14 July, 2023

Elcomsoft Streamlines On-the-Spot Analysis with Bootable Forensic Tools

ElcomSoft Co. Ltd. releases Elcomsoft System Recovery 8.31, a bootable tool for on-the-spot analysis of the data stored in Windows computers. The new update adds features that enhance efficiency and simplicity during in-field investigations, and enables the collection, extraction, and analysis of essential artifacts available on the computers being investigated.

Bootable Forensic Tools

The primary focus of this update is to streamline the process of analyzing digital evidence during in-field investigation by expanding the collection of bootable forensic tools.

Originally released as a simple tool for resetting Windows users’ passwords, Elcomsoft System Recovery is now evolving into a feature-rich bootable forensic toolkit. The new release makes field analysis faster and more straightforward while still producing court admissible evidence with write-blocking disk imaging.

With the updated version of Elcomsoft System Recovery, investigators can collect and extract essential artifacts from the computers they are examining by booting from a designated USB device. These artifacts include crucial items such as a copy of the user's Windows registry, important DPAPI and encryption keys, system credentials, various system and event logs, as well as page and hibernation files that can be scanned for encryption keys used by BitLocker and third-party disk encryption tools.

This new tool follows a strategy known as the “low hanging fruit”, allowing investigators to quickly gather the most critical and easily accessible evidence along with keys to encrypted disks and vaults. Importantly, Elcomsoft System Recovery operates as a bootable disk, allowing investigators to extract crucial data and make informed decisions on-site. Based on the collected data, investigators can determine whether it is necessary to create a disk image and transport it to the laboratory for further in-depth analysis. This streamlined approach saves time and resources, ensuring that investigations can progress swiftly and accurately in both the field and the laboratory.

About Elcomsoft System Recovery

Elcomsoft System Recovery is a digital triage tool for examining computers in the field. The tool helps overcome the challenge of accessing a locked system, delivering a straightforward workflow for investigating computers in the field. Elcomsoft System Recovery helps access information in encrypted disks and encrypted virtual machines, extract passwords and access encrypted file systems.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner (Gold competency), and Intel Software Premier Elite Partner.

Contatti

Elcomsoft s.r.o.

Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00

Modulo di feedback coi rappresentati ufficiali di Elcomsoft.

As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.