Preventing BitLocker Lockout and Recovering Access to Encrypted System Drive
Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.
👉 https://blog.elcomsoft.com/2022/04/preventing-bitlocker-lockout-and-recovering-access-to-encrypted-system-drive/
#BitLocker #edpr #efdd #tpm #encryption
Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.
👉 https://blog.elcomsoft.com/2022/04/preventing-bitlocker-lockout-and-recovering-access-to-encrypted-system-drive/
#BitLocker #edpr #efdd #tpm #encryption
Elcomsoft Distributed Password Recovery 4.4 optimized for Intel Alder Lake
Elcomsoft Distributed Password Recovery 4.44 is updated with optimizations for Intel’s 12th-generation hybrid architecture. The updated tool is now fully ready for the heterogeneous computing introduced in Intel Alder Lake CPUs.
👉 https://www.elcomsoft.com/news/813.html
#edpr #intel #alderlake #passwordrecovery
Elcomsoft Distributed Password Recovery 4.44 is updated with optimizations for Intel’s 12th-generation hybrid architecture. The updated tool is now fully ready for the heterogeneous computing introduced in Intel Alder Lake CPUs.
👉 https://www.elcomsoft.com/news/813.html
#edpr #intel #alderlake #passwordrecovery
Breaking Passwords on Alder Lake CPUs
In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.
👉 https://blog.elcomsoft.com/2022/05/breaking-passwords-on-alder-lake-cpus/
#edpr #intel #alderlake #passwordrecovery
In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.
👉 https://blog.elcomsoft.com/2022/05/breaking-passwords-on-alder-lake-cpus/
#edpr #intel #alderlake #passwordrecovery
GPU Acceleration: Attacking Passwords with NVIDIA RTX Series Boards
Today’s data protection methods utilize many thousands (sometimes millions) hash iterations to strengthen password protection, slowing down the attacks to a crawl. Consumer-grade video cards are commonly used for GPU acceleration. How do these video cards compare, and what about the price-performance ratio? We tested five reasonably priced NVIDIA boards ranging from the lowly GTX 1650 to RTX 3060 Ti.
👉 https://blog.elcomsoft.com/2022/06/gpu-acceleration-attacking-passwords-with-nvidia-rtx-series/
#edpr #gpu #dfir #password #passwordrecovery #digitalforensics
Today’s data protection methods utilize many thousands (sometimes millions) hash iterations to strengthen password protection, slowing down the attacks to a crawl. Consumer-grade video cards are commonly used for GPU acceleration. How do these video cards compare, and what about the price-performance ratio? We tested five reasonably priced NVIDIA boards ranging from the lowly GTX 1650 to RTX 3060 Ti.
👉 https://blog.elcomsoft.com/2022/06/gpu-acceleration-attacking-passwords-with-nvidia-rtx-series/
#edpr #gpu #dfir #password #passwordrecovery #digitalforensics
Building an Efficient Password Recovery Workstation: Power Savings and Waste Heat Management
This article continues the series of publications aimed to help experts specify and build economical and power-efficient workstations for password recovery workloads. Electricity costs, long-term reliability and warranty coverage must be considered when building a password recovery workstation. In this article we will review the most common cooling solutions found in today’s GPUs, and compare consumer-grade video cards with their much lesser known professional counterparts.
👉 https://blog.elcomsoft.com/2022/07/building-an-efficient-password-recovery-workstation-power-savings-and-waste-heat-management/
#edpr #gpuacceleration #nvidia #rtx #passwordrecovery
This article continues the series of publications aimed to help experts specify and build economical and power-efficient workstations for password recovery workloads. Electricity costs, long-term reliability and warranty coverage must be considered when building a password recovery workstation. In this article we will review the most common cooling solutions found in today’s GPUs, and compare consumer-grade video cards with their much lesser known professional counterparts.
