The ABC’s of Password Cracking: The True Meaning of Speed

November 30th, 2020 by Oleg Afonin

When adding a new encryption format or comparing the performance of different password recovery tools, we routinely quote the recovery speed expressed in the number of passwords per second. But what is the true meaning of password recovery speeds? Do the speeds depend solely, or at all, on the encryption algorithm? What’s “military grade” encryption, and does it guarantee the security of your data? And why on Earth breaking AES-256 encryption takes so vastly different effort in different file formats? Read along to find out.

Read the rest of this entry »

Elcomsoft System Recovery: a Swiss Army Knife of Desktop Forensics

November 26th, 2020 by Oleg Afonin

Accessing a locked system is always a challenge. Encrypted disks and encrypted virtual machines, encrypted files and passwords are just a few things to mention. In this article we are proposing a straightforward workflow for investigating computers in the field.

Read the rest of this entry »

Elcomsoft vs. Hashcat Part 2: Workflow, Distributed and Cloud Attacks

November 25th, 2020 by Oleg Afonin

The user interface is a major advantage of Elcomsoft tools. Setting up attacks in Elcomsoft Distributed Password Recovery is simpler and more straightforward compared to the command-line tool. In this article, we’ll talk about the general workflow, the use and configuration of distributed and cloud attacks in both products.

Read the rest of this entry »

Elcomsoft vs. Hashcat: Addressing Feedback

November 25th, 2020 by Oleg Afonin

After publishing the first article in the series, we received numerous comments challenging our claims. We carefully reviewed every comment, reread and reevaluated our original article.  Elcomsoft vs. Hashcat Rev.1.1 is here.

Read the rest of this entry »

Extracting Evidence from iPhone Devices: Do I (Still) Need a Jailbreak?

November 23rd, 2020 by Vladimir Katalov

If you are familiar with iOS acquisition methods, you know that the best results can be obtained with a full file system acquisition. However, extracting the file system may require jailbreaking, which may be risky and not always permitted. Are there any reasons to use jailbreaks for extracting evidence from Apple devices?

Read the rest of this entry »

Elcomsoft vs. Hashcat Part 1: Hardware Acceleration, Supported Formats and Initial Configuration

November 18th, 2020 by Oleg Afonin

Hashcat is a great, free tool competing head to head with the tools we make. We charge several hundred dollars for what, in the end, can be done with a free tool. What are the reasons for our customers to choose ElcomSoft products instead of Hashcat, and is the expense justified? We did our best to compare the two tools to help you make the informed decision.

Read the rest of this entry »

Mobile Forensics – Advanced Investigative Strategies

November 16th, 2020 by Vladimir Katalov

Four years ago, we published our first book: Mobile Forensics – Advanced Investigative Strategies. We are really proud of this achievement. Do you want to know the story behind it and what’s changed since then in mobile and cloud forensics? Here are some insides (but please do not tell anyone!)

Read the rest of this entry »

Apple Watch Forensics Reloaded

November 13th, 2020 by Vladimir Katalov

Is it possible to extract any data from an Apple Watch? It’s relatively easy if you have access to the iPhone the device is paired to, or if you have a backup of that iPhone. But what if the watch is all you have? If there is no paired iPhone, no backup and no iCloud credentials, how can you connect the Apple Watch to the computer, and can you backup the watch?

Read the rest of this entry »

Elcomsoft and The Case of the Apple iPad

November 12th, 2020 by Shafik Punja

For almost a decade, if not longer, I have collaborated with Vladimir Katalov on various digital forensics research topics.  He has always been a great source of guidance, especially on iOS related challenges.  When he offered me a standing invitation to post on the Elcomsoft Blog, I felt very humbled and honored to be given the opportunity to post on the ElcomSoft Blog, and I would like to thank the ElcomSoft team.  This article has also been prepared together, with Vladimir Katalov.

Read the rest of this entry »

iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System Extraction

November 11th, 2020 by Vladimir Katalov

It’s been a week since Apple has released iOS 14.2 as well as iOS 12.4.9 for older devices. Just a few days later, the developers updated the checkra1n jailbreak with support for new devices and iOS versions. What does that mean for iOS forensics? Let’s have a look; we have done some testing, and our discoveries are positively consistent with our expectations. Just one exception: to our surprise, Apple did not patch the long lasting vulnerability in iOS 12.4.9 that leaves the door open to full file system extraction and keychain acquisition without jailbreaking.

Read the rest of this entry »