Extracting Passwords from Qihoo 360 Safe Browser and Tor Browser

August 11th, 2020 by Oleg Afonin

Tor Browser is a well-known tool for browsing the Web while renaming anonymous, while Qihoo 360 Safe Browser is one of China’s most popular desktop Web browsers. According to some sources, it might be the second most-popular desktop Web browser in China. Like many other Chromium-based browsers, 360 Safe Browser offers the ability to save and securely store website passwords, but the implementation is unexpectedly different from most other browsers. An update to Elcomsoft Internet Password Breaker enables the extraction of Qihoo 360 Safe Browser and Tor Browser passwords. Does the “360 Safe” moniker stand the trial, and is Tor really anonymous? Read along to find out!

Read the rest of this entry »

iOS Extraction Without a Jailbreak: Full iOS 9 Support, Simplified File System Extraction

August 6th, 2020 by Oleg Afonin

We updated iOS Forensic Toolkit to bring two notable improvements. The first one is the new acquisition option for jailbreak-free extractions. The new extraction mode helps experts save time and disk space by pulling only the content of the user partition while leaving the static system partition behind. The second update expands jailbreak-free extraction all the way back to iOS 9, now supporting all 64-bit devices running all builds of iOS 9.

Read the rest of this entry »

Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored

August 5th, 2020 by Oleg Afonin

The keychain is one of the hallmarks of the Apple ecosystem. Containing a plethora of sensitive information, the keychain is one of the best guarded parts of the walled garden. At the same time, the keychain is relatively underexplored by the forensic community. The common knowledge has it that the keychain contains the users’ logins and passwords, and possibly some payment card information. The common knowledge is missing the point: the keychain contains literally thousands of records belonging to various apps and the system that are required to access lots of other sensitive information. Let’s talk about the keychain, its content and its protection, and the methods used to extract, decrypt and analyze the various bits and pieces.

Read the rest of this entry »

The Four Ways to Deal with iPhone Backup Passwords

July 30th, 2020 by Vladimir Katalov

We have published multiple articles on iPhone backup passwords already, covering the different aspects of the backup protection. In this publication, we have collected the most important information about the things you can do under different circumstances, some software recommendations, and some other practical tips and tricks, in a brief and simple form.

Read the rest of this entry »

Live System Analysis: Discovering Encrypted Disk Volumes

July 28th, 2020 by Oleg Afonin

The wide spread of full-disk encryption makes live system analysis during incident response a challenge, but also an opportunity. A timely detection of full-disk encryption or a mounted crypto container allows experts take extra steps to secure access to encrypted evidence before pulling the plug. What steps are required and how to tell if the system is using full-disk encryption? “We have a tool for that”.

Read the rest of this entry »

Downloading iOS 13 and iOS 14 iCloud Backups

July 21st, 2020 by Vladimir Katalov

The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.

Read the rest of this entry »

checkra1n, USB Restrictions and Breaking Into Locked iPhones

July 17th, 2020 by Vladimir Katalov

The checkra1n jailbreak is fantastic. Not only does it work with the latest versions of iOS the other jailbreaks aren’t even available for, but it also allows performing partial data extraction from disabled and locked iPhones even if the passcode is not known. Still, you can encounter some problems if the USB restricted mode has been activated on the device. The latest build of chechra1n is to the rescue.

Read the rest of this entry »

Defending Americans’ Right to Decrypt

July 16th, 2020 by Olga Koksharova

19 years ago, on July 16, 2001, the FBI arrested Dmitry Sklyarov, almost immediately after his speech at the DEF CON hacker conference, on a number of charges by Adobe. Dmitry was accused of many things, from software trafficking to conspiring with Elcomsoft and “third parties”, who put up the software for sale that could bypass technological protection on copyrighted material. Dmitry’s career at Elcomsoft began with a project on gaining access to protected Access databases. Soon, Dmitry got an idea about the security of PDF documents, and so he started working on it. From this idea the never-to-be-forgotten Advanced eBook Processor was born, because of which Dmitry was arrested in 2001 at DEF CON in Las Vegas, NV.

Read the rest of this entry »

checkra1n Installation Tips & Tricks

July 14th, 2020 by Vladimir Katalov

Having trouble installing the checkra1n jailbreak? If you do it right, you achieve a nearly 100% success rate. We have collected the most important information on how to install and troubleshoot the checkra1n jailbreak. By following these advises, you will be able to jailbreak like a pro, whether you just want to research your own device or perform the file system and keychain acquisition.

Read the rest of this entry »

The iPhone Data Recovery Myth: What You Can and Cannot Recover

July 10th, 2020 by Oleg Afonin

There is no lack of tools claiming the ability to recover lost or deleted information from the iPhone. These tools’ claims range from “Recover data lost due to water damaged, broken, deletion, device loss, etc.” to the much more reserved “Selectively recovers iPhone data from internal memory, iCloud, and iTunes”. Do any of those tools actually work, and do they live up to the user’s expectations? The answer is complex, hence this article. Let us place the claims through our usual scrutiny.

Read the rest of this entry »