👉 https://blog.elcomsoft.com/2022/07/building-an-efficient-password-recovery-workstation-power-savings-and-waste-heat-management/
#edpr #gpuacceleration #nvidia #rtx #passwordrecovery
Windows Hello: No TPM No Security
While Windows 11 requires a Trusted Platform Module (TPM), older versions of Windows can do without while still using PIN-based Windows Hello sign-in. We prove that all-digit PINs are a serious security risk on systems without a TPM, and can be broken in a matter of minutes.
👉 https://blog.elcomsoft.com/2022/08/windows-hello-no-tpm-no-security/
#esr #Windows10 #Windows11 #TPM #edpr #WindowsHello
While Windows 11 requires a Trusted Platform Module (TPM), older versions of Windows can do without while still using PIN-based Windows Hello sign-in. We prove that all-digit PINs are a serious security risk on systems without a TPM, and can be broken in a matter of minutes.
👉 https://blog.elcomsoft.com/2022/08/windows-hello-no-tpm-no-security/
#esr #Windows10 #Windows11 #TPM #edpr #WindowsHello
Elcomsoft Distributed Password Recovery 4.45 supports Windows Hello PIN codes and LUKS2 encryption
We updated Elcomsoft Distributed Password Recovery and Elcomsoft Forensic Disk Decryptor with support for LUKS2, an updated version of Linux disk encryption tool. The tools work together to extract encryption metadata and launch a password recovery attack. In addition, Elcomsoft Distributed Password Recovery can now break PIN codes protecting Windows accounts on TPM-less systems.
📝 Release notes (PDF)
👉 https://www.elcomsoft.com/news/820.html
#LUKS2 #Windows11 #EDPR #EFDD #diskencryption #pincode #dfir
We updated Elcomsoft Distributed Password Recovery and Elcomsoft Forensic Disk Decryptor with support for LUKS2, an updated version of Linux disk encryption tool. The tools work together to extract encryption metadata and launch a password recovery attack. In addition, Elcomsoft Distributed Password Recovery can now break PIN codes protecting Windows accounts on TPM-less systems.
📝 Release notes (PDF)
👉 https://www.elcomsoft.com/news/820.html
#LUKS2 #Windows11 #EDPR #EFDD #diskencryption #pincode #dfir
Breaking Windows Passwords: LM, NTLM, DCC and Windows Hello PIN Compared
Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!
👉 https://blog.elcomsoft.com/2022/08/breaking-windows-passwords-lm-ntlm-dcc-and-windows-hello-pin-compared/
#edpr #Windows11 #pincode #dfir #windowshello #password
Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!
👉 https://blog.elcomsoft.com/2022/08/breaking-windows-passwords-lm-ntlm-dcc-and-windows-hello-pin-compared/
#edpr #Windows11 #pincode #dfir #windowshello #password
Probing Linux Disk Encryption: LUKS2, Argon 2 and GPU Acceleration
Disk encryption is widely used desktop and laptop computers. Many non-ZFS Linux distributions rely on LUKS for data protection. LUKS is a classic implementation of disk encryption offering the choice of encryption algorithms, encryption modes and hash functions. LUKS2 further improves the already tough disk encryption. Learn how to deal with LUKS2 encryption in Windows and how to break in with distributed password attacks.
👉 https://blog.elcomsoft.com/2022/08/probing-linux-disk-encryption-luks2-argon-2-and-gpu-acceleration/
#LUKS2 #EDPR #EFDD #diskencryption #dfir
Disk encryption is widely used desktop and laptop computers. Many non-ZFS Linux distributions rely on LUKS for data protection. LUKS is a classic implementation of disk encryption offering the choice of encryption algorithms, encryption modes and hash functions. LUKS2 further improves the already tough disk encryption. Learn how to deal with LUKS2 encryption in Windows and how to break in with distributed password attacks.
