Elcomsoft Forensic Disk Decryptor offers forensic specialists an easy way to obtain complete real-time access to information stored in popular crypto containers. Supporting desktop and portable versions of BitLocker, FileVault 2, PGP Disk, TrueCrypt and VeraCrypt protection, the tool can decrypt all files and folders stored in crypto containers or mount encrypted volumes as new drive letters. Elcomsoft Forensic Disk Decryptor offers a range of methods for gaining access to information stored in encrypted BitLocker, FileVault 2, LUKS, PGP Disk, TrueCrypt and VeraCrypt disks and volumes, and Jetico BestCrypt 9 containers. The toolkit allows using the volume's plain-text password, escrow or recovery keys, as well as the binary keys.
We updated Elcomsoft Forensic Disk Decryptor, Elcomsoft System Recovery and Elcomsoft Distributed Password Recovery with support for Linux partitions protected with LUKS encryption. The tools work together to identify encrypted partitions, extract encryption metadata and launch a full-scale, GPU-accelerated attack on the encryption password.
Three Elcomsoft password recovery tools receive support for LUKS encryption, the de-facto standard for full-disk encryption and volume encryption in Linux. Elcomsoft Forensic Disk Decryptor extracts encryption metadata from LUKS partitions, which is required to launch a hardware-accelerated attack on encryption in Elcomsoft Distributed Password Recovery. Elcomsoft System Recovery can extract encryption metadata from the LUKS volumes attached to the suspect’s computer by booting the target system into the Windows PE environment from a USB flash drive.
LUKS disk encryption
LUKS is a platform-independent disk encryption specification originally developed for the Linux OS. LUKS is a de-facto standard for disk encryption in Linux, facilitating compatibility among various Linux distributions and providing secure management of multiple user passwords. Today, LUKS is widely used in nearly every Linux distribution on desktop and laptop computers. It is also a popular encryption format in Network Attached Storage (NAS) devices, particularly those manufactured by QNAP.
In this update, Elcomsoft Forensic Disk Decryptor, Elcomsoft System Recovery and Elcomsoft Distributed Password Recovery receive support for LUKS-encrypted disks. The first two tools will recognize LUKS encryption, display information about the encrypted partition and save the encryption metadata. The small file containing LUKS encryption metadata is all that you need to launch a GPU-assisted attack on the LUKS password with the updated Elcomsoft Distributed Password Recovery.
Elcomsoft Forensic Disk Decryptor 2.13 Release Notes
Elcomsoft System Recovery 7.06 Release Notes
Elcomsoft Distributed Password Recovery 4.22 Release Notes