2 April, 2020

Elcomsoft Provides Forensic Access to Encrypted Disks

ElcomSoft Co. Ltd. updates Elcomsoft Distributed Password Recovery with support for an even wider range of encrypted and locked evidence. The update enables forensic access to disks protected with VeraCrypt and APFS volumes encrypted with FileVault 2.

“The use of full-disk encryption makes the work of forensic experts more difficult than ever”, says Vladimir Katalov, ElcomSoft CEO. “FileVault and VeraCrypt are equally important for the law enforcement and corporate IT experts performing internal investigations. While FileVault 2 is actively used on many macOS devices, VeraCrypt is the favorite of those who really have something to hide.”

Breaking VeraCrypt containers

VeraCrypt is the most popular third-party full-disk encryption product, a de-facto successor to TrueCrypt. Devoid of any major vulnerabilities, VeraCrypt is one of the most secure encrypted containers. Volumes protected with VeraCrypt require a full-scale brute-force attack on the original plain-text password. Elcomsoft Distributed Password Recovery 4.20 adds VeraCrypt support, enabling investigators to unlock the most vigorously protected evidence.

Breaking FileVault 2 encryption on APFS volumes

The APFS (Apple File System) is Apple’s next-generation file system designed to scale from an Apple Watch to a Mac Pro. According to Apple, APFS is optimized for modern solid-state storage, and engineered with encryption as a primary feature. On Mac computers, APFS implements encryption via FileVault 2, a full-disk encryption feature that is built in to macOS.

In this release, Elcomsoft Distributed Password Recovery adds support for FileVault 2 volumes stored on APFS-formatted disks. In order to quickly initiate password attacks without imaging the whole disk, the updated version of Elcomsoft System Recovery is recommended.

Technology & performance

Manufacturers of full-disk encryption software such as VeraCrypt and Apple FileVault 2 make brute-force attacks on the password deliberately slow, which requires the combined force of GPU acceleration and distributed computing for successful recovery. Elcomsoft Distributed Password Recovery offers the ability to attack passwords protecting encrypted volumes created with VeraCrypt and FileVault 2 combining GPU acceleration, distributed and cloud computing.

VeraCrypt offers the choice of some 15 encryption algorithms and their combinations, as well as 5 hash-functions. Elcomsoft Distributed Password Recovery supports encrypted containers protected with any eligible combination of encryption algorithms and hash functions. GPU-accelerated, truly distributed LAN and cloud-based attacks make Elcomsoft Distributed Password Recovery the most versatile high-performance tool on the market.

Sometimes, even the combined force of multiple GPU-accelerated computers connected over a local network may not be enough to break a password in reasonable time. With EDPR 4.20, you can add Microsoft Azure instances on demand. The new deployment method makes it easy to roll out additional instances without further ado.

Now supporting both Amazon EC2 and Microsoft Azure, the two largest cloud computing services, Elcomsoft Distributed Password Recovery becomes the perfect solution for dynamically changing workloads. Cloud instances with easy on-demand deployment are ready to assist when additional computational power is needed without the need to invest into building and maintaining an in-house infrastructure.

About Elcomsoft Distributed Password Recovery

Elcomsoft Distributed Password Recovery enables accelerated password recovery for more than 500 formats including Microsoft Office and Adobe PDF documents, encrypted volumes and archives, personal security certificates and exchange keys, MD5 hashes and Oracle passwords, Windows and UNIX login and domain passwords.

Supporting ElcomSoft’s patented GPU acceleration technology and being able to scale to over 10,000 workstations with zero scalability overhead, Elcomsoft Distributed Password Recovery is a high-end password recovery solution offering the speediest recovery with the most sophisticated commercially available technologies.

Pricing and Availability

Elcomsoft Distributed Password Recovery is available immediately. Licensing starts from 599 EUR for 5 clients. A license for 100 clients is available for 4999 EUR. Other tiers are available on request. Customers are welcome to contact ElcomSoft about larger purchases. Local pricing may vary.

Elcomsoft Distributed Password Recovery supports Microsoft Windows 7, 8.x, 10, as well as the corresponding Windows Server editions.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner, and Intel Software Premier Elite Partner.

Contacts

Elcomsoft s.r.o.

Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00

Formulaire pour la réaction des représentats officiels de la compagnie Elcomsoft.

As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.