Elcomsoft System Recovery 8.20 adds Windows 11 support, bootable triage tools

Elcomsoft System Recovery, a digital field triage tool, is updated to support Windows 11 and Windows Server 2022 installations and adds a host of bootable forensic triage tools to help experts analyze computer systems in the field.

We updated Elcomsoft System Recovery with features aimed at making in-field investigations more efficient and straightforward while making it more compatible with recent operating systems. The new release simplifies in-field analysis by introducing several forensic tools. The new tools allow reviewing the list of installed apps (system-wide), analyze the users’ timeline and access the list of recently accessed files and folders. These tools can be launched instantly from the bootable drive and are designed to speed up investigations by shortcutting the lengthy disk imaging and analysis process.

Elcomsoft System Recovery forensic triage tools operate entirely in read-only mode to preserve evidence, ensuring that no data is modified on the target computer. Other tools available in read-only mode include disk imaging, encrypted disk search and metadata extraction. The included two-panel file manager is also available to help experts analyze the file system.

Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.

Designed for field deployment, Elcomsoft System Recovery comes as a pre-configured tool built on top of the supplied Windows PE environment. The tool includes powerful disk imaging and system management tools, and comes with a convenient two-panel file manager for easier navigation around the file system. Elcomsoft System is designed to simplify forensic computer triage with rapid data collection and secure disk imaging, making it an easy to use, forensically sound and extremely powerful triage tool.

Elcomsoft System Recovery 8.20 change log:

Added Forensic Tools section

  • Forensic Tools: list of installed apps (system-wide)
  • Forensic Tools: Timeline (per user)
  • Forensic Tools: Recent files and folders (per user)

Added support for Windows 11

  • Windows 11: added support for local users and domain caches including DC 2022 (implemented under SAM - local user database and DCC - domain cached credentials)

Added support for Windows Server 2022

  • Windows Server 2022: added support for AD (NTDS.DIT - domain database).

Bug fixes and performance improvements

また見なさい