Probing Linux Disk Encryption: LUKS2, Argon 2 and GPU Acceleration

August 16th, 2022 by Oleg Afonin

Disk encryption is widely used desktop and laptop computers. Many non-ZFS Linux distributions rely on LUKS for data protection. LUKS is a classic implementation of disk encryption offering the choice of encryption algorithms, encryption modes and hash functions. LUKS2 further improves the already tough disk encryption. Learn how to deal with LUKS2 encryption in Windows and how to break in with distributed password attacks.

Read the rest of this entry »

Breaking Windows Passwords: LM, NTLM, DCC and Windows Hello PIN Compared

August 16th, 2022 by Oleg Afonin

Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!

Read the rest of this entry »

Windows Hello: No TPM No Security

August 4th, 2022 by Oleg Afonin

While Windows 11 requires a Trusted Platform Module (TPM), older versions of Windows can do without while still using PIN-based Windows Hello sign-in. We prove that all-digit PINs are a serious security risk on systems without a TPM, and can be broken in a matter of minutes.

Read the rest of this entry »

New in Elcomsoft System Recovery: Microsoft Azure Accounts, LUKS2 and Forensic Tool Filters

August 4th, 2022 by Oleg Afonin

Elcomsoft System Recovery 8.30 introduced the ability to break Windows Hello PIN codes on TPM-less computers. This, however, was just one of the many new features added to the updated release. Other features include the ability to detect Microsoft Azure accounts and LUKS2 encryption, as well  as new filters for bootable forensic tools.

Read the rest of this entry »

checkm8 Extraction: iPhone 7

July 28th, 2022 by Vladimir Katalov

Elcomsoft iOS Forensic Toolkit supports checkm8 extraction from all compatible devices ranging from the iPhone 4s and all the way through the iPhone X (as well as the corresponding iPad, iPod Touch, Apple Watch and Apple TV models). The new update removes an important obstacle to the acquisition of the iPhone 7 and iPhone 7 Plus devices running recent versions of iOS.

Read the rest of this entry »

Apple TV 4K Keychain and Full File System Acquisition

July 20th, 2022 by Vladimir Katalov

Mobile forensics is not limited to phones and tablets. Many types of other gadgets, including IoT devices, contain tons of valuable data. Such devices include smart watches, media players, routers, smart home devices, and so on. In this article, we will cover the extraction of an Apple TV 4K, one of the most popular digital media players.

Read the rest of this entry »

Building an Efficient Password Recovery Workstation: Power Savings and Waste Heat Management

July 15th, 2022 by Oleg Afonin

This article continues the series of publications aimed to help experts specify and build economical and power-efficient workstations for password recovery workloads. Electricity costs, long-term reliability and warranty coverage must be considered when building a password recovery workstation. In this article we will review the most common cooling solutions found in today’s GPUs, and compare consumer-grade video cards with their much lesser known professional counterparts.

Read the rest of this entry »

Building an Efficient Password Recovery Workstation: NVIDIA RTX Passwords-per-Watt Benchmarks

July 8th, 2022 by Oleg Afonin

This article opens the series of publications aimed to help experts specify and build effective and power-efficient workstations for brute-forcing passwords. Power consumption and power efficiency are two crucial parameters that are often overlooked in favor of sheer speed. When building a workstation with 24×7 workload, absolute performance numbers become arguably less important compared to performance per watt. We measured the speed and power consumption of seven video cards ranging from the NVIDIA Quadro T600 to NVIDIA RTX 3070 Ti and calculated their efficiency ratings.

Read the rest of this entry »

Keychain: the Gold Mine of Apple Mobile Devices

July 7th, 2022 by Vladimir Katalov

Keychain is an essential part of iOS and macOS that securely stores the most critical data: passwords of all kinds, encryption keys, certificates, credit card numbers, and more. Extracting and decrypting the keychain, when possible, is a must in mobile forensics. We seriously improved this part in the latest build of iOS Forensic Toolkit.

Read the rest of this entry »

iCloud backups: the Dark Territory

July 5th, 2022 by Vladimir Katalov

Apple ecosystem includes a comprehensive backup ecosystem that includes both local and cloud backups, and data synchronization with end-to-end encryption for some categories. Today we’ll discuss the iCloud backups, particularly targeting issues that are not covered in the official documentation.

Read the rest of this entry »