iOS Privacy Protection Tools: Encrypted DNS, iOS 15 Private Relay, Proxy, VPN and TOR

July 28th, 2021 by Oleg Afonin

Protecting one’s online privacy is becoming increasingly more important. With ISPs selling their customers’ usage data left and right, and various apps, mail and Web trackers contributing to the pool of “anonymized” data, de-anonimyzation becomes possible with big data analysis. This was clearly demonstrated with the recent event highlighted in Catholic priest quits after “anonymized” data revealed alleged use of Grindr.

Read the rest of this entry »

Updated Elcomsoft iOS Forensic Toolkit Simplifies macOS Installs, Fixes Corrupted File System Extraction

July 15th, 2021 by Vladimir Katalov

While we are still working on the new version of Elcomsoft iOS Forensic Toolkit featuring forensically sound and nearly 100% compatible checkm8 extraction, an intermediate update is available with two minor yet important improvements. The update makes it easier to install the tool on macOS computers, and introduces a new agent extraction option.

Read the rest of this entry »

How to Remove Restrictions from Adobe PDF Files

July 1st, 2021 by Vladimir Katalov

Have you got an Adobe PDF file that you can open but cannot edit, print or copy selected text to the clipboard? There is an easy solution: with just a couple of clicks, the file can be unprotected. Bad news: you’ll need software. Good news: we’ve built one for you.

Read the rest of this entry »

Elcomsoft System Recovery Simplifies Digital Field Triage and In-Field Investigations

June 17th, 2021 by Oleg Afonin

Elcomsoft System Recovery is a perfect tool for digital field triage, enabling safer and more secure in-field investigations of live computers by booting from a dedicated USB media instead of using the installed OS. The recent update added a host of features to the already great tool, making it easier to examine the file system and extract passwords from the target computer.

Read the rest of this entry »

Analyzing Microsoft Timeline, OneDrive and Personal Vault Files

June 15th, 2021 by Oleg Afonin

Elcomsoft Phone Breaker is not just about Apple iCloud data. It can also download the data from other cloud services including Microsoft accounts. In this new version, we have added support for even more types of data, including Windows 10 Timeline, Account Activity (logins to the account), OneDrive files, recent OneDrive files history, and files from Microsoft Personal Vault. Learn about these data types and how they can help advance your investigation.

Read the rest of this entry »

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys

June 3rd, 2021 by Oleg Afonin

Released back in 2013, VeraCrypt picks up where TrueCrypt left off. Supporting more encryption algorithms, more hash functions and a variable number of hash iterations, VeraCrypt is the default choice for the security conscious. VeraCrypt has no known weaknesses except one: once the encrypted disk is mounted, the symmetric, on-the-fly encryption key must be kept in the computer’s RAM in order to read and write encrypted data. A recent change in VeraCrypt made OTF key extraction harder, while the latest update to Elcomsoft Forensic Disk Decryptor attempts to counter the effect of the change. Who is going to win this round?

Read the rest of this entry »

Password Crackers’ Gold Mine: Browser Passwords

June 1st, 2021 by Vladimir Katalov

How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.

Read the rest of this entry »

Hey Dude, Where Is My iCloud Data?

May 27th, 2021 by Vladimir Katalov

For more than ten years, we’ve been exploring iPhone backups, both local and iCloud, and we know a lot about them. Let’s reveal some secrets about the different types of backups and how they compare to each other.

Read the rest of this entry »

The Inception of Elcomsoft Phone Breaker

May 26th, 2021 by Vladimir Katalov

It’s been 10 years since we have released one of our flagship products, Elcomsoft Phone Breaker. The first version appeared in April 2011, and was named “iPhone Password Breaker”.  Since then, we made tons of improvements. The tool lost the “iPhone” designation, and the “Password” part was dropped from its name because it was no longer limited to iPhones or passwords. Today, the tool can offer unmatched features for the mobile forensic specialists.

Read the rest of this entry »

Forensically Sound checkm8 Based Extraction of iPhone 5s, 6, 6s and SE

May 19th, 2021 by Oleg Afonin

Back in 2019, independent researcher axi0mX has developed a ground-breaking exploit. Targeting a vulnerability in the bootloader of several generations of iOS devices, checkm8 made it possible to obtain BootROM code execution and perform forensic analysis on a long list of devices running a wide range of iOS versions. In this article, we’ll talk about the forensic use of checkm8 with iOS Forensic Toolkit.

Read the rest of this entry »