Shao
Rìu Chiến Vàng Chấm
Elcomsoft Forensic Disk Decryptor is a detailed and powerful suite that offers users complete access to data stored in crypto containers. The software recognizes PGP encrypted volumes, as well as full disk encryptions.
Can unlock BitLocker, PGP and TrueCrypt disks and containers
The software is intended to help forensic specialists and other affiliated professionals in obtaining locked information. Therefore, anyone who operates on a regular basis with encrypted volumes will find this application highly beneficial. It can also be employed to test the decryption resilience of such items.Elcomsoft Forensic Disk Decryptor ships with a very intuitive interface that guides users through the sequential steps required to decrypt items. Navigation is performed with the several on-screen buttons, and some knowledge is required to obtain palpable results.
Comes with two operating modes
The resource comes with two fundamental operating modes: “Decrypt or mount disk” and “Extract keys”. Both rely on memory images and the difference is that with the first option, users can mount the volume as a drive letter (as an unlocked, unencrypted item).When extracting keys from a memory image, users can choose from a wide variety of encryption modes, including PGP, BitLocker or TrueCrypt volume master keys. The source input memory document can take either the form of a memory dump or a hibernation file.
Does not leave any footprints behind it
One of the great features of this software is that it leaves no traces behind it. Decrypting the data in no way affects the target items, and previously encrypted volumes will not be tempered with. This is a highly important aspect for forensic specialists.To conclude, Elcomsoft Forensic Disk Decryptor is a highly specialized and powerful decryption tool that can unlock BitLocker, PGP and TrueCrypt disks or containers.
FEATURES
- Decrypts information stored in three most popular crypto containers
- Mounts encrypted BitLocker, PGP and TrueCrypt volumes
- Supports removable media encrypted with BitLocker To Go
- Supports both encrypted containers and full disk encryption
- Acquires protection keys from RAM dumps, hibernation files
- Extracts all the keys from a memory dump at once if there is more than one crypto container in the system
- Fast acquisition (limited only by disk read speeds)
- Zero-footprint operation leaves no traces and requires no modifications to encrypted volume contents
- Recovers and stores original encryption keys
- Administrator privileges (to create a memory dump)
- Memory image or hibernation file containing disk encryption keys (created while the encrypted disk was mounted), or escrow/recovery key (FileVault 2, BitLocker or PGP Disk), or a password
What New:
August 16, 2022
- Specifying Encryption and Hashing Algorithms for TrueCrypt/VeraCrypt
- TrueCrypt and VeraCrypt allow users to change the encryption algorithm as well as the hash function used to generate the encryption key from the password. This information is never stored anywhere in the encrypted container. Should the expert specify the wrong algorithm, the attempt to recover the password will fail even if the correct password is tried. In this release, we've added the ability to specify algorithms for brute-forcing passwords when capturing encryption metadata from TrueCrypt/VeraCrypt volumes.
- LUKS2 Encryption
- We added support for LUKS2 encryption. The tool can extract LUKS2 metadata from encrypted disks and containers.
VISIT HOMEPAGE