Up to 40% of support calls are related to forgotten passwords and locked logins. Elcomsoft System Recovery helps instantly reset Windows system passwords, enabling system administrators regain access to locked Windows accounts. Supporting local Windows accounts, network domains and Microsoft Account, Elcomsoft System Recovery is a must-have tool for network administrators, IT professionals and security specialists.
Reset or Recover SYSKEY Passwords
SYSKEY passwords were a dubious and controversial way to add an extra layer of security to Windows login. Used in older versions of Windows, SYSKEY passwords were removed from Windows 10 and Windows Server 2016 release 1709. An unknown SYSKEY password blocks Windows startup and prevents the ability to recover or reset the user’s account password.
Elcomsoft System Recovery can reset SYSKEY passwords in order to restore the system’s normal boot operation. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system.
In addition, Elcomsoft System Recovery allows looking up for cached SYSKEY passwords in various system databases and cache files before resetting.
Instant Reset and Configurable Attacks
Elcomsoft System Recovery can reset account passwords instantly, while supporting pre-configured attacks to recover the original passwords. In addition, users can upload their own custom dictionaries for high-performance dictionary attacks with up to 4 levels of mutations.
Elcomsoft System Recovery unlocks locked and disabled user and administrative accounts in Windows 7, 8, 8.1, Windows 10, as well as many legacy versions of Windows including Windows Vista, Windows XP, Windows 2000, Windows NT as well as the corresponding Server versions up to and including Windows Server 2019. Both 32-bit and 64-bit systems are supported.
Ready to Boot, Immediate Assistance, Easy to Operate
Elcomsoft System Recovery comes with everything to quickly create a bootable DVD or USB flash drive. The image is based on a customized Windows PE environment, and comes pre-configured with a number of drivers to allow seamless experience on most legacy and cutting-edge hardware configurations.
Create a bootable USB drive or DVD disc in a few easy steps for immediate assistance. Elcomsoft System Recovery comes with 32-bit and 64-bit UEFI and legacy BIOS configurations, allowing you to create bootable media for all types of systems.
The genuine Windows PE environment offers complete access to the familiar Windows graphical user interface. No command line scripts and no poor imitations of the Windows GUI!
Elcomsoft System Recovery is an all-in-one security tool for Windows accounts. The tool helps detect and resolve a variety of issues related to user and administrative account passwords.
Assign Administrator privileges to any user account
Enable and unlock the locked and disabled user accounts
Change and reset passwords for any local accounts
List all local user accounts and highlight Administrator accounts
Look up account privileges
Detect accounts with empty passwords
Instantly recover certain passwords to special/system accounts (e.g. IUSR_, HelpAssistant, etc)
Backup and restore SAM/SYSTEM files
Optionally restore original SAM/SYSTEM files after successful logon with a new password
Elcomsoft System Recovery 6.0 is a major update with enhanced full-disk encryption support. The update makes it easy to process full-disk encryption by simply booting from a flash drive. The tool automatically detects full-disk encryption, extracting and saving information required to brute-force passwords to encrypted volumes. In addition, the tool can save the system’s hibernation file to the flash drive for subsequent extraction of decryption keys for accessing encrypted volumes.
We updated Elcomsoft System Recovery with significantly improved support for encrypted volumes, offering faster access to encrypted evidence compared to the traditional workflow. Once you boot from the ESR flash drive, the tool will automatically detect full-disk encryption, extract and store the data that is required to brute-force passwords to encrypted volumes.
Elcomsoft System Recovery can automatically detect full-disk encryption with BitLocker, PGP, and TrueCrypt/VeraCrypt containers, automatically extracting the bits of data required to attack the volume’s encryption password and saving them to the flash drive you have booted from. The data can be readily imported into Elcomsoft
Distributed Password Recovery, allowing you to quickly launch the attack on full-disk encryption. This workflow takes significantly less time comparing to imaging the hard drive and extracting the values from the disk image, allowing to start the attack at an earlier stage of the investigation.
Full-disk encryption passwords can be difficult to break. A quicker alternative to brute-forcing the password might be available in a case the computer was hibernated (with either the Hibernate or Hybrid Sleep option) while the encrypted partition was mounted. If this is the case, the decryption key can be stored in the system’s hibernation file. This decryption key can be quickly extracted and used to instantly mount or decrypt the encrypted volume with Elcomsoft Forensic Disk Decryptor without lengthy attacks.
In addition, Elcomsoft System Recovery is updated to supports the latest builds of Windows, adding support for Windows 10 October 2018 Update and Windows Server 2019. The update enables users to attack system passwords and dump password hashes from the most recent versions of Windows.
There are numerous other improvements. The full changelog includes:
- New: automatic detection of full disk encryption
- New: automatic extraction of the data required for recovering passwords of encrypted containers (BitLocker, PGP, TrueCrypt/VeraCrypt)
- New: the ability to save hiberfil.sys to the flash drive (allows extracting decryption keys for encrypted volumes)
- Added support for the latest builds of Windows 10
- Added support for Windows Server 2019
- Added support for user-defined dictionaries (wordlists) with mutations
- Added the ability to search for SYSKEY passwords (in addition to resetting)