![]() ![]() “The new product includes algorithms allowing us to analyze dumps of computers’ volatile memory, locating areas that contain the decryption keys,” ElcomSoft CEO Vladimir Katalov said in a statement. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. ![]() So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. If you want to get in and out without making a mess, this is particularly crucial whether you’re an investigator or a spy. Last but not least, the tool offers zero-footprint operation with no alterations or modifications to original content. You can choose to either decrypt all files and folders stored in the cryptographic container (full, unrestricted forensic access to all stored information) or mount the encrypted volume as new drive letter for instant access (information is decrypted on-the-fly). The price tag isn’t outrageous, but EFDD will still set you back a solid $299.ĮFDD offers access to encrypted information either by completely decrypting everything or by doing so for individual files in real time. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008. Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |