Elcomsoft System Recovery, a digital triage tool, receives an update, gaining the ability to view Windows event logs with a built-in viewer. The new feature adds yet another tool to help investigators analyze computer systems on the go with a bootable forensic tool.
We updated Elcomsoft System Recovery with features aimed at making in-field investigations more efficient and straightforward. The new release enhances forensically sound field analysis with a new built-in event viewer.
For computer forensic and law enforcement specialists, analyzing Windows event logs is essential as these logs provide information about system activity, including login attempts, connected devices, and software installations. These logs can help trace unauthorized access, uncover malicious activities, and establish timelines, all of which are vital for investigations. By integrating this capability, Elcomsoft System Recovery empowers specialists to extract and interpret this essential data during on-site investigations.
Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.
Designed for field deployment, Elcomsoft System Recovery comes as a pre-configured tool built on top of the supplied Windows PE environment. The tool includes powerful disk imaging and system management tools, and comes with a convenient two-panel file manager for easier navigation around the file system. Elcomsoft System is designed to simplify forensic computer triage with rapid data collection and secure disk imaging, making it an easy to use, forensically sound and extremely powerful triage tool.
Elcomsoft System Recovery 8.33 change log:
リンク集