Re: Elcomsoft System Recovery Professional V3.0 - ISO
Vida Hubbert
Reset or recover passwords to local Windows accounts and Microsoft Account in all versions of Windows. Assign administrative privileges to any user account, reset expired passwords or export password hashes for offline recovery. Create forensic disk images. Supplied with bootable Windows PE environment.
Elcomsoft System Recovery gains features aimed at making in-field investigations more efficient and straightforward, making forensically sound field analysis possible with write-blocking disk imaging, read-only access and support for verifiable .E01 images. These features help producing court admissible evidence and making subsequent analysis possible with third-party forensic tools.
When accessing a locked system during an in-field investigation, speed is often the most important factor. However, maintaining digital chain of custody is crucial when producing court admissible evidence. Elcomsoft System Recovery contains features to help establish and maintain digital chain of custody throughout the investigation.
In order to preserve digital evidence, the chain of custody begins from the first point of data collection. Elcomsoft System Recovery employs a forensically sound workflow to ensure that digital evidence collected during the investigation remains court admissible. The workflow implements read-only, write-blocking access to the target computer, and saves collected evidence in the form of digitally signed, verifiable disk images, making Elcomsoft System Recovery a viable alternative to hardware-based write blocking disk imaging devices while offering real-time access to crucial evidence.
The disks can be imaged into verifiable .E01 images. Together with read-only access, the use of hashing helps establish digital chain of custody, while employing the industry-standard .E01 format makes the images compatible with third-party forensic tools for comprehensive analysis. Whether the disk is imaged into a RAW/DD or the newly supported .E01 format, Elcomsoft System Recovery calculates a hash file and places it alongside with the image. The hash values calculated during collection can be used to authenticate evidence at a later stage.
Elcomsoft System Recovery makes it easier to access data stored in encrypted disks and containers. With automatic detection of encrypted volumes, ESR will automatically extract hashes required to launch an attack[1] on the password of the encrypted volume, saving them to the flash drive to offer faster access to encrypted evidence compared to the traditional workflow. In addition, ESR can extract and save hibernation files that may contain the encryption keys to access information stored in encrypted volumes. These keys can be used to instantly mount encrypted volumes or decrypt their content for offline analysis[2].
Up to 40% of support calls are related to forgotten passwords and locked logins. Elcomsoft System Recovery helps instantly reset Windows system passwords, enabling system administrators regain access to locked Windows accounts. Supporting local Windows accounts, network domains and Microsoft Account, Elcomsoft System Recovery is a must-have tool for network administrators, IT professionals and security specialists.
SYSKEY passwords were a dubious and controversial way to add an extra layer of security to Windows login. Used in older versions of Windows, SYSKEY passwords were removed from Windows 10 and Windows Server 2016 release 1709. An unknown SYSKEY password blocks Windows startup and prevents the ability to recover or reset the user's account password.
Elcomsoft System Recovery can reset account passwords instantly, while supporting pre-configured attacks to recover the original passwords. In addition, users can upload their own custom dictionaries for high-performance dictionary attacks with up to 4 levels of mutations.
Elcomsoft System Recovery unlocks locked and disabled user and administrative accounts in Windows 7, 8, 8.1, Windows 10, as well as many legacy versions of Windows including Windows Vista, Windows XP, Windows 2000, Windows NT as well as the corresponding Server versions up to and including Windows Server 2019. Both 32-bit and 64-bit systems are supported.
Elcomsoft System Recovery comes with everything to quickly create a bootable DVD or USB flash drive. The image is based on a customized Windows PE environment, and comes pre-configured with a number of drivers to allow seamless experience on most legacy and cutting-edge hardware configurations.
Create a bootable USB drive or DVD disc in a few easy steps for immediate assistance. Elcomsoft System Recovery comes with 32-bit and 64-bit UEFI and legacy BIOS configurations, allowing you to create bootable media for all types of systems.
Multiple Windows, Linux and macOS full-disk encryption tools are supported including TrueCrypt/VeraCrypt, all versions of Microsoft BitLocker, PGP WDE, FileVault2, BestCrypt and LUKS. The tool must be launched with administrative privileges on the live system being analyzed. If an encrypted volume is detected, a further investigation of a live system might be needed to preserve evidence that could be lost if the computer were powered off.
Elcomsoft System Recovery comes with a customized Windows PE environment. The bootable environment supports the widest range of hardware components including the latest storage controllers and chipsets. Unlike the various emulation environments, Elcomsoft System Recovery is genuinely compatible with the latest revisions of Microsoft file systems, including the latest versions of the FAT and NTFS.
With Elcomsoft System Recovery, experts can now create a flash drive to boot macOS computers. The bootable flash drive allows experts extract hashes from TrueCrypt, VeraCrypt, Bitlocker, FileVault (HFS+/APFS), PGP Disk, LUKS and LUKS2 encrypted disks to quickly initiate password attacks on encrypted volumes without imaging the whole drive.
If there are no EFS-encrypted files on your Windows account, an instant unlock option is the quickest and easiest way to gain access to user and administrative accounts. Elcomsoft System Recovery resets forgotten passwords with a new password supplied by you, allowing for immediate login without the time-consuming password recovery operations.
In case you must know an original password to a Windows account, Elcomsoft System Recovery is fully equipped with everything needed to recover the password. Common passwords and dictionary attack are attempted first hand, and take only minutes with good chances of retrieving a password.
Offline password recovery is easily possible by dumping hashed passwords from SAM/SYSTEM files or Active Directory database for further analysis off-line analysis. ElcomSoft recommends Elcomsoft Distributed Password Recovery for highly scalable, GPU-accelerated recovery of system passwords.
In addition to Windows account passwords, ESR can extract stored Wi-Fi passwords. Together with other types of passwords, the Wi-Fi passwords can be added to a highly targeted custom dictionary that can be used to break strong encryption and attack passwords protecting encrypted documents, disks and accounts.
Experts can collect and extract essential artifacts from the computers they are examining by booting from a designated USB device without the need to remove and image the disks. These artifacts include crucial items such as a copy of the user's Windows registry, important DPAPI and encryption keys, system credentials, various system and event logs, as well as page and hibernation files that can be scanned for encryption keys used by BitLocker and third-party disk encryption tools.
Elcomsoft System Recovery goes beyond merely extracting a number of easily accessible forensic artifacts. It aims to provide comprehensive insights into user activity, both online and offline. The tool retrieves passwords, critical documents, and even provides visibility into the applications and files accessed by the user. While the exact list of data collected is extensive and continually expanding, rest assured that Elcomsoft System Recovery strives to quickly retrieve the maximum amount of relevant information on the spot.
Uninstallation procedure: in order to uninstall the product, follow the standard procedure via Control Panel - Programs and features or use the corresponding Unistall link from the product's folder in the Windows Start menu.
7fc3f7cf58