Posts Tagged ‘EDPR’

Released back in 2013, VeraCrypt picks up where TrueCrypt left off. Supporting more encryption algorithms, more hash functions and a variable number of hash iterations, VeraCrypt is the default choice for the security conscious. VeraCrypt has no known weaknesses except one: once the encrypted disk is mounted, the symmetric, on-the-fly encryption key must be kept in the computer’s RAM in order to read and write encrypted data. A recent change in VeraCrypt made OTF key extraction harder, while the latest update to Elcomsoft Forensic Disk Decryptor attempts to counter the effect of the change. Who is going to win this round?

How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.

The recent update to Elcomsoft Advanced Archive Password Recovery, our go-to tool for breaking passwords to encrypted archives, brought compatibility with RAR5 and 7Zip formats, and enabled multithreaded dictionary attacks. Which archive formats are the most secure, and which ones are the toughest to break? Read along to find out!

Breaking Jetico BestCrypt

February 3rd, 2021 by Oleg Afonin

BestCrypt, developed by the Finnish company Jetico, is a cross-platform commercial disk encryption tool. Available for Windows, Linux, macOS and Android platforms, BestCrypt is delivered in two editions, one offering full-disk encryption and the other encrypting virtual disk volumes stored in containers, the latter being supported with our tools.

Today we have an important date. Advanced Office Password Recovery turned 16. What started as an instant recovery tool for legacy versions of Microsoft Word had now become a GPU-accelerated toolkit for breaking the many Microsoft formats. Today we’re releasing a major update, giving Advanced Office Password Recovery and Distributed Password Recovery tools the ability to crunch passwords faster with the newest and latest NVIDIA 3000-series graphic boards. Powered by Ampere, the new generation of GPUs delivers unprecedented performance in modern video games. How do the new cards fare when it comes to accelerating the password recovery, and is an upgrade worth it for the forensic experts? Let’s find out.

This is the final part of the series of articles comparing Elcomsoft Distributed Password Recovery with Hashcat. We’ve already compared the features, the price and performance of the two tools. In this study, we tried breaking passwords to several common formats, including Word document, an encrypted ZIP archive, and a VeraCrypt container. We summarized our experiences below.

Elcomsoft Distributed Password Recovery and Hashcat support a number of different attacks ranging from brute-force all the way to scriptable, dictionary-based attacks. The costs and performance are extremely important factors. We charge several hundred dollars for what, in the end, can be done with a free tool. Which tool has better performance, and are the extra features worth the price premium? Let’s check it out.

As opposed to live system analysis, experts performing the cold analysis are not dealing with authenticated user sessions. Instead, cold analysis can be viewed as an intermediary measure with live system analysis on the one end and the examination of a forensic disk image on another. Why and when would you use cold system analysis, what can you do and what benefits does it bring compared to the traditional approach? Read along to find out.

When adding a new encryption format or comparing the performance of different password recovery tools, we routinely quote the recovery speed expressed in the number of passwords per second. But what is the true meaning of password recovery speeds? Do the speeds depend solely, or at all, on the encryption algorithm? What’s “military grade” encryption, and does it guarantee the security of your data? And why on Earth breaking AES-256 encryption takes so vastly different effort in different file formats? Read along to find out.

Accessing a locked system is always a challenge. Encrypted disks and encrypted virtual machines, encrypted files and passwords are just a few things to mention. In this article we are proposing a straightforward workflow for investigating computers in the field.