When Speed Matters: Optimizing Disk Imaging

September 27th, 2024 by Vladimir Katalov

We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additional test, and we’re ready to share further insights into the performance of disk imaging.

Read the rest of this entry »

Instant Password Removal for Quicken 2024

August 29th, 2024 by Oleg Afonin

Advanced Intuit Password Recovery received a major overhaul, adding support for Intuit QuickBooks 2024. For QuickBooks’ annual update, we are excited to provide the complete solution for safe, instant, unconditional password removal. This enhancement addresses a persistent issue in earlier versions, making user management more reliable and efficient for users, IT professionals, and digital forensic specialists.

Read the rest of this entry »

Maximizing Disk Imaging Speeds

August 5th, 2024 by Oleg Afonin

In the field of digital forensics, properly handling the task of disk imaging is crucial for preserving data integrity. Using write blockers ensures that no data is altered during the imaging process, a key requirement for maintaining the chain of custody. While there are many factors influencing the efficiency and speed of this process, this article offers advanced tips and considerations that can help achieve optimal performance.

Read the rest of this entry »

Password Breaking A to Z

July 11th, 2024 by Oleg Afonin

Our blog features numerous articles on breaking passwords and accessing encrypted data, ranging from simple “how-to” guides to comprehensive manuals. However, many of the questions we are frequently asked are not about the technical stuff but rather the very basics of password recovery. Can you break that password? Is it legal? How much time do you think it will take to break this one? We do have the answers, but they require digging through the extensive content of our blog. To address this, we’ve created a comprehensive A to Z article that not only answers many common questions but also links to our previous posts.

Read the rest of this entry »

Sideloading Low-Level Extraction Agent with Regular Apple IDs from Windows and Linux

July 9th, 2024 by Oleg Afonin

Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could utilize a regular, non-developer Apple ID. Today, we are bringing this feature to Windows and Linux editions of iOS Forensic Toolkit.

Read the rest of this entry »

More on Apple Developer Accounts

May 31st, 2024 by Oleg Afonin

Apple accounts are used in mobile forensics for sideloading third-party apps such as our own low-level extraction agent. Enrolling an Apple ID into Apple Developer Program has tangible benefits for experts, but are they worth the investment? Some years back, it was a reassuring “yes”. Today, it’s not as simple. Let’s delve into the benefits and limitations of Apple Developer accounts in the context of mobile forensics.

Read the rest of this entry »

iOS Forensic Toolkit: macOS, Windows, and Linux Editions Explained

May 29th, 2024 by Oleg Afonin

iOS Forensic Toolkit comes in three flavors, available in macOS, Windows, and Linux editions. What is the difference between these edition, in what ways is one better than the other, and which edition to choose for everyday work? Read along to find out.

Read the rest of this entry »

iCloud Extraction Turns Twelve

May 15th, 2024 by Oleg Afonin

Twelve years ago, we introduced an innovative way of accessing iPhone user data, retrieving iPhone backups straight from Apple iCloud. As our iCloud extraction technology celebrates its twelfth anniversary, it’s a fitting moment to reflect on the reactions it has provoked within the IT community. Let us commemorate the birth of the cloud extraction technology, recap the initial reactions from the forensic community, and talk about where this technology stands today.

Read the rest of this entry »

Elcomsoft Forensic Acquisition System (EFAS)

May 2nd, 2024 by Elcomsoft R&D

Forensic acquisition using Elcomsoft iOS Forensic Toolkit (EIFT) has undergone significant changes over the last few years. The earlier major branch, EIFT 7, was a carefully crafted but Windows-only script that automated the use of several bundled tools and guided the user without requiring them to know how to use each of them individually. EIFT 8 brought many new features, a more powerful interface and widespread support for new devices and host operating systems. Due to restrictions and challenges, not all features were immediately available on all platforms. There are still some minor differences in features between Windows, Linux, and macOS versions of the tool.

Read the rest of this entry »

The Implications of Resetting the Screen Lock Passcode in iOS Forensics

April 30th, 2024 by Oleg Afonin

In the realm of iOS device forensics, the use of the checkm8 exploit for low-level extractions has become a common practice. However, when using this method, you may occasionally need to remove the device’s screen lock passcode, which can lead to several undesirable consequences. In this article, we’ll study these consequences and learn when you need a screen lock reset, when it can be avoided, and how what the latest iOS Forensic Toolkit has to do with it.

Read the rest of this entry »