👉 https://blog.elcomsoft.com/2022/08/probing-linux-disk-encryption-luks2-argon-2-and-gpu-acceleration/
#LUKS2 #EDPR #EFDD #diskencryption #dfir
iOS Backups: Leftover Passwords
In Apple ecosystem, logical acquisition is the most convenient and the most compatible extraction method, with local backups being a major contributor. Password-protected backups contain significantly more information than unencrypted backups, which is why many forensic tools including iOS Forensic Toolkit automatically apply a temporary backup password before creating a backup. If a temporary password is not removed after the extraction, subsequent extraction attempts, especially made with a different tool, will produce encrypted backups protected with an effectively unknown password. In this article we’ll talk about why this happens and how to deal with it.
👉 https://blog.elcomsoft.com/2022/11/ios-backups-leftover-passwords/
#EDPR #EIFT #PhoneBreaker #password #iOS #iTunes
In Apple ecosystem, logical acquisition is the most convenient and the most compatible extraction method, with local backups being a major contributor. Password-protected backups contain significantly more information than unencrypted backups, which is why many forensic tools including iOS Forensic Toolkit automatically apply a temporary backup password before creating a backup. If a temporary password is not removed after the extraction, subsequent extraction attempts, especially made with a different tool, will produce encrypted backups protected with an effectively unknown password. In this article we’ll talk about why this happens and how to deal with it.
👉 https://blog.elcomsoft.com/2022/11/ios-backups-leftover-passwords/
#EDPR #EIFT #PhoneBreaker #password #iOS #iTunes
Approaching iOS Extractions: Choosing the Right Acquisition Method
The extraction method or methods available for a particular iOS device depend on the device’s hardware platform and the installed version of iOS. While logical acquisition is available for all iOS and iPadOS devices, more advanced extraction methods are available for older platforms and versions of iOS. But what if more than one way to extract the data is available for a given device? In this guide, we’ll discuss the applicable acquisition methods as well as the order in which they should be used.
👉 https://blog.elcomsoft.com/2022/11/approaching-ios-extractions-choosing-the-right-acquisition-method/
#ios #checkm8 #agent #edpr #eift #toolkit #dfir #mobileforensics #dataextraction
The extraction method or methods available for a particular iOS device depend on the device’s hardware platform and the installed version of iOS. While logical acquisition is available for all iOS and iPadOS devices, more advanced extraction methods are available for older platforms and versions of iOS. But what if more than one way to extract the data is available for a given device? In this guide, we’ll discuss the applicable acquisition methods as well as the order in which they should be used.
👉 https://blog.elcomsoft.com/2022/11/approaching-ios-extractions-choosing-the-right-acquisition-method/
#ios #checkm8 #agent #edpr #eift #toolkit #dfir #mobileforensics #dataextraction
Windows Account Passwords: Why and How to Break NTLM Credentials
Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time, NTLM passwords can be used to unlock DPAPI-protected data such as the user’s passwords stored in Web browsers, encrypted chats, EFS-protected files and folders, and a lot more. In this article we argue about prioritizing the recovery of NTLM hashes over any other types of encrypted data.
👉 https://blog.elcomsoft.com/2022/12/windows-account-passwords-why-and-how-to-break-ntlm-credentials/
#windows #ntlm #password #edpr #dpapi #microsoftaccount
Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time, NTLM passwords can be used to unlock DPAPI-protected data such as the user’s passwords stored in Web browsers, encrypted chats, EFS-protected files and folders, and a lot more. In this article we argue about prioritizing the recovery of NTLM hashes over any other types of encrypted data.
👉 https://blog.elcomsoft.com/2022/12/windows-account-passwords-why-and-how-to-break-ntlm-credentials/
#windows #ntlm #password #edpr #dpapi #microsoftaccount
Use The Brute Force, Luke
There are several methods for recovering the original password ranging from brute force to very complex rule-based attacks. Brute-force attacks are a last resort when all other options are exhausted. What can you reasonably expect of a brute-force attack, what is the chance of success, and how does it depend on the password and the data? Or just “how long will it take you to break it”? Let’s try to find out.
