Elcomsoft System Recovery, a digital triage tool, receives an update, gaining the ability to process System Resource Usage Monitor (SRUM) database, expanding password recovery support, and further improving disk imaging performance.

This update introduces support for the Windows System Resource Usage Monitor (SRUM) database, enabling investigators to access and analyze detailed records of network activity, application launches, resource usage, and more valuable insight into system utilization and usage. The new feature parses the binary database, displaying or exporting events in human-readable form. This additional source of system evidence can help reconstruct user activity timelines and identify relevant events.

Version 8.35 introduces expanded configuration options for password recovery, with dedicated plaintext password recovery settings for SAM, Active Directory, and DCC categories. A newly added “group” attack streamlines the password recovery process by automatically executing a series of mini-attacks against the most common password types including those already recovered from the system. In total, the update brings six distinct fully featured attack types, which include Brute Force, Dictionary, Mask, Word, Combined Dictionary, Rule-Based Dictionary (Hybrid) and Group attacks.

Attack configuration options now include password filtering, a feature that allows specifying include or exclude masks. Each mask either brings or excludes matching passwords from the attack, allowing to limit the scope of possible password combinations for even faster attacks.

Finally, we tweaked the disk imaging engine once again, improving performance and reliability when imaging various types of media.

Elcomsoft System Recovery 8.35 is available for immediate download.

Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.

Designed for field deployment, Elcomsoft System Recovery comes as a pre-configured tool built on top of the supplied Windows PE environment. The tool includes powerful disk imaging and system management tools and comes with a convenient two-panel file manager for easier navigation around the file system. Elcomsoft System Recovery is designed to simplify forensic computer triage with rapid data collection and secure disk imaging, making it an easy to use, forensically sound and extremely powerful triage tool.

Elcomsoft System Recovery 8.35 release notes:

• Disk imaging performance and stability improvements
• System Resource Usage Monitor (SRUM) support: extract data on network activity, application launches, and resource usage from the built-in SRUM database
• Expanded SAM/AD/DCC attack settings, added separate options for plaintext password recovery
• Added a "group" attack to automatically run a series of mini-attacks targeting the most common password types, including those already discovered
• Added six distinct attack types including Brute Force, Dictionary, Mask, Word, Combined Dictionary, Rule-Based Dictionary (Hybrid), and Group attacks
• Added password filters for including or excluding passwords during attacks based on masks.