“A core selling point of machine learning is discovery without understanding, which is why errors are particularly common in machine-learning-based science.” I could not resist the temptation to start this article with a quote by AI as Normal Technology – it captures the current state of AI-everything perfectly. Should investigators really trust black boxes running a set of non-deterministic algorithms and providing different results on every reroll? And can we still use such black boxes to automate routine operations? Let’s try to find out.

The latest update to Elcomsoft Distributed Password Recovery added eight additional password management tools to the list of supported data formats. The software can now attack master passwords protecting databases from Bitwarden, Dropbox Passwords, Enpass, Kaspersky, Keeper, Roboform, Sticky Password, and Zoho Vault password managers. Let’s talk about password managers – and how to handle them in a forensic lab.

Like the previous generation of iPhones, the iPhone 17 range employs OLED panels that are prone to flickering, which some people are sensitive to. The flickering is caused by PWM (Pulse Width Modulation), a technology used by OLED manufacturers to control display brightness. The screen flickering is particularly visible in low ambient brightness conditions, and may cause eyestrain with sensitive users. Fortunately, in this generation Apple provided a simple solution to get rid of the flickering by finally adding the DC Dimming option.

Since its introduction with the iPhone X in 2017, Apple’s Face ID has become one of the most widely used biometric authentication systems in the world, often praised for its convenience and technological sophistication. Yet, like any system that relies on human biology, it has its share of limitations: reports of identical twins, close relatives or young children occasionally unlocking a parent’s device have circulated since its debut.

When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.

We previously tested disk imaging speeds using high-performance storage devices. But raw speed is only part of the equation. Even under ideal conditions, getting a fully correct and complete image can be tricky. And achieving peak speed consistently is even harder – many factors can slow things down, and sometimes even corrupt the results. In this article, we explore the key reasons why both speed and accuracy can fall short during disk imaging.

Artificial intelligence is everywhere – from phones that guess your next move to fridges that shop for you. It’s only natural to ask whether AI can help in a more serious domain: digital forensics, specifically password cracking. The idea sounds promising: use large language models (LLMs) to produce rules and templates for guessing highly probable password variants, prioritizing the most likely ones first. But in practice, things aren’t so straightforward.

Over the years, we’ve published numerous guides on installing the iOS Forensic Toolkit extraction agent and troubleshooting issues. As both the tool and its environment evolved, so did our documentation – often leading to outdated or scattered information. This article consolidates and updates everything in one place, detailing the correct installation and troubleshooting procedures.

Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS, and other devices from Apple ecosystems. Originally designed for debugging and diagnostics, these logs capture a continuous stream of detailed system activity – including app behavior, biometric events, power state changes, and connectivity transitions. In digital forensics, where traditional sources of evidence like backups or app data may be encrypted or inaccessible, the logs provide an alternative and often untapped reservoir of forensic artifacts. This article explores the content, availability, and forensic value of Apple logs collected via sysdiagnose across different device types, focusing on practical methods for extraction and analysis using modern forensic tools.

In June 2025, headlines shouted that 16 billion passwords had leaked. Major outlets warned that credentials for Apple, Google, and other platforms were now exposed. As expected, this triggered a wave of public anxiety and standard advice: change your passwords immediately. Upon closer examination, however, technical sources clarified the situation. This was not a new breach, nor did it expose fresh credentials. The dataset was an aggregation of previously leaked databases, malware logs from infostealers, junk records and millions of duplicate entries. Essentially, it was old material, repackaged and redistributed under a sensational label. For digital forensics teams, however, the question remains open: could this kind of dataset be useful in real-world password recovery? In this article, we will explore if massive password leaks have practical value in the lab.