🧑💻 https://blog.elcomsoft.com/2023/01/use-the-brute-force-luke/
#passwordrecovery #bruteforce #edpr
There are several methods for recovering the original password ranging from brute force to very complex rule-based attacks. Brute-force attacks are a last resort when all other options are exhausted. What can you reasonably expect of a brute-force attack, what is the chance of success, and how does it depend on the password and the data? Or just “how long will it take you to break it”? Let’s try to find out.
🧑💻 https://blog.elcomsoft.com/2023/01/use-the-brute-force-luke/
#passwordrecovery #bruteforce #edpr
Building a Password Recovery Queue
In the previous article we discussed the different methods available for gaining access to encrypted information, placing password recovery attacks at the bottom of the list. Password recovery attacks are one of the methods used to gain access to encrypted information. In this article we’ll discuss the process of building a password recovery queue. Learn how to choose the appropriate workflow for the attack, the first prioritizing files with weaker protection, the second prioritizing faster and shorter attacks, and the third being a combination of the two. For your reference, we built a table to compare the relative strength of different file formats and encryption methods, helping users prioritize their attack queues.
🧑💻 https://blog.elcomsoft.com/2023/03/building-a-password-recovery-queue/
#password #dfir #EDPR
In the previous article we discussed the different methods available for gaining access to encrypted information, placing password recovery attacks at the bottom of the list. Password recovery attacks are one of the methods used to gain access to encrypted information. In this article we’ll discuss the process of building a password recovery queue. Learn how to choose the appropriate workflow for the attack, the first prioritizing files with weaker protection, the second prioritizing faster and shorter attacks, and the third being a combination of the two. For your reference, we built a table to compare the relative strength of different file formats and encryption methods, helping users prioritize their attack queues.
#password #dfir #EDPR
Please open Telegram to view this post
VIEW IN TELEGRAM
A Word About Dictionaries
Dictionary attacks are among the most effective ones because they rely on the human nature. It is human nature to select passwords that are easily memoizable, like their pet names, dates of birth, football teams or whatever. BBC counted 171,146 words in the English dictionary, while a typical native speaker (of any language) knows 15,000 to 20,000 word families (lemmas, or root words and inflections). Whatever the attack speed is, it will not take too much time to check all the English words.
👉🏻 https://blog.elcomsoft.com/2023/03/a-word-about-dictionaries/
#passwords #EDPR #dictionary #password #dfir
Dictionary attacks are among the most effective ones because they rely on the human nature. It is human nature to select passwords that are easily memoizable, like their pet names, dates of birth, football teams or whatever. BBC counted 171,146 words in the English dictionary, while a typical native speaker (of any language) knows 15,000 to 20,000 word families (lemmas, or root words and inflections). Whatever the attack speed is, it will not take too much time to check all the English words.
👉🏻 https://blog.elcomsoft.com/2023/03/a-word-about-dictionaries/
#passwords #EDPR #dictionary #password #dfir
Elcomsoft Distributed Password Recovery 80% faster with NVIDIA GeForce RTX 40 Series graphics cards
Elcomsoft Distributed Password Recovery 80% faster with NVIDIA GeForce RTX 40 Series graphics cards We updated Elcomsoft Distributed Password Recovery with support for NVIDIA GeForce RTX 40 Series graphics cards, the company’s latest and greatest GPU series. In addition, Elcomsoft Distributed Password Recovery can now break NetNTLM v1/v2 and IKE PSK MD5 hashes.
👉 https://www.elcomsoft.com/news/835.html
#EDPR #Nvidia #password #GPU #AdaLovelace #RTX
Elcomsoft Distributed Password Recovery 80% faster with NVIDIA GeForce RTX 40 Series graphics cards We updated Elcomsoft Distributed Password Recovery with support for NVIDIA GeForce RTX 40 Series graphics cards, the company’s latest and greatest GPU series. In addition, Elcomsoft Distributed Password Recovery can now break NetNTLM v1/v2 and IKE PSK MD5 hashes.
