Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Forensic access to encrypted BitLocker, PGP and TrueCrypt containers

Posted on 20 December 2012.

ElcomSoft released Elcomsoft Forensic Disk Decryptor, a forensic tool providing access to information stored in disks and volumes encrypted with BitLocker, PGP and TrueCrypt.

The complete decryption mode provides full, unrestricted forensic access to all information stored on encrypted volumes. Alternatively, by mounting encrypted containers as drive letters, investigators gain immediate, real-time access to protected volumes. In real-time mode, information read from encrypted containers is decrypted on-the-fly. The software offers true zero-footprint operation with no alterations or modifications to original content ever.

Elcomsoft Forensic Disk Decryptor acquires all necessary decryption keys by analyzing memory dumps or hibernation files obtained from the target PC. A memory dump can be obtained from a running PC, locked or unlocked, with encrypted volumes mounted. Memory dumps produced with any forensic product or obtained via a FireWire attack are supported.

A FireWire attack requires a free third-party tool, a FireWire (IEEE 1394) cable and another PC to launch the attack from. Decryption keys can also be derived from hibernation files if a target PC is turned off.

“Before Elcomsoft Forensic Disk Decryptor, only Elcomsoft Distributed Password Recovery could handle encrypted disks”, says Yuri Konenkov, ElcomSoft leading crypto analytic. “It used brute force to break passwords. Today, we’re introducing a special tool that uses a completely different approach to decrypting disks protected with PGP, True Crypt, BitLocker and BitLocker To Go. We have also added the ability to brute-force passwords for TrueCrypt and BitLocker To Go containers to Elcomsoft Distributed Password Recovery.”