Posts Tagged ‘ESR’

In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?

In the world of digital investigations, the sheer volume of data and the challenge of identifying valuable evidence can be overwhelming. Often, investigators find themselves faced with the need for optimization — the ability to quickly and seamlessly identify what is valuable and requires further examination. We aim to fulfill this need by introducing a new forensic toolkit in Elcomsoft System Recovery, a powerful bootable tool designed to speed up investigations, quickly identify and collect digital evidence right on the spot.

Access to encrypted information can be gained through various methods, including live system analysis (1 and 2), using bootable forensic tools, analysis of sleep/hibernation files, and exploiting TPM vulnerabilities, with password recovery being the last option on the list. Each method has different resource requirements and should be used in order of least resource-intensive to most time-consuming, with password recovery as the last resort. Familiarize yourself with the different encryption recovery strategies and learn about data formats with weak protection or known vulnerabilities.

The new year is fast approaching, and of course we are curious to know what it has in store for us in the field of computer, mobile, and cloud forensics. But before 2022 is over, we invite you to take a moment to reflect on what 2022 has been like for us. More research, development and updates remained our top priority, as it has been in all previous years. We have continued with constant improvement to our solutions by launching new features and expanding product capabilities. We’ve also got a chance to attend some conferences to meet with you in person and share our expertise. So, here’s our take on the results of 2022.

Disk encryption is widely used desktop and laptop computers. Many non-ZFS Linux distributions rely on LUKS for data protection. LUKS is a classic implementation of disk encryption offering the choice of encryption algorithms, encryption modes and hash functions. LUKS2 further improves the already tough disk encryption. Learn how to deal with LUKS2 encryption in Windows and how to break in with distributed password attacks.

Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!

While Windows 11 requires a Trusted Platform Module (TPM), older versions of Windows can do without while still using PIN-based Windows Hello sign-in. We prove that all-digit PINs are a serious security risk on systems without a TPM, and can be broken in a matter of minutes.

Elcomsoft System Recovery 8.30 introduced the ability to break Windows Hello PIN codes on TPM-less computers. This, however, was just one of the many new features added to the updated release. Other features include the ability to detect Microsoft Azure accounts and LUKS2 encryption, as well  as new filters for bootable forensic tools.

Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.

Windows 11 introduces increased account protection, passwordless sign-in and hardware-based security. What has been changed compared to Windows 10, how these changes affect forensic extraction and analysis, and to what extent can one overcome the TPM-based protection? Read along to find out!