Improved Full-Disk Encryption Workflow
Elcomsoft System Recovery makes it easier to access data stored in encrypted disks and containers. With automatic detection of encrypted volumes, ESR will automatically extract hashes required to launch an attack on the password of the encrypted volume, saving them to the flash drive to offer faster access to encrypted evidence compared to the traditional workflow. In addition, ESR can extract and save hibernation files that may contain the encryption keys to access information stored in encrypted volumes. These keys can be used to instantly mount encrypted volumes or decrypt their content for offline analysis.
Reset or Recover Windows Account Passwords
Up to 40% of support calls are related to forgotten passwords and locked logins. Elcomsoft System Recovery helps instantly reset Windows system passwords, enabling system administrators regain access to locked Windows accounts. Supporting local Windows accounts, network domains and Microsoft Account, Elcomsoft System Recovery is a must-have tool for network administrators, IT professionals and security specialists.
Reset or Recover SYSKEY Passwords
SYSKEY passwords were a dubious and controversial way to add an extra layer of security to Windows login. Used in older versions of Windows, SYSKEY passwords were removed from Windows 10 and Windows Server 2016 release 1709. An unknown SYSKEY password blocks Windows startup and prevents the ability to recover or reset the user's account password.
Elcomsoft System Recovery can reset SYSKEY passwords in order to restore the system’s normal boot operation. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system.
In addition, Elcomsoft System Recovery allows looking up for cached SYSKEY passwords in various system databases and cache files before resetting.
Instant Reset and Configurable Attacks
Elcomsoft System Recovery can reset account passwords instantly, while supporting pre-configured attacks to recover the original passwords. In addition, users can upload their own custom dictionaries for high-performance dictionary attacks with up to 4 levels of mutations.
Elcomsoft System Recovery unlocks locked and disabled user and administrative accounts in Windows 7, 8, 8.1, Windows 10, as well as many legacy versions of Windows including Windows Vista, Windows XP, Windows 2000, Windows NT as well as the corresponding Server versions up to and including Windows Server 2019. Both 32-bit and 64-bit systems are supported.
Ready to Boot, Immediate Assistance, Easy to Operate
Elcomsoft System Recovery comes with everything to quickly create a bootable DVD or USB flash drive. The image is based on a customized Windows PE environment, and comes pre-configured with a number of drivers to allow seamless experience on most legacy and cutting-edge hardware configurations.
Create a bootable USB drive or DVD disc in a few easy steps for immediate assistance. Elcomsoft System Recovery comes with 32-bit and 64-bit UEFI and legacy BIOS configurations, allowing you to create bootable media for all types of systems.
The genuine Windows PE environment offers complete access to the familiar Windows graphical user interface. No command line scripts and no poor imitations of the Windows GUI!
Elcomsoft System Recovery is an all-in-one security tool for Windows accounts. The tool helps detect and resolve a variety of issues related to user and administrative account passwords.
- Assign Administrator privileges to any user account
- Enable and unlock the locked and disabled user accounts
- Create forensic disk image for subsequent in-lab analysis
- Change and reset passwords for any local accounts
- List all local user accounts and highlight Administrator accounts
- Look up account privileges
- Detect accounts with empty passwords
- Instantly recover certain passwords to special/system accounts (e.g. IUSR_, HelpAssistant, etc)
- Backup and restore SAM/SYSTEM files
- Optionally restore original SAM/SYSTEM files after successful logon with a new password
Add more capabilities
Elcomsoft Encrypted Disk Hunter
Elcomsoft Encrypted Disk Hunter is a free, portable command-line tool to quickly discover the presence of encrypted volumes when performing live system analysis.
Multiple Windows, Linux and macOS full-disk encryption tools are supported including TrueCrypt/VeraCrypt, all versions of Microsoft BitLocker, PGP WDE, FileVault2, and LUKS. The tool must be launched with administrative privileges on the live system being analyzed. If an encrypted volume is detected, a further investigation of a live system might be needed to preserve evidence that could be lost if the computer were powered off.
Elcomsoft Distributed Password Recovery is required to recover passwords to encrypted containers.
Elcomsoft Forensic Disk Decryptor is required to search for encryption keys, mount and/or decrypt encrypted volumes.