Extract keys

Top  Previous  Next

Select the source of encryption keys (memory dump or hiberfil.sys) and encryption type (BitLocker, PGP or TrueCrypt/VeraCrypt) and press Next:

 

efdd6

 

You van also select Active Directory (ntds.dit file) as a source; at this time, AD is only supported for BitLocker recovery keys.

 

Once the process is completed, the list of keys will be displayed. You can save them to a file for further use.

 

efdd7

 

efdd8

 

Please note that the encrypted disk should be mounted to the system when you make the dump (or when the computer has been put to the hibernate state); otherwise, the keys are not stored in the memory.

 

Searching for keys is a time-consuming process, so it is recommended to limit the search to particular key types.


 Get more information about Elcomsoft Forensic Disk Decryptor
 Get full version of Elcomsoft Forensic Disk Decryptor