Elcomsoft System Recovery, a powerful digital triage tool, is updated with support for the newest Windows Server 2025 ntds.dit database, BitLocker key exporting, advanced data export capabilities, and improved disk imaging.

This update introduces support for the newest Windows Server 2025 Active Directory database (ntds.dit), allowing investigators to extract, analyze, and recover credentials and directory data from up to date systems. Version 8.36 also adds the ability to export BitLocker keys discovered in the Active Directory database of Windows Server 2025, along with reporting, giving examiners the ability to identify, extract, and document recovery keys for encrypted volumes directly from the system under investigation.

The update enhances Forensic Tools data export with new options to save extracted evidence in CSV and XML formats, in addition to the already available plain text exporting.

SRUM (System Resource Usage Monitor) data processing has been improved, now offering enhanced parsing accuracy and clearer visualization of system activity.

The disk imaging engine has been further optimized for speed and reliability. Creating EnCase E01 images is now faster, with added detailed logging to improve transparency and traceability throughout the imaging process.

As always, multiple bug fixes and performance enhancements ensure a smoother, more stable experience.

Elcomsoft System Recovery is a portable field analysis tool for computer forensics. Built as a forensically sound computer analysis tool, Elcomsoft System Recovery enables experts to make real-time decisions in the field. Thanks to the Windows-based bootable environment, the tool provides quick access to digital evidence while supporting all the Windows native file systems and a wide array of computer hardware.

Designed for field deployment, Elcomsoft System Recovery comes as a pre-configured tool built on top of the supplied Windows PE environment. The tool includes powerful disk imaging and system management tools and comes with a convenient two-panel file manager for easier navigation around the file system. Elcomsoft System is designed to simplify forensic computer triage with rapid data collection and secure disk imaging, making it an easy to use, forensically sound and extremely powerful triage tool.

Elcomsoft System Recovery 8.36 release notes:

• Added Windows Server 2025 support (ntds.dit database processing)
• Added BitLocker keys exporting and reporting
• Added CSV and XML exporting for Forensic Tools data
• Improved disk imaging: faster EnCase E01 creation; added logging
• Improved SRUM data processing and visualization
• Multiple bug fixes and enhancements