New Tool Decrypts BitLocker, PGP, TrueCrypt Containers
The Elcomsoft Forensic Disk Decryptor provides access to encrypted disks and volumes.
"The software ... accomplishes the feat not by cracking the containers themselves, but rather by exploiting the fact that once the containers are accessed, the decryption passwords get stored in computer memory," writes InformationWeek's Mathew J. Schwartz. "The software is designed to be used by digital forensic investigators -- for example, when investigating suspected insider theft incidents."
"Simon Steggles, director of forensics at data recovery biz Disklabs, said ElcomSoft's utility merely automates a process for retrieving decryption keys that is already used by computer forensics teams, if not the wider IT community," writes The Register's John Leyden. "'In forensics, we have known about this for years. It only works when the computer is switched on. Once it is powered down, the RAM memory is gone and you lose that key,' Steggles explained."
"It’s important to note that this is a mostly superfluous invention for ongoing monitoring of a target, since if the hacker can physically touch their adversary’s machine there are already several cheaper ways to keep watch," writes Geek.com's Graham Templeton. "From keystroke-loggers to taps on monitor cables, it’s much easier to watch a person than it is to investigate their encrypted past. ElcomSoft’s latest release makes such trawling not just possible, but accessible to all."