Elcomsoft System Recovery 8.30 recovers PIN-protected Windows accounts, supports LUKS2 encryption

Elcomsoft System Recovery, a digital field triage tool, is updated to support PIN-protected Windows 10 and Windows 11 accounts with in-place PIN recovery. The update adds LUKS2 support, detects Microsoft Azure accounts, and improves bootable forensic tools with custom filters.

The updated Elcomsoft System Recovery 8.30 further improves support for Windows 10 and Windows 11 computers, adding the ability to attack PIN-protected user accounts on systems without a TPM.

In Windows 8, Microsoft started steering users to use a PIN code instead of account passwords. Subsequent versions of Windows inherited this ability. By default, PIN codes only contain digits, yet alphanumeric PINs are also possible. Their typical length is 4 or 6 characters, making it possible to break such PIN codes with a simple brute-force attack in almost no time.

Elcomsoft System Recovery 8.30 brings the ability to detect PIN-protected accounts and brute-force the PIN code on systems without a Trusted Platform Module (TPM). For digit-only PIN codes, the length of the PIN is detected and displayed.

Update to bootable forensic tools

Originally released as a simple tool for resetting Windows users’ passwords, Elcomsoft System Recovery is now evolving into a feature-rich bootable forensic toolkit. The tool offers several bootable forensic tools including the timeline, which includes the list of launched apps and past activities laid out in the convenient timeline view, the list of recently accessed files and folders, and the list of installed applications.

The new release further improves usability of these tools, adding the ability to filter the results. The filters allow experts to concentrate on what’s important while excluding activities with unwanted data such as access to Windows system files.

Support for LUKS 2 encryption

In addition, the update can now detect disks encrypted with LUKS2 and extract encryption metadata for subsequent attacks. An updated version of Elcomsoft Distributed Password Recovery will be required to run an attack on a LUKS2 volume.

Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.

Elcomsoft System Recovery 8.30 change log:

  • Azure Active Directory: account type detection
  • Forensic Tools (installed apps, timeline, recent files and folders): added filters
  • PIN-protected accounts (local, local Microsoft, Azure Active Directory): In-place recovery of simple PIN codes (up to 6 digits)
  • PIN-protected accounts (local, local Microsoft, Azure Active Directory): Metadata extraction for offline attacks (an updated version of Elcomsoft Distributed Password Recovery required)
  • LUKS2 encryption: Detection of encrypted disks
  • LUKS2 encryption: Metadata extraction (an updated version of Elcomsoft Distributed Password Recovery required)

また見なさい