Details
Built-In Memory Imaging Tool
In complete decryption mode, Elcomsoft Forensic Disk Decryptor will automatically decrypt the entire content of the encrypted container, providing investigators with full, unrestricted access to absolutely all information stored on encrypted volumes. Elcomsoft has just released its Forensic Disk Decryptor tool. The company states that it can decrypt the information stored in PGP, Bitlocker and TrueCrypt disks and containers. It needs to be noted that local access to the system is required for one of the methods used by the program to work.
A forensic-grade memory imaging tool is included with Elcomsoft Forensic Disk Decryptor. The tool uses zero-level access to computer’s volatile memory in order to create the most complete memory image. The supplied RAM imaging tool operates through a custom kernel-level driver. The driver is digitally signed with a Microsoft signature, making it fully compatible with all 32-bit and 64-bit versions of Windows from
Windows 7 and up to the latest Windows 10 update.
Windows 7 and up to the latest Windows 10 update.
EnCase .E01 Support and Portable Version
Elcomsoft Forensic Disk Decryptor 2.0 now fully supports EnCase images in the industry-standard .EO1 format, as well as encrypted DMG images. In addition, Elcomsoft Forensic Disk Decryptor can be used to create a portable installation on a user-provided USB flash drive. The portable installation can be used to image computer’s volatile memory and/or mount or decrypt encrypted volumes.
A Fully Integrated Solution for Accessing Encrypted Volumes
Elcomsoft Forensic Disk Decryptor offers all available methods for gaining access to information stored in encrypted BitLocker, FileVault 2, PGP and TrueCrypt disks and volumes. The toolkit allows using the volume's plain-text password, escrow or recovery keys, as well as the binary keys extracted from the computer’s memory image or hibernation file. FileVault 2 recovery keys can beextracted from iCloud with Elcomsoft Phone Breaker, while BitLocker recovery keys are available in Active Directory or in the user’s Microsoft Account.
Two Access Modes[1]
With fully automatic detection of encrypted volumes and encryption settings, experts will only need to provide path to the encrypted container or disk image. Elcomsoft Forensic Disk Decryptor will automatically search for, identify and display encrypted volumes and details of their corresponding encryption settings.
Access is provided by either decrypting the entire content of an encrypted volume or by mounting the volume as a drive letter in unlocked, unencrypted mode. Both operations can be done with volumes as attached disks (physical or logical) or raw images; for FileVault 2, PGP and BitLocker, decryption and mounting can be performed using recovery key (if available).
Full Decryption
Elcomsoft Forensic Disk Decryptor can automatically decrypt the entire content of the encrypted container, providing investigators with full, unrestricted access to all information stored on encrypted volumes
Real-Time Access to Encrypted Information
In the real-time mode, Elcomsoft Forensic Disk Decryptor mounts the encrypted volume as a new drive letter on the investigator’s PC. In this mode, forensic specialists enjoy fast, real-time access to protected information. Information read from mounted disks and volumes is decrypted on-the-fly in real time.
Sources of Encryption Keys
Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be extracted from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:
- By analyzing the hibernation file (if the PC being analyzed is turned off);
- By analyzing a memory dump file[2]
- By performing a FireWire attack[3] (PC being analyzed must be running with encrypted volumes mounted).
- By capturing a memory dump with built-in RAM imaging tool [4]
FileVault 2, PGP and BitLocker volumes can be decrypted or mounted by using the escrow key (Recovery Key).
- NEW Windows 7 ULTIMATE 32/64 Key ESD Multilenguaje Original Licencia Envio 1min$4.32Free shipping
- Microsoft Windows 7 Pro Professional 32/64bit ESD Licence Key Activation Code$4.37Free shipping
- Microsoft Windows 7 Home Premium OEM 32/64 Bit Win Original Key GENUINE$7.55Free shippingPopular
- Windows 7 Professional Pro 32/64-bit Product Key Win 7 Pro License Full Version$5.17Free shippingPopular
- Activation Windows 7 Pro Edition 32/64 bit Genuine key Lifetime license Instant$2.85Free shippingPopular
- Windows 7 Professional 64/32bit Lifetime Genuine key - Instant Message Delivery$4.91Free shippingPopular
- Instant Delivery - Windows 7 Key 32/64-bit Professional Lifetime License$5.17Free shippingPopular
- Windows 7 Professional 64 bit DVD SP1 Full Version & COA License Product Key PRO$9.71Shipping: + $4.31 ShippingPopular
- Microsoft Windows 7 Professional Pro 32 & 64 Bit License Key Full Version$12.53Free shipping
- Almost goneCAINE Pro-Grade Digital forensic (Hacking & Security) on Live Bootable 16GB USB$11.06Shipping: + $7.34 ShippingAlmost gone
- SANS Investigative Forensic Toolkit VM USB incident response forensics intrusion$8.50Shipping: + $14.25 ShippingPopular
- 10 in 1 Multiboot Linux 32GB USB security penetration test VPN network forensic$13.99Shipping: + $14.25 ShippingPopular