ESR Restores Access to Windows 10 Accounts, Adds Microsoft Account Support

ElcomSoft Co. Ltd. updates Elcomsoft System Recovery, a tool for IT security specialists and forensic examiners to unlock access to user’s Windows accounts. The tool enables recovering or instantly resetting Windows account passwords. The new release adds support for Windows 8, 8.1, 10. In addition to recovering local passwords, the updated release adds the ability to unlock Windows logins protected with the new Microsoft Account, and allows exporting hashed passwords to enable offline attacks to recover plain-text passwords to the user’s Microsoft Account. Access to information available in the cloud authenticated with Microsoft Account can be invaluable during forensic investigations.

The new release comes ready to use, and includes a custom boot image based on a customized Windows PE environment. ElcomSoft customizations include many additional drivers to support the widest range of hardware configurations including last-generation chipsets.
Microsoft Account Support

The new release now supports Windows accounts authenticated via cloud-based Microsoft Account, an authentication mechanism introduced in Windows 8 and actively pushed in Windows 10. Since Microsoft Account credentials are authenticated online on Microsoft servers, resetting or recovering the original Microsoft Account password may not be available. Elcomsoft System Recovery instantly resets the locally cached copy of the Microsoft Account password stored on the user’s PC, or exports hashed passwords to allow attacking the original password.

“Microsoft is pushing online authentication with its cloud-based Microsoft Account”, says Vladimir Katalov, ElcomSoft CEO. “Since Windows 8, Microsoft Account is a viable and recommended authentication option designed to replace local Windows accounts. In this release, we were able to add support for unlocking accounts protected with this type of authentication.”

As opposed to local Windows accounts, Microsoft Account credentials are stored remotely on Microsoft servers, and are authenticated online. However, since Internet connectivity may not be always available to the user, a local copy of the password hash is stored locally to provide offline authentication. Elcomsoft System Recovery makes use of the local cache to reset the password and switch account type back to local (offline) authentication. Since the product comes with its own Windows PE-based bootable environment, the tool has no problem accessing, modifying or resetting accounts even if the original password is not known.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

In addition to instantly resetting the password, Elcomsoft System Recovery comes with the ability to export hashed passwords in order for the expert to perform an attack on the original Microsoft Account password using Elcomsoft Distributed Password Recovery or another forensic tool. By recovering that password, experts gain access to large amounts of information stored in Microsoft and third-party services authenticated via Microsoft Account. These services include Skype, Hotmail, and OneDrive. In addition, Microsoft Account can unlock access to Windows Phone and Windows 10 Mobile backups, synced browsing history, favorites and form data including passwords to online services and social networks.
About Microsoft Account

Microsoft Account (previously known as Windows Live ID) is a single sign-on solution provided by Microsoft that covers a wide range of services. Users who choose to sign in to Windows 8, 8.1 or Windows 10 with their Microsoft Account instead of using a local Windows account automatically gain access to a range of backup and synchronization options. Microsoft Account employs user’s email and password (as opposed to username and password used for local Windows accounts). Microsoft Account is used as a single sign-on for a number of Microsoft services such as Hotmail, OneDrive, Skype, as well as third-party service providers authenticating via Microsoft Account.

About Elcomsoft System Recovery

Elcomsoft System Recovery is a must-have Windows management tool for system administrators, IT security and forensic experts for unlocking access to Windows accounts. The tool has everything needed to recover the original Windows password or instantly reset account passwords. By recovering the original password, experts gain access to EFS-encrypted data, while resetting account password allows for a quick login.

Elcomsoft System Recovery can be used to export hashed Microsoft Account passwords, enabling offline brute-force attacks on original, plain-text password. GPU-assisted attacks are available with Elcomsoft Distributed Password Recovery and similar tools. By recovering Microsoft Account password, experts can gain access to services authenticated via Microsoft Account such as Skype, Hotmail, OneDrive, Windows Phone and Windows 10 Mobile backups, synced browsing history, favorites, form data and passwords.

Elcomsoft System Recovery is ready to use even if the original Windows installation is locked out. Supplied with a licensed Windows PE environment, Elcomsoft System Recovery is ready to boot, enabling instant access to user and administrative accounts. The boot environment is supplied with a number of additional drivers to support newest and legacy hardware configurations including PCs equipped with last-generation chipsets.

The tool can be used to perform a number of administrative tasks such as assigning administrative privileges to any user, reset or disable password expiration options, unlock and enable accounts, and dump hashed passwords from SAM/SYSTEM files or Active Directory databases.


Elcomsoft System Recovery runs on all 32-bit and 64-bit editions of Windows XP, Vista, Windows 7, 8, 8.1 and 10, as well as corresponding Windows Server versions. The tool supports local, Active Directory and Microsoft accounts.

Pricing and Availability

Elcomsoft System Recovery is available immediately. Standard ($99) and Professional ($299) editions are available. Local pricing varies.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co. Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft is a Microsoft Partner (Gold Application Development), Intel Premier Elite Partner and member of NVIDIA’s CUDA/GPU Computing Registered Developer Program.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, May 22 2024 #dfir #computerforensics

Forensic Focus 22nd May 2024 6:03 pm

Podcast Ep. 85 Recap: AI-Powered License Plate Reading With Amped DeepPlate #dfir #digitalforensics

Forensic Focus 21st May 2024 1:57 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles