Passware Kit Mobile is available for law enforcement and other types of government organizations and private companies with justifiable business needs, such as forensic firms or corporate investigation teams. We do not sell to individuals. All orders are subject to manual verification.
Extracting encryption metadata from the encrypted disk is required if you need access to the original plaintext password to access the data. Forensic Disk Decryptor will instantly extract the encryption metadata from encrypted hard drives, crypto-containers and forensic disk images protected with TrueCrypt, VeraCrypt, BitLocker, FileVault, PGP Disk, LUKS/LUKS2, and Jetico BestCrypt disks and containers. The resulting small file contains everything that's required to launch a GPU-accelerated distributed attack with Elcomsoft Distributed Password Recovery.
There are at least three different methods for acquiring the decryption keys. The choice of one of the three methods depends on the running state of the PC being analyzed. It also depends on whether or not installation of a forensic tool is possible on a PC under investigation.
Finally, if the PC being investigated is turned on but installing forensic tools is not possible (e.g. the PC is locked or logged-in account lacks administrative privileges), a DMA attack via a FireWire port can be performed in order to obtain a memory dump. This attack requires the use of a free third-party tool (such as Inception: ), and offers near 100% results due to the implementation of the FireWire protocol that enables direct memory access. Both the target PC and the computer used for acquisition must have FireWire (IEEE 1394) ports.
Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft's BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.
As pointed out in the comments, this isn't exactly a \"crack\" for BitLocker. Like most similar digital forensics analysis software, Passware Kit Forensic requires access to a physical memory image file of the target computer before it can extract all the encryption keys for a BitLocker disk. If a forensics analyst or thief has physical access to a running system, it is possible to take advantage of the fact that the contents are in the computer's memory. Other drive encryption programs have similar issues.
Autopsy is a GUI-based open source digital forensic program to analyze hard drives and smartphones efficiently. Autospy is used by thousands of users worldwide to investigate what happened on the computer.
This forensic investigation tool comes in various flavors, from Kit basic to Kit forensic, based on what you need to decode. However, you can also download the limited-powered, free version to get a taste of one of the most powerful investigation tools.
An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions, and open ports through packet sniffing or by PCAP file. Network Miner provides extracted artifacts in an intuitive user interface.
SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. SIFT is a suite of forensic tools you need and one of the most popular open source incident response platform.
Kali Linux is one of the most popular operating systems for security and penetration testing, but it has forensic capability too. There are more than 100 tools so I am sure you will find one for your need.
CAINE (Computer Aided Investigate Environment) is a Linux distro that offers the complete forensic platform which has more than 80 tools for you to analyze, investigate, and create an actionable report.
I hope the above tools help you handle the Cybersecurity incident more efficiently and make the investigation process faster. If you are new to forensic investigation then you may want to check out this course.
If you are interested in professional forensic tools, make sure you research the market. Digital forensics is entering a golden era in terms of technology, and the offering is abundant, so define your goals and budget first, then determine which one addresses your particular investigative needs.
The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep-dive digital forensic techniques can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Rob Lee created the original SIFT Workstation in 2007 to support forensic analysis in the SANS FOR508 class. Over the years, he and a small team have continually updated the SIFT Workstation for use in class, as well as for the wider community as a public resource. With over 125,000 downloads to date, the SIFT Workstation continues to be one of the most popular open-source incident-response and digital forensic offerings available.
SIFT workstation is playing an essential role for the Brazilian national prosecution office, especially due to Brazilian government budgetary constraints. Its incident response and forensic capabilities are bundled in a way that allows an investigation to be conducted much faster than it would take if not having the right programs grouped on such a great Linux distribution. The new version, which will be bootable, will be even more helpful. I'd highly recommend SIFT for government agencies or other companies as a first alternative, for acquisition and analysis, from the pricey forensics software available on the market.
What I like the best about SIFT is that my forensic analysis is not limited because of only being able to run an incident response or forensic tool on a specific host operating system. With the SIFT VM Appliance, I can create snapshots to avoid cross-contamination of evidence from case to case, and easily manage system and AV updates to the host OS on my forensic workstation. Not to mention, being able to mount forensic images and share them as read-only with my host OS, where I can run other forensic tools to parse data, stream-lining the forensic examination process.
Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics.
Prior to starting his own firm, he worked directly with a variety of government agencies, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a digital forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for five years prior to starting his own business.
Rob has more than 20 years\\' experience in computer forensics, incident response, threat hunting, vulnerability and exploit discovery, and intrusion detection/prevention. Over his career, Rob has worked on both Offensive and Defensive Cyber Operations supporting multiple organizations and agencies in and out of uniform. He co-authored the book Know Your Enemy, 2nd Edition and was recently inducted into the Forensic 4Cast Hall of Fame. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat. He earned his MBA from Georgetown University in Washington DC and currently lives in the Denver, CO area where he helps lead the SANS Institute as the Chief, Curriculum Director, and Head of Faculty.
SIFT workstation is playing an essential role for the Brazilian national prosecution office, especially due to Brazilian government budgetary constraints. Its incident response and forensic capabilities are bundled in a way that allows an investigation to be conducted much faster than it would take if not having the right programs grouped on such a great Linux distribution. The new version, which will be bootable, will be even more helpful. I\\'d highly recommend SIFT for government agencies or other companies as a first alternative, for acquisition and analysis, from the pricey forensics software available on the market. 1e1e36bf2d