Google Timeline: How Law Enforcement Can Use Google Data

January 25th, 2016 by Vladimir Katalov

As we all know, Google collects and processes an awful lot of data about pretty much everyone who is using the company’s cloud services or owns a smartphone running the Android OS (or, to be precise, is using a device with Google Mobile Services). Just how much data is available was described in our previous article, What Google Knows about You, and Why It Matters. Today, we’ll discuss something slightly different. Meet Google Timeline, a relatively new feature extending the company’s Maps service.

Read the rest of this entry »

What Google Knows About You, and Why It Matters

December 22nd, 2015 by Vladimir Katalov

In today’s thoroughly connected world, everyone shares at least some of their personal information with, well, strangers. Voluntarily or not, people using personal computers or mobile devices have some of their information transmitted to, processed, stored and used by multiple online service providers.

Took a selfie shot? Your face (and possibly your friends’ faces) will be marked, and the photo will be uploaded to one or another cloud storage provider on your behalf. Used your phone to look up a place to eat? Your search will be remembered and used later on to push you suggestions next time when you’re around. Emails and messages that you write, persons you communicate with, your comprehensive location history and all the photos you shoot (accompanied with appropriate geotags) are carefully collected, processed and stored. Web sites you visit along with logins and passwords, your complete browsing history and pretty much everything you do with your phone can and probably will be recorded and used on you to “enhance your experience”.

Some service providers collect more information than others. Google appears to be the absolute champion in this regard. Being a major service provider penetrating into every area of our lives, Google collects, stores and processes overwhelming amounts of data.

Read the rest of this entry »

Elcomsoft Distributed Password Recovery Updated with OS X Keychain Support and Enhanced GPU Acceleration

November 26th, 2015 by Vladimir Katalov

We’ve recently updated Elcomsoft Distributed Password Recovery, adding enhanced GPU-assisted recovery for many supported formats. In a word, the new release adds GPU-accelerated recovery for OS X keychain, triples BitLocker recovery speeds, improves W-Fi password recovery and enhances GPU acceleration support for Internet Key Exchange (IKE).

Read the rest of this entry »

A New Tool for WhatsApp Acquisition

November 25th, 2015 by Vladimir Katalov

We have recently released a brand new product, Elcomsoft Explorer for WhatsApp. Targeted at home users and forensic experts along, this Windows-based, iOS-centric tool offers a bunch of extraction options for WhatsApp databases. Why the new tool, and how is it different from other extraction options offered by Elsomsoft’s mobile forensic tools? Before we move on to that, let’s have a look at the current state of WhatsApp.

Read the rest of this entry »

Physical Acquisition for 64-bit Devices, iOS 9 Support

November 18th, 2015 by Vladimir Katalov

Big news! iOS Forensic Toolkit receives its first major update. And it’s a big one. Not only does version 2.0 bring support for iOS 9 handys. We also expanded acquisition support for jailbroken devices, enabling limited data extraction from jailbroken devices locked with an unknown passcode.

Last but not least. For the first time ever, we’ve added physical acquisition support for 64-bit devices! We’ve done what was long considered to be impossible. Intrigued? Read along to find out! Can’t wait to see what can be done to 64-bit iDevices? Skip right to that section!

New in EIFT 2.0

  • iOS 9: Full physical acquisition support of jailbroken 32-bit devices running iOS 9
  • 64-bit: Physical acquisition for jailbroken 64-bit devices running any version of iOS
  • Locked: Limited acquisition support for jailbroken 32-bit and 64-bit iOS devices that are locked with an unknown passcode and cannot be unlocked

It’s probably a bit too much for a modest one-digit version bump… we should’ve named this version 3.0! Read the rest of this entry »

Extracting Data from Locked iPhones

November 13th, 2015 by Vladimir Katalov

With hardware-backed full-disk encryption and additional protection of sensitive user data located in the keychain, Apple iOS is the most secure mobile operating system out there. Acquisition approaches that are traditional for Android and Windows Phone devices (namely, JTAG, ISP and chip-off) are completely meaningless for iOS devices running even years-old generations of the system. Bypassing screen lock password (passcode) has also been long considered to be useless due to the fact user data stored in the keychain is additionally encrypted with a secure key based on the passcode.

