Elcomsoft Forensic Disk Decryptor

I recently read an article about a product called Forensic Disk Decryptor from Elcomsoft. This thing can access Bitlocker, PGP, and TrueCrypt volumes. It does this by grabbing the keys required to decrypt the data. There are three main ways the software can grab the key: from RAM, a hibernation file, or through a FireWire attack.

Note that you need to use some other third party tools for some of these attacks. For exampl, you need to use a separate tool to get a RAM memory dump for the program to scan. Also you need some extra software to mount a Firewire attack.

The fun part of this is that once you get the key, this software will mount the encrypted volume as a drive letter in unencrypted format. It will also not modify the encrypted volume it is cracking. This is access without a trail. The software looks like it costs a couple hundred bucks. There has been some discussion about this release. Most of the talk hinges around the fact that they are really just mining the keys. Once you have those keys, accessing the encrypted data is really not much of a hack.