ESR Restores Access to Windows 10 Accounts, Adds Microsoft Account Support

ElcomSoft Co. Ltd. updates Elcomsoft System Recovery, a tool for IT security specialists and forensic examiners to unlock access to user’s Windows accounts. The tool enables recovering or instantly resetting Windows account passwords. The new release adds support for Windows 8, 8.1, 10. In addition to recovering local passwords, the updated release adds the ability to unlock Windows logins protected with the new Microsoft Account, and allows exporting hashed passwords to enable offline attacks to recover plain-text passwords to the user’s Microsoft Account. Access to information available in the cloud authenticated with Microsoft Account can be invaluable during forensic investigations.

The new release comes ready to use, and includes a custom boot image based on a customized Windows PE environment. ElcomSoft customizations include many additional drivers to support the widest range of hardware configurations including last-generation chipsets.
Microsoft Account Support

The new release now supports Windows accounts authenticated via cloud-based Microsoft Account, an authentication mechanism introduced in Windows 8 and actively pushed in Windows 10. Since Microsoft Account credentials are authenticated online on Microsoft servers, resetting or recovering the original Microsoft Account password may not be available. Elcomsoft System Recovery instantly resets the locally cached copy of the Microsoft Account password stored on the user’s PC, or exports hashed passwords to allow attacking the original password.

“Microsoft is pushing online authentication with its cloud-based Microsoft Account”, says Vladimir Katalov, ElcomSoft CEO. “Since Windows 8, Microsoft Account is a viable and recommended authentication option designed to replace local Windows accounts. In this release, we were able to add support for unlocking accounts protected with this type of authentication.”

As opposed to local Windows accounts, Microsoft Account credentials are stored remotely on Microsoft servers, and are authenticated online. However, since Internet connectivity may not be always available to the user, a local copy of the password hash is stored locally to provide offline authentication. Elcomsoft System Recovery makes use of the local cache to reset the password and switch account type back to local (offline) authentication. Since the product comes with its own Windows PE-based bootable environment, the tool has no problem accessing, modifying or resetting accounts even if the original password is not known.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

In addition to instantly resetting the password, Elcomsoft System Recovery comes with the ability to export hashed passwords in order for the expert to perform an attack on the original Microsoft Account password using Elcomsoft Distributed Password Recovery or another forensic tool. By recovering that password, experts gain access to large amounts of information stored in Microsoft and third-party services authenticated via Microsoft Account. These services include Skype, Hotmail, and OneDrive. In addition, Microsoft Account can unlock access to Windows Phone and Windows 10 Mobile backups, synced browsing history, favorites and form data including passwords to online services and social networks.
About Microsoft Account

Microsoft Account (previously known as Windows Live ID) is a single sign-on solution provided by Microsoft that covers a wide range of services. Users who choose to sign in to Windows 8, 8.1 or Windows 10 with their Microsoft Account instead of using a local Windows account automatically gain access to a range of backup and synchronization options. Microsoft Account employs user’s email and password (as opposed to username and password used for local Windows accounts). Microsoft Account is used as a single sign-on for a number of Microsoft services such as Hotmail, OneDrive, Skype, as well as third-party service providers authenticating via Microsoft Account.

About Elcomsoft System Recovery

Elcomsoft System Recovery is a must-have Windows management tool for system administrators, IT security and forensic experts for unlocking access to Windows accounts. The tool has everything needed to recover the original Windows password or instantly reset account passwords. By recovering the original password, experts gain access to EFS-encrypted data, while resetting account password allows for a quick login.

Elcomsoft System Recovery can be used to export hashed Microsoft Account passwords, enabling offline brute-force attacks on original, plain-text password. GPU-assisted attacks are available with Elcomsoft Distributed Password Recovery and similar tools. By recovering Microsoft Account password, experts can gain access to services authenticated via Microsoft Account such as Skype, Hotmail, OneDrive, Windows Phone and Windows 10 Mobile backups, synced browsing history, favorites, form data and passwords.

Elcomsoft System Recovery is ready to use even if the original Windows installation is locked out. Supplied with a licensed Windows PE environment, Elcomsoft System Recovery is ready to boot, enabling instant access to user and administrative accounts. The boot environment is supplied with a number of additional drivers to support newest and legacy hardware configurations including PCs equipped with last-generation chipsets.

The tool can be used to perform a number of administrative tasks such as assigning administrative privileges to any user, reset or disable password expiration options, unlock and enable accounts, and dump hashed passwords from SAM/SYSTEM files or Active Directory databases.

Compatibility

Elcomsoft System Recovery runs on all 32-bit and 64-bit editions of Windows XP, Vista, Windows 7, 8, 8.1 and 10, as well as corresponding Windows Server versions. The tool supports local, Active Directory and Microsoft accounts.

Pricing and Availability

Elcomsoft System Recovery is available immediately. Standard ($99) and Professional ($299) editions are available. Local pricing varies.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co. Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft is a Microsoft Partner (Gold Application Development), Intel Premier Elite Partner and member of NVIDIA’s CUDA/GPU Computing Registered Developer Program.

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...