Elcomsoft System Recovery, a bootable digital triage tool, is updated with support for Microsoft Entra ID and enhanced support for Microsoft Accounts. This release broadens the software's ability to handle modern Windows sign-in methods by introducing the ability to run fast recovery attacks against both personal cloud accounts and enterprise-level identities. The update allows investigators and administrators to target these modern authentication methods directly from the bootable environment.

In corporate environments, Windows sign-in is typically managed by Microsoft Entra ID, a cloud-based identity and access management service that replaced the Azure Active Directory brand. Entra ID authenticates users and oversees access for devices joined to an organization's network. By adding support for Microsoft Entra ID, Elcomsoft System Recovery now enables fast recovery attacks on these managed enterprise accounts. This update allows you to regain access to company workstations during triage without having to wait on centralized domain administrators for password resets.

For personal computers, Windows access in recent years has been migrating away from local accounts towards the use of a Microsoft Account. Although Microsoft Accounts are inherently online accounts, the operating system relies on cached credentials to allow users to sign in to a local machine even when an internet connection is completely unavailable. With extended support for Microsoft Accounts, the recovery tool can now target these locally stored hashes. You can execute fast recovery attacks directly against the cached credentials, restoring access to the Windows machine smoothly while it remains offline.

In addition, the new release adds support for the new encryption scheme now used in Firefox browsers to protect stored passwords and authentication credentials. Passwords from Firefox browsers can now be instantly extracted.

Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.

Designed for field deployment, Elcomsoft System Recovery comes as a pre-configured tool built on top of the supplied Windows PE environment. The tool includes powerful disk imaging and system management tools and comes with a convenient two-panel file manager for easier navigation around the file system. Elcomsoft System Recovery is designed to simplify forensic computer triage with rapid data collection and secure disk imaging, making it an easy to use, forensically sound and extremely powerful triage tool.

Elcomsoft System Recovery 8.37 release notes:

• Password extraction: added support for new encryption type in Firefox
• Windows accounts: extended support for Microsoft Accounts (with the ability to run a fast recovery attack)
• Windows accounts: added support for Microsoft Entra ID (with the ability to run a fast recovery attack)
• Added support for displays with non-standard resolutions
• Improved support for Intel-based Macs, including disk imaging