A Russian security firm has announced that their forensic disk decryptor software package can now access any information on disks that have been encrypted with industry standard programs. The program cost $299 and will work against BitLocker, PGP, and TrueCrypt; but even worse it can do it in real-time.
It's bad enough that we have to do everything we can to protect ourselves against malware and web-based security attacks looking to steal our data, but one would hope that using encryption programs like TrueCrypt, BitLocker, or PGP would protect the data on our hard drives; but that isn't the case anymore thanks to a Russian security firm.
The firm is ElcomSoft and they announced this past Thursday that their new software package, Elcomsoft Forensic Disk Decryptor (EFDD), can access any information on hard drives that have been encrypted with any of the software mentioned above. Their new software runs on all flavors of Windows, 32-bit and 64-bit, as well as any version right back to Windows XP and their server packages.
EFDD is able to let you either decrypt all the files and folders in the "cryptographic container" for full unrestricted forensic access to all the data stored in it or you can mount the encrypted volumes as a new drive letter for instant access—both can be done in real-time. It does all this with a zero-footprint operation or any alterations or modifications to the original content.
Now one would think that something like this would cost a pretty penny especially when it is going up against industry standard software like Encase, but you can pick up your own copy of EFDD for just $299 (Encase is only available to law enforcement agencies).
The full set of features for EFDD is:
- Decrypts information stored in three most popular crypto containers.
- Mounts encrypted BitLocker, PGP and TrueCrypt volumes.
- Supports removable media encrypted with BitLocker To Go.
- Supports both encrypted containers and full disk encryption.
- Acquires protection keys from RAM dumps, hibernation files.
- Extracts all the keys from a memory dump at once if there is more than one crypto container in the system.
- Fast acquisition (limited only by disk read speeds).
- Zero-footprint operation leaves no traces and requires no modifications to encrypted volume contents.
- Recovers and stores original encryption keys.
- Supports all 32-bit and 64-bit versions of Windows.
via The Next Web