Near-Instant Forensic Access to Encrypted BitLocker, PGP and TrueCrypt Containers

MOSCOW, Dec. 20, 2012 /CNW/ - ElcomSoft Co. Ltd. announces the release of Elcomsoft Forensic Disk Decryptor, a tool providing near-instant access to information stored in disks and volumes encrypted with BitLocker, PGP and TrueCrypt. Several acquisition modes can provide complete access to encrypted information in real time. Recognizing desktop and portable crypto containers and offering zero-footprint operation, the new tool becomes an invaluable tool for investigators, IT security and forensic specialists.

"Our customers asked us for a tool like this for a long time," says Vladimir Katalov, ElcomSoft CEO. "We're finally releasing a product that's able to access encrypted volumes produced by all three popular crypto containers."

About Elcomsoft Forensic Disk Decryptor

Supporting desktop and portable versions of BitLocker, PGP and TrueCrypt, the new tool can either decrypt all files and folders stored in crypto containers or mount encrypted volumes as drive letters for instant access.

The complete decryption mode provides full, unrestricted forensic access to all information stored on encrypted volumes. Alternatively, by mounting encrypted containers as drive letters, investigators gain immediate, real-time access to protected volumes. In real-time mode, information read from encrypted containers is decrypted on-the-fly. Elcomsoft Forensic Disk Decryptor offers true zero-footprint operation with no alterations or modifications to original content.

The decryption keys are acquired near instantly by analyzing memory dumps or hibernation files obtained from the target PC. A memory dump is obtained from a running PC, locked or unlocked, with encrypted volumes mounted. Memory dumps produced with any forensic product or obtained via a FireWire attack are supported. Decryption keys can also be derived from hibernation files. The encrypted volumes must be mounted at the time of acquisition or before the computer was hibernated. If an encrypted volume is dismounted prior to acquisition, neither memory dumps nor hibernation files will contain proper decryption keys, and encrypted containers may not be decrypted without knowing the original plain-text password. If such a password is not known, it can be recovered with Elcomsoft Distributed Password Recovery.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. are experts in computer and mobile forensics, providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry's performance records.

More information at http://www.elcomsoft.com/efdd.html

SOURCE: ElcomSoft Co. Ltd.

Olga Koksharova, [email protected], Tel: +7(495)974-1162