Description
| $ 299 |
New features
Reset Passwords to AD Cached Credentials
Elcomsoft System Recovery can be used to reset cached passwords to
Active Directory (AD) credentials, allowing local sign-ins even if the
AD domain is no longer available.
macOS Encryption
Elcomsoft System Recovery 7.20 now supports macOS computers. With
Elcomsoft System Recovery, experts can now create a flash drive to boot
macOS computers. The bootable flash drive allows experts extract hashes
from HFS+ and APFS-formatted FileVault 2 volumes to quickly initiate
password attacks on encrypted volumes without imaging the whole drive.
Improved Full-Disk Encryption Workflow
Elcomsoft System Recovery makes it easier to access data stored in
encrypted disks and containers. With automatic detection of encrypted
volumes, ESR will automatically extract hashes required to launch an
attack[1]
on the password of the encrypted volume, saving them to the flash drive
to offer faster access to encrypted evidence compared to the
traditional workflow. In addition, ESR can extract and save hibernation
files that may contain the encryption keys to access information stored
in encrypted volumes. These keys can be used to instantly mount
encrypted volumes or decrypt their content for offline analysis[2].
Reset or Recover Windows Account Passwords
Up to 40% of support calls are related to forgotten passwords and
locked logins. Elcomsoft System Recovery helps instantly reset Windows
system passwords, enabling system administrators regain access to locked
Windows accounts. Supporting local Windows accounts, network domains
and Microsoft Account, Elcomsoft System Recovery is a must-have tool for
network administrators, IT professionals and security specialists.
Reset or Recover SYSKEY Passwords
SYSKEY passwords were a dubious and controversial way to add an extra
layer of security to Windows login. Used in older versions of Windows,
SYSKEY passwords were removed from Windows 10 and Windows Server 2016
release 1709. An unknown SYSKEY password blocks Windows startup and
prevents the ability to recover or reset the user’s account password.
Elcomsoft System Recovery can reset SYSKEY passwords in order to
restore the system’s normal boot operation. Before resetting a SYSKEY
password, ESR will now check whether this operation is safe for the
system.
In addition, Elcomsoft System Recovery allows looking up for cached
SYSKEY passwords in various system databases and cache files before
resetting.
Instant Reset and Configurable Attacks
Elcomsoft System Recovery can reset account passwords instantly,
while supporting pre-configured attacks to recover the original
passwords. In addition, users can upload their own custom dictionaries
for high-performance dictionary attacks with up to 4 levels of
mutations.
Elcomsoft System Recovery unlocks locked and disabled user and
administrative accounts in Windows 7, 8, 8.1, Windows 10, as well as
many legacy versions of Windows including Windows Vista, Windows XP,
Windows 2000, Windows NT as well as the corresponding Server versions up
to and including Windows Server 2019. Both 32-bit and 64-bit systems
are supported.
Ready to Boot, Immediate Assistance, Easy to Operate
Elcomsoft System Recovery comes with everything to quickly create a
bootable DVD or USB flash drive. The image is based on a customized
Windows PE environment, and comes pre-configured with a number of
drivers to allow seamless experience on most legacy and cutting-edge
hardware configurations.
Create a bootable USB drive or DVD disc in a few easy steps for
immediate assistance. Elcomsoft System Recovery comes with 32-bit and
64-bit UEFI and legacy BIOS configurations, allowing you to create
bootable media for all types of systems.
The genuine Windows PE environment offers complete access to the
familiar Windows graphical user interface. No command line scripts and
no poor imitations of the Windows GUI!
Case Studies
Elcomsoft System Recovery is an all-in-one security tool for Windows
accounts. The tool helps detect and resolve a variety of issues related
to user and administrative account passwords.
- Assign Administrator privileges to any user account
- Enable and unlock the locked and disabled user accounts
- Change and reset passwords for any local accounts
- List all local user accounts and highlight Administrator accounts
- Look up account privileges
- Detect accounts with empty passwords
- Instantly recover certain passwords to special/system accounts (e.g. IUSR_, HelpAssistant, etc)
- Backup and restore SAM/SYSTEM files
- Optionally restore original SAM/SYSTEM files after successful logon with a new password
-
Elcomsoft Distributed Password Recovery is required to recover passwords to encrypted containers.
-
Elcomsoft Forensic Disk Decryptor is required to search for encryption keys, mount and/or decrypt encrypted volumes.
