DFU Mode Cheat Sheet

January 14th, 2021 by Oleg Afonin

The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.

Read the rest of this entry »

Apple, FBI and iPhone Backup Encryption: Everything You Wanted to Know

January 7th, 2021 by Vladimir Katalov

Shame on us, we somehow missed the whole issue about Apple dropping plan for encrypting backups after FBI complained, even mentioned in The Cybersecurity Stories We Were Jealous of in 2020 (and many reprints). In the meantime, the article is full of rumors, guesses, and unverified and technically dubious information. “Fake news”, so to say. Is there truth to the rumors, and what does Apple do and does not do when it comes to encrypting your personal information?

Read the rest of this entry »

Apple Scraps End-to-End Encryption of iCloud Backups

January 6th, 2021 by Oleg Afonin

Reportedly, Apple dropped plan for encrypting backups after FBI complained. Apple’s decision will undoubtedly cause turmoil and will have a number of consequences. In this article, I want to talk about the technical reasons for encrypting or not encrypting cloud backup, and compare Apple’s approach with the data encryption strategies used by Google, who have been encrypting Android backups for several years.

Read the rest of this entry »

Understanding BitLocker TPM Protection

January 5th, 2021 by Andrey Malyshev

Investigating a BitLocker-encrypted hard drive can be challenging, especially if the encryption keys are protected by the computer’s hardware protection, the TPM. In this article, we’ll talk about the protection that TPM chips provide to BitLocker volumes, and discuss vulnerabilities found in today’s TPM modules.

Read the rest of this entry »

2020 in Review: What Was New in Desktop and Mobile Forensics

December 28th, 2020 by Oleg Afonin

This year is different from many before. The Corona pandemic, the lack of travel and canceled events had changed the business landscape for many forensic companies. Yet, even this year, we made a number of achievements we’d love to share.

Read the rest of this entry »

NAS Forensics: QNAP Encryption Analysis

December 23rd, 2020 by Oleg Afonin

A year ago, we analyzed the encryption used in Synology NAS devices. We were somewhat disappointed by the company’s choice to rely on a single encryption layer with multiple functional restrictions and security reservations. Today we are publishing the results of our analysis of data encryption used in QNAP devices. Spoiler: it’s very, very different.

Read the rest of this entry »

iPhone Backups: Top 5 Default Passwords

December 22nd, 2020 by Vladimir Katalov

The iPhone backup is one of the hottest topics in iOS forensics. iTunes-style backups are the core of logical acquisition used by forensic specialists, containing overwhelming amounts of evidence that is is unrivaled on other platforms. The backups, as simple as they seem, have many “ifs” and “buts”, especially when it comes to password protection. We wrote a thousand and one articles about iOS backup passwords, but there is always something fresh that comes out. Today we have some new tips for you.

Read the rest of this entry »

New Privacy Features: iOS 14.0 through 14.3

December 18th, 2020 by Oleg Afonin

Apple has long provided its users the tools to control how apps and Web sites use their personal data. The release of iOS 14 brought a number of new privacy features, while iOS 14.3 adds an important extra. At the same time, one of the most interesting privacy features is facing tough opposition from a group of digital advertising associations, making Apple postpone its implementation.

Read the rest of this entry »

Breaking Passwords with NVIDIA RTX 3080 and 3090

December 17th, 2020 by Oleg Afonin

Today we have an important date. Advanced Office Password Recovery turned 16. What started as an instant recovery tool for legacy versions of Microsoft Word had now become a GPU-accelerated toolkit for breaking the many Microsoft formats. Today we’re releasing a major update, giving Advanced Office Password Recovery and Distributed Password Recovery tools the ability to crunch passwords faster with the newest and latest NVIDIA 3000-series graphic boards. Powered by Ampere, the new generation of GPUs delivers unprecedented performance in modern video games. How do the new cards fare when it comes to accelerating the password recovery, and is an upgrade worth it for the forensic experts? Let’s find out.

Read the rest of this entry »

Recovering Screen Time Passwords

December 15th, 2020 by Vladimir Katalov

The Screen Time password has been long recommended as an extra security layer. By setting a Screen Time password without any additional restrictions, Apple users could easily dodge attempts of changing or removing the screen lock passcode, resetting the iTunes backup password, or removing the activation lock. For a long time, removing the Screen Time password was not possible without either providing the original password or erasing the device. However, Apple had changed the way it works, making it possible to reset the Screen Time password with an iCloud/Apple ID password.

Read the rest of this entry »