 2026
- iOS Forensic Toolkit 10.01 expands agent-based extraction up to iOS 18.7.1 for M-series iPads 21 April, 2026