ElcomSoft blog

«…Everything you wanted to know about password recovery, data decryption,
mobile & cloud forensics…»

Posts Tagged ‘EFDD’

How to Instantly Access BitLocker, TrueCrypt, PGP and FileVault 2 Volumes

Wednesday, January 31st, 2018

It’s been a long while since we made an update to one of our most technically advanced tools, Elcomsoft Forensic Disk Decryptor (EFDD). With this tool, one could extract data from an encrypted disk volume (FileVault 2, PGP, BitLocker or TrueCrypt) by utilizing the binary encryption key contained in the computer’s RAM. We could find and extract that key by analyzing the memory dump or hibernation files.

What Elcomsoft Forensic Disk Decryptor did not do until now was pretty much everything else. It couldn’t use plain text passwords to mount or decrypt encrypted volumes, and it didn’t support escrow (recovery) keys. It didn’t come with a memory imaging tool of its own, making its users rely on third-party solutions.

With today’s release, Elcomsoft Forensic Disk Decryptor gets back on its feets, including everything that was missing in earlier versions. Plain text passwords and recovery keys, a Microsoft-signed kernel-level RAM imaging tool, the highly anticipated portable version and support for the industry-standard EnCase .E01 and encrypted DMG images are now available. But that’s not everything! We completely revamped the way you use the tool by automatically identifying all available encrypted volumes, and providing detailed information about the encryption method used for each volume.

(more…)

Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)

Wednesday, June 8th, 2016

Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?

We did our research, and are ready to share our findings. Due to the sheer amount of information, we had to break this publication into two parts. In today’s Part I, we’ll discuss the possibility of using a backdoor to hack our way into BitLocker. This publication will be followed by Part II, in which we’ll discuss brute-force possibilities if access to encrypted information through the backdoor is not available. (more…)

Elcomsoft Forensic Disk Decryptor Video Tutorial

Monday, June 8th, 2015

Quite often our new customers ask us for advice about what they should start with in order to use the program effectively. In fact, there are various situations when the tool can come in handy by decrypting data securely protected with TrueCrypt, BitLocker (To-Go), or PGP and we’d need a super long video to describe all the cases. But we’d love to demonstrate one typical situation when disk is protected with TrueCrypt when entire system drive encryption option is on.

In this video, kindly provided by Sethioz, we suggest you to decrypt TrueCrypt whole system drive encryption using our Elcomsoft Forensic Disk Decryptor thoroughly going through all the stages starting from the very first one when you just got the encrypted hard drive on hands.

With encrypted hard drive in one hand and its memory dump in the other one (taken when encrypted disk was still mounted) we plug HDD into our “invesgitator’s” computer, start Elcomsoft Forensic Disk Decryptor and easily, in one slow motion, extract the encryption keys from the memory dump file and decrypt the protected HDD, either by mounting it into the “investigator’s” system (to be able to work with it on-the-fly) or by decoding the contents into a specified folder.

We hope you’ll enjoy this video and next time you have the necessity to decrypt something encrypted you’ll feel more confident about it. We also invite you to take a moment and share your experience here in comments or leave your question if you still have any after this pretty detailed video. 🙂

Déjà vu

Monday, December 24th, 2012

The story about PGP becomes really funny.

Three and a half years ago (in April 2009) our company took part in InfoSecurity Europe in London. I should confess that London is one of my favourite cities; besides, I love events on security — so that I was really enjoying that trip (with my colleagues). But something happened.

(more…)