In the world of digital investigations, the sheer volume of data and the challenge of identifying valuable evidence can be overwhelming. Often, investigators find themselves faced with the need for optimization — the ability to quickly and seamlessly identify what is valuable and requires further examination. We aim to fulfill this need by introducing a new forensic toolkit in Elcomsoft System Recovery, a powerful bootable tool designed to speed up investigations, quickly identify and collect digital evidence right on the spot.
Experts are overwhelmed with analyzing vast amounts of computers and data, which can lead to significant backlogs. Statistics show that numerous computers and disks lie dormant for months, not only leading to wasted time and effort but placing roadblocks on the way of criminal investigations. To address this issue, we have developed a streamlined approach, revolutionizing the way investigations are conducted.
To help experts streamline investigations, we created Elcomsoft System Recovery, a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions on the spot. Key benefits of Elcomsoft System Recovery include:
Just like a fruit picker in an orchard, law enforcement professionals conducting digital investigations often encounter a similar concept known as the “low-hanging fruit” principle. Let’s imagine you’re strolling through an orchard, and the fruit within easy reach can be effortlessly picked as you walk by. However, if you want to reach the fruit higher up, you’ll need to drag a ladder, spending additional time and effort.
When it comes to digital investigations, the low-hanging fruit principle suggests that investigators should first target the most accessible and crucial pieces of evidence. These can include items like passwords, readily available documents, encryption keys, or logs of user activity. By swiftly and efficiently obtaining this information, investigators can establish a solid starting point for further analysis.
Applying the low-hanging fruit principle not only saves time but also allows investigators to make significant progress early on, effectively reducing or even eliminating potential backlog. By quickly gathering the most essential evidence, they can assess the situation, identify potential leads, and determine the next steps of the investigation. This strategic approach is particularly valuable when faced with limited resources or time constraints.
We designed Elcomsoft System Recovery around the “low-hanging fruit” strategy, allowing investigators to quickly gather the most critical and easily accessible evidence along with keys to encrypted disks and vaults. Since Elcomsoft System Recovery operates as a bootable disk, investigators can extract crucial data and make informed decisions on further actions on the spot. Based on the collected data, investigators can determine whether it is necessary to create a disk image and transport it to the laboratory for further in-depth analysis. This streamlined approach saves time and resources, ensuring that investigations can progress swiftly and accurately in both the field and the laboratory.
It is important to emphasize that Elcomsoft System Recovery goes beyond merely extracting a number of easily accessible forensic artifacts. It aims to provide comprehensive insights into user activity, both online and offline. The tool retrieves passwords, critical documents, and even provides visibility into the applications and files accessed by the user. While the exact list of data collected is extensive and continually expanding, rest assured that Elcomsoft System Recovery strives to quickly retrieve the maximum amount of relevant information on the spot.
By focusing on the most accessible and critical evidence, investigators can make swift progress and establish a strong foundation for their investigation. It is essential to balance this approach with the willingness to explore deeper, more complex areas when necessary. This strategic combination ensures a thorough and successful investigation.
Reset passwords to local Windows accounts and Microsoft Account and perform a wide range of administrative tasks. Assign administrative privileges to any user account, reset expired passwords or export password hashes for offline recovery, and create forensic disk images. Elcomsoft System Recovery is ready to boot thanks to the licensed Windows PE environment, allowing administrators to access locked computers.