While we can’t do much with the former, our recent research shows that the latter is not entirely true. Bypassing the passcode does reveal quite a bit of information that can be useful for an investigation. And this is not just a theoretical research. We are building this functionality into a ready-to-use commercial tool, iOS Forensic Toolkit, to allow extracting data from locked iDevices – providing they have a jailbreak installed. The tool will allow pull available information from devices locked with an unknown passcode. That includes devices that were powered on (or rebooted) and never unlocked. Naturally, a pre-installed jailbreak is required in order to access the data.

Read the rest of this entry »

Elcomsoft Phone Viewer: iOS 9, Media Gallery and Location Tracking

November 11th, 2015 by Vladimir Katalov

We’ve just released the first major update to Elcomsoft Phone Viewer, our lightweight forensic tool for glancing over data extracted from mobile devices. Boosting version number to 2.0, we added quite a lot of things, making it a highly recommended update.

So what’s new in Phone Viewer 2.0? Improved compatibility with full support for iOS 9 backups (both local and iCloud). Support for media files (pictures and videos) with thumbnail gallery and built-in viewer. EXIF parsing and filtering with geolocation extraction and mapping. These things greatly enhance usage experience and add the ability to track subject’s coordinates on the map based on location data extracted from the images captured with their smartphone.

Read the rest of this entry »

Overcoming iOS 9 Security in Elcomsoft Phone Breaker 5.0

October 29th, 2015 by Vladimir Katalov

If you follow industry news, you already know about the release of iOS 9. You may also know that iOS 9 is the toughest one to break, with no jailbreak available now or in foreseeable future. With no jailbreak and no physical acquisition available for newer devices, what methods can you still use to obtain evidence from passcode-locked devices? Our answer to this is Elcomsoft Phone Breaker 5.0 that adds over-the-air acquisition support for iOS 9.

Read the rest of this entry »

Digging Mac OS Keychains

September 16th, 2015 by Vladimir Katalov

We have just released a brand new tool, and this time it’s not about mobile forensics. Or is it?

Elcomsoft Password Digger is designed for decrypting the content of Mac OS protected storage, the keychain. For one, it’s a Windows tool, so you’ll need to pull keychain files from the Mac OS system along with any decryption metadata (such as the key file for the system keychain or user’s password for decrypting the user keychain). After decrypting the keychain, we’ll export everything into an XML, and create a filtered plain-text file that only contains passwords (to be used as a pluggable dictionary in various password recovery tools).

So what is this all about?

Read the rest of this entry »

BlackBerry Password Keeper Escrow Key: Have We Just Found a Hidden Backdoor?

August 11th, 2015 by Vladimir Katalov

As you may already know from the official press release, we’ve recently updated Elcomsoft Phone Breaker to version 4.10. From that release, you could learn that the updated version of the tool targets passwords managers, adding the ability to instantly decrypt passwords stored in BlackBerry Password Keeper for BlackBerry 10 and attack 1Password containers.

If you read along the lines though it’s a different story.

Essentially, we’ve discovered a backdoor hidden in recent versions of BlackBerry Password Keeper allowing us to decrypt the content of that app instantly without brute-forcing the master password. For our customers, this means instant access to passwords and other sensitive information maintained by BlackBerry Password Keeper. No lengthy waits and no fruitless attacks, just pure convenience. But is this convenience intentional? Did BlackBerry leave a backdoor for government access, or is this an unintentional vulnerability left by the company renowned for its exemplary security model? Let’s try to find out.

Read the rest of this entry »

RSS for posts
RSS for comments
Subscribe
ElcomSoft on Facebook
ElcomSoft on Flickr
ElcomSoft on Twitter
    follow me on Twitter