Elcomsoft System Recovery update: a Swiss army knife in desktop forensics

We updated Elcomsoft System Recovery, a Windows PE-based tool to recover or reset passwords to local Windows accounts and Microsoft accounts in all versions of Windows. In this release, we offer more options for recovering the original passwords as opposed to resetting while adding a multitude of other improvements.

We updated Elcomsoft System Recovery with host of features aimed at making the recovery of various passwords more efficient and straightforward. Version 7.07 can now recognize the new format for password hints, extracting the hints from local Windows accounts for subsequent analysis. In addition, the tool can extract security questions and answers in Windows 10, adding valuable information to the investigation.

Encrypted virtual machines rapidly become the most used cover-up tool in the world of hi-tech crime. Elcomsoft System Recovery can now automatically discover encrypted virtual machines in the commonly used formats, and extract encryption metadata to enable subsequent attacks with Elcomsoft Distributed Password Recovery.

The traditional forensic workflow deals with forensic disk images rather than physical hard drives. Elcomsoft System Recovery makes them easy to produce by imaging the suspect’s disks without removing the hard drives and without the risk associated with investigating the live system.

Users can now add discovered and potential passwords to the global password cache. These cached passwords will be used when attempting to recover the user’s passwords.

Elcomsoft System Recovery is indispensable for system administrators who want to recover access to locked and abandoned Windows accounts. The tool comes as a pre-configured tool integrated with the supplied Windows PE environment, which ESR 7.07 upgraded to the current version. The tool can reset Windows account passwords instantly, while supporting a range of smart pre-configured attacks to recover the original passwords.

Elcomsoft System Recovery 7.07 change log:

  • Supports new password hint format for local Windows accounts
  • Added the ability to retrieve security questions and answers in Windows 10
  • Added the ability to search for encrypted virtual machines and save metadata files to launch password recovery attacks in EDPR
  • Added the ability to create forensic disk images
  • New feature: global caching of information for recovering user passwords
  • Upgrading the Windows PE version
  • Bug fixes and performance improvements

See also