Passware Inc. says it has come up with a way to access files on USB drives secured by the BitLocker encryption feature of Microsoft Windows.
They announced this week the release of Passware Kit Forensic version 10.1. The vendor said its software now lets investigators recover BitLocker encryption keys and getting “full access” to the contents of encrypted disks.
Microsoft added its BitLocker hard-disk encryption feature to the “ultimate” and “enterprise” versions of its Windows Vista and Windows 7 operating systems, in response to greater concern over data losses and breaches. It is also present in Windows Server 2008 and Windows Server 2008 R2.
Passware’s target market is law enforcement, said the company’s marketing manager, Nataly Koukoushkina.
She added users need physical access to computers in order to use Passware to defeat BitLocker encryption.
“That’s not easy for hackers,” she said. “We developed it for investigative purposes only.”
Passware launched the tool at the a training conference held by the High Technology Crime Investigation Association (HTCIA) in Atlanta.
The software costs US$795 and includes a year of free updates, Koukoushkina said, adding the BitLocker feature of Windows stores the encryption keys in a computer’s memory.
“We are using this vulnerability in order to decrypt the BitLocker hard disk,” she said. “Now the enhancement is for portable disk USB drives.”
Passware, who says its customers include the U.S. Department of Defense, makes software designed to either recover or reset software for a variety of document types, including Adobe Acrobat, plus Microsoft Word, Excel and Access.
The enterprise version will scan machines for password-protected files and scan the physical memory image file for disks encrypted with either BitLocker or TrueCrypt. If a TrueCrypt volume is dismounted, then the Passware software does a brute force attack.