Elcomsoft updates its range of solutions for distributed, hardware-accelerated password recovery and data decryption, adding support for yet another popular full disk encryption product: BestCrypt Volume Encryption.
Our password recovery tools support a wide range of full-disk encryption products. These include BitLocker, LUKS, PGP, TrueCrypt/VeraCrypt, and FileVault 2. In this update, we’ve added support for Jetico BestCrypt Volume Encryption 4 and 5, the company’s full-disk encryption product. Developed by the Finnish company Jetico, BestCrypt Volume Encryption is a cross-platform commercial full-disk encryption tool. Available for Windows and macOS platforms, BestCrypt offers secure encryption of entire partitions.
Full-disk encryption is routinely used in the criminal world. Forensic evidence stored on encrypted disks can be only accessed if one can produce the original encryption password. The ability to analyze evidence stored on encrypted disks becomes essential when performing digital investigations. We built the complete set of tools to enable forensic experts run hardware-accelerated distributed attacks on passwords protecting encrypted disks and disk images created by BitLocker, LUKS, PGP, TrueCrypt/VeraCrypt, FileVault 2, and now BestCrypt.
BestCrypt is extremely secure and tough to break. As an additional security measure, its developers utilized a method to prevent hardware-assisted attacks by requiring large amounts of memory that none of the current generation of video cards have. This method ruled out GPU acceleration, making the attacks CPU only. Because of that, the password recovery speeds for the new format are extremely slow. Successful recovery relies on simple passwords and the human factor.
Our tools feature a wide range of attacks targeting the human factor. The attacks range from the simplest dictionary attacks to masks and automated mutations. The most advanced attacks can combine words from up to two dictionaries with a scriptable syntax for producing password variations based on the rules. In addition, the attack can be launched on up to 10,000 computers with flexible management.
We have also improved support for a large number of formats; refer to Release Notes below.
One uses Elcomsoft Distributed Password Recovery to attack the original user password. However, to launch the attack, one must first extract encryption metadata. Elcomsoft Forensic Disk Decryptor can extract encryption metadata from encrypted BestCrypt volumes when analyzing live systems, while Elcomsoft System Recovery can detect encrypted volumes and extract encryption metadata when starting the PC from a USB boot media. The free tool Elcomsoft Encrypted Disk Hunter will detect BestCrypt volumes when analyzing live systems.
Elcomsoft Distributed Password Recovery 4.42 Release Notes
Elcomsoft System Recovery 8.01 Release Notes
Elcomsoft Encrypted Disk Hunter 1.10 Release Notes
Elcomsoft Forensic Disk Decryptor 2.19 Release Notes
Per saperne di più
• Leggi l’articolo «Breaking BestCrypt Volume Encryption 5» sul nostro blog (in ing.)Links