Elcomsoft Forensic Disk Decryptor is a software that enables forensic specialists to access encrypted information stored in various crypto containers and encrypted disks, such as BitLocker, FileVault 2, PGP Disk, and VeraCrypt. It’s known for its fast, zero-footprint operation.
Key Features:
- Functionality: EFDD can extract cryptographic keys from RAM captures, hibernation files, and page files. This allows users to decrypt files and folders stored in crypto containers or mount encrypted volumes as new drive letters. It can also create a password-protected invisible disk to secure sensitive data.
- Decrypting Options: Mounts encrypted containers as new drive letters for real-time access.
- Flexibility: Supports popular encryption tools, including BitLocker, FileVault 2, PGP Disk, TrueCrypt, and VeraCrypt, along with other lesser-known tools. This variety ensures widespread compatibility.
- Data Sources: EFDD can capture memory images of computers running Windows 10 (20H2) and locate BitLocker encryption keys for immediate data decryption or mounting. It also supports iOS devices and can break into encrypted containers.
- Security Focus: Addresses one of VeraCrypt’s key weaknesses, where investigators can access encrypted disks without brute-forcing the original password. This is done by extracting on-the-fly encryption keys from VeraCrypt’s memory dumps
There are no reviews yet.