All Features and Benefits
Elcomsoft System Recovery comes with a
customized Windows PE environment. The bootable environment supports
the widest range of hardware components including the latest storage
controllers and chipsets. Unlike the various emulation environments,
Elcomsoft System Recovery is genuinely compatible with the latest
revisions of Microsoft file systems, including the latest versions of
the FAT and NTFS.
If there are no EFS-encrypted files on
your Windows account, an instant unlock option is the quickest and
easiest way to gain access to user and administrative accounts.
Elcomsoft System Recovery resets forgotten passwords with a new password
supplied by you, allowing for immediate login without the
time-consuming password recovery operations.
In case you must know an original password
to a Windows account, Elcomsoft System Recovery is fully equipped with
everything needed to recover the password. Common passwords and
dictionary attack are attempted first hand, and take only minutes with
good chances of retrieving a password.
Elcomsoft System Recovery knows places where system passwords are cached, often allowing for instant password recovery.
Offline password recovery is easily possible by dumping hashed
passwords from SAM/SYSTEM files or Active Directory database for further
analysis off-line analysis. ElcomSoft recommends Elcomsoft Distributed Password Recovery for highly scalable, GPU-accelerated recovery of system passwords.
In Windows 8, Microsoft added the ability
to authenticate Windows accounts via Microsoft Account. Microsoft
Account is an online authentication mechanism that is actively used in
new versions of Windows including Windows 10. Microsoft Account
credentials are authenticated online on Microsoft servers; however,
Elcomsoft System Recovery can instantly reset the locally cached copy of
the user’s Microsoft Account password and switch authentication mode
back to offline.
In addition to instantly resetting the password, Elcomsoft System
Recovery comes with the ability to export hashed Microsoft Account
passwords, enabling experts to perform an attack to recover original
plain-text passwords using Elcomsoft Distributed Password Recovery or
compatible tool. By recovering the original password, experts gain
access to large amounts of information stored in Microsoft and
third-party services authenticated via Microsoft Account. These services
include Skype, Hotmail, and OneDrive. In addition, Microsoft Account
can unlock access to Windows Phone and Windows 10 Mobile backups,
detailed information about the account owner, the complete list of all
desktop and mobile devices connected to the account (along with their
locations), and in some cases even synced browsing history from all of
the user’s devices, favorites and form data including passwords to
online services and social networks. Finally, knowing the user’s
Microsoft Account password enables access to BitLocker Recovery Key,
allowing experts to access volumes encrypted with BitLocker.
Each step taken by Elcomsoft System
Recovery is accompanied by a full backup of all changes, allowing to
easily roll-back the system to its original state.
Feature List
Windows versions support
- Supports Windows XP/Vista/7, Windows 8/8.1, Windows 10
- Supports Windows NT/2000/XP workstations
- Supports Windows NT/2000/2003/2008/2012 servers
- Creates bootable media for 32-bit и 64-bit BIOS
- Creates bootable media for 32-bit и 64-bit UEFI
- Supports Windows 8/8.1/10 Live! (Microsoft) accounts
General features
- Based on Windows PE
- Multilingual user interface
- Supports all RAID/SCSI/SATA devices
- Automatic mode (list of installed systems)
- Manual mode (browse for Registry files)
- Create bootable CD
- Create bootable USB flash drive
- Reset local Administrator password
- Backup/restore SAM
- Enable/unlock Administrator account
Advanced features
- Reset password to user accounts
- Create bootable media for macOS computers
- Extract hash dumps from HFS+/APFS encrypted volumes
- Reset passwords to cached AD credentials
- Highlight accounts with Administrator rights
- Look up account privileges
- Enable/unlock disabled/locked accounts
- Give Administrator privileges to any user account
- Recover passwords for some system accounts
- Reset Domain Administrator password
- Dump password hashes for local accounts
- Dump password hashes for AD accounts
- Backup/restore NTDS.DIT
- Show LM/NTLM hashes
- Show password history hashes
- Test short and simple passwords
- SAM database editor
- Reset SYSKEY security
- Look up SYSKEY passwords
License, maintenance, delivery
- Instant download
- One year of free updates
- Licensed for business use
System requirements
Windows
- Windows 10/8.1/8/7/Vista/XP/2000 (32 bit and 64 bit; all editions)
- Windows Server 2019/2016/2008/2003
Release notes
Elcomsoft System Recovery v.7.04.648
27 May, 2020
- show file system (NTFS, FAT32, ExFAT, ReFS HFS+, APFS)
- find plaintext passwords for cached domain credentials
Uninstallation
procedure: in order to uninstall the product, follow the standard
procedure via Control Panel – Programs and features or use the
corresponding Unistall link from the product’s folder in the Windows
Start menu.
