Softpedia >Windows >Security >Decrypting & Decoding >Elcomsoft Forensic Disk Decryptor >  Changelog

Elcomsoft Forensic Disk Decryptor Changelog

What's new in Elcomsoft Forensic Disk Decryptor 2.20 Build 1011

Aug 16, 2022
  • Specifying Encryption and Hashing Algorithms for TrueCrypt/VeraCrypt
  • TrueCrypt and VeraCrypt allow users to change the encryption algorithm as well as the hash function used to generate the encryption key from the password. This information is never stored anywhere in the encrypted container. Should the expert specify the wrong algorithm, the attempt to recover the password will fail even if the correct password is tried. In this release, we've added the ability to specify algorithms for brute-forcing passwords when capturing encryption metadata from TrueCrypt/VeraCrypt volumes.
  • LUKS2 Encryption
  • We added support for LUKS2 encryption. The tool can extract LUKS2 metadata from encrypted disks and containers.

New in Elcomsoft Forensic Disk Decryptor 2.18 Build 954 (Jul 26, 2021)

  • Elcomsoft Forensic Disk Decryptor is updated to support RAM imaging and extraction of on-the-fly encryption keys in recent versions of VeraCrypt, the most popular TrueCrypt successor. The keys are extracted for all encryption configurations.
  • Elcomsoft Forensic Disk Decryptor 2.18 adds the ability to extract on-the-fly encryption keys from RAM of computers running the latest versions of VeraCrypt.
  • VeraCrypt is the most popular successor of the open-source disk encryption tool TrueCrypt. Compared to the original, VeraCrypt offers a lot more customization options. In this update, Elcomsoft Forensic Disk Decryptor adds the ability to extract on-the-fly encryption keys from memory dumps in recent versions of VeraCrypt.
  • On-the-fly encryption keys are the only weakness of VeraCrypt, enabling investigators to access encrypted disks without brute-forcing the original plain-text password. The binary, symmetric encryption key is stored in the computer’s volatile memory at all times while the encrypted disk is mounted. By extracting these keys, examiners can instantly mount or decrypt encrypted disks without running password attacks and bypassing the associated complexity altogether.
  • Until recently, extracting VeraCrypt OTF encryption keys was straightforward. The latest VeraCrypt updates changed the way the encryption keys are handled in RAM, making the extraction of encryption keys extremely difficult. Elcomsoft Forensic Disk Decryptor 2.18 adds support for encryption keys stored by all versions of VeraCrypt including the current 1.24 Update 7. Note that EFDD 2.18 must be used to both analyze and capture memory dumps. RAM dumps created with third-party tools or older versions of EFDD will not allow discovering the encryption keys stored by recent versions of VeraCrypt.

New in Elcomsoft Forensic Disk Decryptor 2.17 Build 916 (Jan 22, 2021)

  • added memory imaging support for Windows 10 (20H2) with a driver update
  • minor bug fixes and performance improvements

New in Elcomsoft Forensic Disk Decryptor 2.15 Build 887 (Nov 24, 2020)

  • fixed bug with Bitlocker recovery key volume decryption

New in Elcomsoft Forensic Disk Decryptor 2.13 Build 821 (Aug 18, 2020)

  • Added support for LUKS containers (hash extraction only).

New in Elcomsoft Forensic Disk Decryptor 2.12 Build 787 (Jul 14, 2020)

  • Show file system (NTFS, FAT32, ExFAT, ReFS HFS+, APFS)
  • Unloading kernel driver after memory dump
  • Added VeraCrypt support for GPT partitions
  • Improved error processing on memory dump
  • Improved UI/UX
  • Some minor bug fixes