ElcomSoft blog

«…Everything you wanted to know about password recovery, data decryption,
mobile & cloud forensics…»

Archive for September, 2018

iOS 12 Enhances USB Restricted Mode

Thursday, September 20th, 2018

The release of iOS 11.4.1 back in July 2018 introduced USB Restricted Mode, a feature designed to defer passcode cracking tools such as those developed by Cellerbrite and Grayshift. As a reminder, iOS 11.4.1 automatically switches off data connectivity of the Lightning port after one hour since the device was last unlocked, or one hour since the device has been disconnected from a USB accessory or computer. In addition, users could manually disable the USB port by following the S.O.S. mode routine.

iOS 12 takes USB restrictions one step further. According to the new iOS Security guide published by Apple after the release of iOS 12, USB connections are disabled immediately after the device locks if more than three days have passed since the last USB connection, or if the device is in a state when it requires a passcode.

“In addition, on iOS 12 if it’s been more than three days since a USB connection has been established, the device will disallow new USB connections immediately after it locks. This is to increase protection for users that don’t often make use of such connections. USB connections are also disabled whenever the device is in a state where it requires a passcode to re-enable biometric authentication.”

Source: Apple iOS Security, September 2018 (more…)

Cloud Forensics: Why, What and How to Extract Evidence

Thursday, September 6th, 2018

Cloud analysis is arguably the future of mobile forensics. Whether or not the device is working or physically accessible, cloud extraction often allows accessing amounts of information far exceeding those available in the device itself.

Accessing cloud evidence requires proper authentication credentials, be it the login and password or credentials cached in the form of a binary authentication token. Without authentication credentials, one cannot access the data. However, contrary to popular belief, even if proper authentication credentials are available, access to evidence stored in the cloud is not a given. In this article we’ll tell you how to access information stored in Apple iCloud with and without using forensic tools. (more…)