New Tool Decrypts BitLocker, PGP, TrueCrypt Containers

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Elcomsoft recently introduced a new software tool, the Elcomsoft Forensic Disk Decryptor, which is designed to access data protected by PGP, BitLocker or TrueCrypt.

"The software ... accomplishes the feat not by cracking the containers themselves, but rather by exploiting the fact that once the containers are accessed, the decryption passwords get stored in computer memory," writes InformationWeek's Mathew J. Schwartz. "The software is designed to be used by digital forensic investigators -- for example, when investigating suspected insider theft incidents."

"Simon Steggles, director of forensics at data recovery biz Disklabs, said ElcomSoft's utility merely automates a process for retrieving decryption keys that is already used by computer forensics teams, if not the wider IT community," writes The Register's John Leyden. "'In forensics, we have known about this for years. It only works when the computer is switched on. Once it is powered down, the RAM memory is gone and you lose that key,' Steggles explained."

"It’s important to note that this is a mostly superfluous invention for ongoing monitoring of a target, since if the hacker can physically touch their adversary’s machine there are already several cheaper ways to keep watch," writes Geek.com's Graham Templeton. "From keystroke-loggers to taps on monitor cables, it’s much easier to watch a person than it is to investigate their encrypted past. ElcomSoft’s latest release makes such trawling not just possible, but accessible to all."