Elcomsoft System Recovery makes it easier to access data stored in encrypted disks and containers. With automatic detection of encrypted volumes, ESR will automatically extract hashes required to launch an attack on the password of the encrypted volume, saving them to the flash drive to offer faster access to encrypted evidence compared to the traditional workflow. In addition, ESR can extract and save hibernation files that may contain the encryption keys to access information stored in encrypted volumes. These keys can be used to instantly mount encrypted volumes or decrypt their content for offline analysis.
Up to 40% of support calls are related to forgotten passwords and locked logins. Elcomsoft System Recovery helps instantly reset Windows system passwords, enabling system administrators regain access to locked Windows accounts. Supporting local Windows accounts, network domains and Microsoft Account, Elcomsoft System Recovery is a must-have tool for network administrators, IT professionals and security specialists.
SYSKEY passwords were a dubious and controversial way to add an extra layer of security to Windows login. Used in older versions of Windows, SYSKEY passwords were removed from Windows 10 and Windows Server 2016 release 1709. An unknown SYSKEY password blocks Windows startup and prevents the ability to recover or reset the user's account password.
Elcomsoft System Recovery can reset SYSKEY passwords in order to restore the system’s normal boot operation. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system.
In addition, Elcomsoft System Recovery allows looking up for cached SYSKEY passwords in various system databases and cache files before resetting.
Elcomsoft System Recovery can reset account passwords instantly, while supporting pre-configured attacks to recover the original passwords. In addition, users can upload their own custom dictionaries for high-performance dictionary attacks with up to 4 levels of mutations.
Elcomsoft System Recovery unlocks locked and disabled user and administrative accounts in Windows 7, 8, 8.1, Windows 10, as well as many legacy versions of Windows including Windows Vista, Windows XP, Windows 2000, Windows NT as well as the corresponding Server versions up to and including Windows Server 2019. Both 32-bit and 64-bit systems are supported.
Elcomsoft System Recovery comes with everything to quickly create a bootable DVD or USB flash drive. The image is based on a customized Windows PE environment, and comes pre-configured with a number of drivers to allow seamless experience on most legacy and cutting-edge hardware configurations.
Create a bootable USB drive or DVD disc in a few easy steps for immediate assistance. Elcomsoft System Recovery comes with 32-bit and 64-bit UEFI and legacy BIOS configurations, allowing you to create bootable media for all types of systems.
The genuine Windows PE environment offers complete access to the familiar Windows graphical user interface. No command line scripts and no poor imitations of the Windows GUI!
Elcomsoft System Recovery comes with a customized Windows PE environment. The bootable environment supports the widest range of hardware components including the latest storage controllers and chipsets. Unlike the various emulation environments, Elcomsoft System Recovery is genuinely compatible with the latest revisions of Microsoft file systems, including the latest versions of the FAT and NTFS.
With Elcomsoft System Recovery, experts can now create a flash drive to boot macOS computers. The bootable flash drive allows experts extract hashes from TrueCrypt, VeraCrypt, Bitlocker, FileVault (HFS+/APFS), PGP Disk and LUKS encrypted disks to quickly initiate password attacks on encrypted volumes without imaging the whole drive.
If there are no EFS-encrypted files on your Windows account, an instant unlock option is the quickest and easiest way to gain access to user and administrative accounts. Elcomsoft System Recovery resets forgotten passwords with a new password supplied by you, allowing for immediate login without the time-consuming password recovery operations.
In case you must know an original password to a Windows account, Elcomsoft System Recovery is fully equipped with everything needed to recover the password. Common passwords and dictionary attack are attempted first hand, and take only minutes with good chances of retrieving a password.
Elcomsoft System Recovery knows places where system passwords are cached, often allowing for instant password recovery.
Offline password recovery is easily possible by dumping hashed passwords from SAM/SYSTEM files or Active Directory database for further analysis off-line analysis. ElcomSoft recommends Elcomsoft Distributed Password Recovery for highly scalable, GPU-accelerated recovery of system passwords.
In addition to Windows account passwords, ESR can extract stored Wi-Fi passwords. Together with other types of passwords, the Wi-Fi passwords can be added to a highly targeted custom dictionary that can be used to break strong encryption and attack passwords protecting encrypted documents, disks and accounts.
Elcomsoft System Recovery can extract password hints and security questions and answers aimed at helping users recall their forgotten passwords. Examiners can use password hints and QA to re-create the user’s original passwords and make targeted dictionaries for password attacks.
In Windows 8, Microsoft added the ability to authenticate Windows accounts via Microsoft Account. Microsoft Account is an online authentication mechanism that is actively used in new versions of Windows including Windows 10. Microsoft Account credentials are authenticated online on Microsoft servers; however, Elcomsoft System Recovery can instantly reset the locally cached copy of the user’s Microsoft Account password and switch authentication mode back to offline.
In addition to instantly resetting the password, Elcomsoft System Recovery comes with the ability to export hashed Microsoft Account passwords, enabling experts to perform an attack to recover original plain-text passwords using Elcomsoft Distributed Password Recovery or compatible tool. By recovering the original password, experts gain access to large amounts of information stored in Microsoft and third-party services authenticated via Microsoft Account. These services include Skype, Hotmail, and OneDrive. In addition, Microsoft Account can unlock access to Windows Phone and Windows 10 Mobile backups, detailed information about the account owner, the complete list of all desktop and mobile devices connected to the account (along with their locations), and in some cases even synced browsing history from all of the user’s devices, favorites and form data including passwords to online services and social networks. Finally, knowing the user’s Microsoft Account password enables access to BitLocker Recovery Key, allowing experts to access volumes encrypted with BitLocker.
Each step taken by Elcomsoft System Recovery is accompanied by a full backup of all changes, allowing to easily roll-back the system to its original state.
Elcomsoft System Recovery is an all-in-one security tool for Windows accounts. The tool helps detect and resolve a variety of issues related to user and administrative account passwords.
Windows versions support
License, maintenance, delivery
Elcomsoft Distributed Password Recovery is required to recover passwords to encrypted containers.
Elcomsoft Forensic Disk Decryptor is required to search for encryption keys, mount and/or decrypt encrypted volumes.