👉 https://www.elcomsoft.com/news/835.html
#EDPR #Nvidia #password #GPU #AdaLovelace #RTX
NVIDIA RTX 40 Series Graphics Cards: The Faster and More Efficient Password Recovery Accelerators
Every three years, NVIDIA releases a new architecture used in their GeForce series graphics cards. Powered by Ada Lovelace, the new generation of GPUs delivers 80% better performance in password recovery compared to Ampere. While the new generation of NVIDIA graphics is faster and more efficient than Ampere, it also received a price hike. Is the update worth it for the forensic experts? Let’s try to find out.
👉 https://blog.elcomsoft.com/2023/05/nvidia-rtx-40-series-graphics-cards-the-faster-and-more-efficient-password-recovery-accelerators/
#EDPR #GPU #Nvidia #password #AdaLovelace
Every three years, NVIDIA releases a new architecture used in their GeForce series graphics cards. Powered by Ada Lovelace, the new generation of GPUs delivers 80% better performance in password recovery compared to Ampere. While the new generation of NVIDIA graphics is faster and more efficient than Ampere, it also received a price hike. Is the update worth it for the forensic experts? Let’s try to find out.
👉 https://blog.elcomsoft.com/2023/05/nvidia-rtx-40-series-graphics-cards-the-faster-and-more-efficient-password-recovery-accelerators/
#EDPR #GPU #Nvidia #password #AdaLovelace
Elcomsoft Lab: Benchmarking Password Recovery Speeds
In the realm of password recovery, benchmarking the speed of attacks holds significant importance. It is a customary practice to gauge the speed of attacks on various data formats using diverse hardware configurations. These tests yield results that are visually represented through graphs clearly demonstrating the performance of our products. However, these graphical representations merely scratch the surface of a much broader scope. Today, we delve deeper into the objectives and methodologies behind our password cracking speed tests.
👉 https://blog.elcomsoft.com/2023/06/elcomsoft-lab-benchmarking-password-recovery-speeds/
#benchmarks #EDPR #elcomsoftlab #GPU #acceleration #passwordrecovery
In the realm of password recovery, benchmarking the speed of attacks holds significant importance. It is a customary practice to gauge the speed of attacks on various data formats using diverse hardware configurations. These tests yield results that are visually represented through graphs clearly demonstrating the performance of our products. However, these graphical representations merely scratch the surface of a much broader scope. Today, we delve deeper into the objectives and methodologies behind our password cracking speed tests.
👉 https://blog.elcomsoft.com/2023/06/elcomsoft-lab-benchmarking-password-recovery-speeds/
#benchmarks #EDPR #elcomsoftlab #GPU #acceleration #passwordrecovery
What to Do When Password Recovery Attacks Stall
Have you ever tried to unlock a password but couldn’t succeed? This happens when the password is really strong and designed to be hard to break quickly. In this article, we’ll explain why this can be a tough challenge and what you can do about it.
👉 https://blog.elcomsoft.com/2023/08/what-to-do-when-password-recovery-attacks-stall/
#EDPR #attacks #password
Have you ever tried to unlock a password but couldn’t succeed? This happens when the password is really strong and designed to be hard to break quickly. In this article, we’ll explain why this can be a tough challenge and what you can do about it.
👉 https://blog.elcomsoft.com/2023/08/what-to-do-when-password-recovery-attacks-stall/
#EDPR #attacks #password
Forensically Sound Cold System Analysis
In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?
👉🏻 https://blog.elcomsoft.com/2024/01/forensically-sound-cold-system-analysis/
#EDPR #EFDD #ESR #dfir
In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?
👉🏻 https://blog.elcomsoft.com/2024/01/forensically-sound-cold-system-analysis/
#EDPR #EFDD #ESR #dfir