Worthless Security Practices

December 1st, 2021 by Oleg Afonin

Many security practices still widely accepted today are things of the past. Many of them made sense at the time of short passwords and unrestricted access to workplaces, while some were learned from TV shows with “Russian hackers” breaking Pentagon. In this article we’ll sort it out.

Read the rest of this entry »

Real-Time Surveillance via Apple iCloud

November 19th, 2021 by Oleg Afonin

Is surveillance a good or a bad thing? The answer depends on whom you ask. From the point of view of the law enforcement, the strictly regulated ability to use real-time surveillance is an essential part of many investigations. In this article we’ll cover a very unorthodox aspect of real-time surveillance: iCloud.

Read the rest of this entry »

Forensically Sound Extraction for iPhone 5s, 6, 6s and SE

November 17th, 2021 by Oleg Afonin

Half a year ago, we started a closed beta-testing of a revolutionary new build of iOS Forensic Toolkit. Using the checkm8 exploit, the first beta delivered forensically sound file system extraction for a large number of Apple devices. Today, we are rolling out the new, significantly improved second beta of the tool that delivers repeatable, forensically sound extractions based on the checkm8 exploit.

Read the rest of this entry »

How to Use iOS Forensic Toolkit 8.0 b2 to Perform Forensically Sound Extraction of iPhone 5s, 6, 6s and SE

November 17th, 2021 by Elcomsoft R&D

The second beta of iOS Forensic Toolkit 8.0 has arrived, offering repeatable, verifiable extraction for a limited range of iOS devices. The new release introduces a brand-new user interface, which differs significantly from the selection-driven console we’ve been using for the past several years. This article describes the new workflow for performing forensically sound extractions with iOS Forensic Toolkit 8.0 beta2.

Read the rest of this entry »

checkm8, checkra1n and USB hubs

November 16th, 2021 by Vladimir Katalov

If you ever used the checkra1n jailbreak or the checkm8 acquisition method available in some mobile forensic products like iOS Forensic Toolkit, you know that the trickiest parts of the process are the first two: entering DFU, and using the exploit itself. Even if you have the right cables and enough experience, sometimes you may still bump into a weird issue or two. The device may not enter DFU whatever you do, or the exploit fails. How can you increase your success rate?

Read the rest of this entry »

iPhone Acquisition Methods Compared

November 15th, 2021 by Vladimir Katalov

Our mobile acquisition tools, Elcomsoft iOS Forensic Toolkit and Elcomsoft Phone Breaker, support a number of different extraction options. While many of our readers know the differences between logical and physical acquisition in general better than most, there are some things in our software making the logical/physical dilemma somewhat different. In this article, we laid out the differences between the extraction methods as implemented in our tools.

Read the rest of this entry »

Apple Watch Forensics: More on Adapters

November 5th, 2021 by Vladimir Katalov

If you are doing Apple Watch forensics, I’ve got some bad news for you. The latest model of Apple Watch, the Series 7, does not have a hidden diagnostics port anymore, which was replaced with a wireless 60.5GHz module (and the corresponding dock, which is nowhere to be found). What does that mean for the mobile forensics, and does it make the extraction more difficult? Let’s shed some light on it.

Read the rest of this entry »

The Five Ways to Recover iPhone Deleted Data

November 4th, 2021 by Oleg Afonin

iOS security model offers very are few possibilities to recover anything unless you have a backup, either local or one from the cloud. There are also tricks allowing to recover some bits and pieces even if you don’t. In this article we’ll talk about what you can and what you cannot recover in modern iOS devices.

Read the rest of this entry »

Digital Triage Forensics: Write-Blocking, Verifiable Disk Imaging

November 3rd, 2021 by Oleg Afonin

When accessing a locked system during an in-field investigation, speed is often the most important factor. However, maintaining digital chain of custody is just as if not more important in order to produce court admissible evidence. We are introducing new features in Elcomsoft System Recovery, our forensic triage tool, to help establish and maintain digital chain of custody throughout the investigation.

Read the rest of this entry »

Protecting Linux and NAS Devices: LUKS, eCryptFS and Native ZFS Encryption Compared

November 2nd, 2021 by Oleg Afonin

Many Linux distributions including those used in off the shelf Network Attached Storage (NAS) devices have the ability to protect users’ data with one or more types of encryption. Full-disk and folder-based encryption options are commonly available, each with its own set of pros and contras. The new native ZFS encryption made available in OpenZFS 2.0 is designed to combine the benefits of full-disk and folder-based encryption without the associated drawbacks. In this article, we’ll compare the strengths and weaknesses of LUKS, eCryptFS and ZFS encryption.

Read the rest of this entry »