All posts by Oleg Afonin

While Windows 11 requires a Trusted Platform Module (TPM), older versions of Windows can do without while still using PIN-based Windows Hello sign-in. We prove that all-digit PINs are a serious security risk on systems without a TPM, and can be broken in a matter of minutes.

Elcomsoft System Recovery 8.30 introduced the ability to break Windows Hello PIN codes on TPM-less computers. This, however, was just one of the many new features added to the updated release. Other features include the ability to detect Microsoft Azure accounts and LUKS2 encryption, as well  as new filters for bootable forensic tools.

This article continues the series of publications aimed to help experts specify and build economical and power-efficient workstations for password recovery workloads. Electricity costs, long-term reliability and warranty coverage must be considered when building a password recovery workstation. In this article we will review the most common cooling solutions found in today’s GPUs, and compare consumer-grade video cards with their much lesser known professional counterparts.

This article opens the series of publications aimed to help experts specify and build effective and power-efficient workstations for brute-forcing passwords. Power consumption and power efficiency are two crucial parameters that are often overlooked in favor of sheer speed. When building a workstation with 24×7 workload, absolute performance numbers become arguably less important compared to performance per watt. We measured the speed and power consumption of seven video cards ranging from the NVIDIA Quadro T600 to NVIDIA RTX 3070 Ti and calculated their efficiency ratings.

Today’s data protection methods utilize many thousands (sometimes millions) hash iterations to strengthen password protection, slowing down the attacks to a crawl. Consumer-grade video cards are commonly used for GPU acceleration. How do these video cards compare, and what about the price-performance ratio? We tested five reasonably priced NVIDIA boards ranging from the lowly GTX 1650 to RTX 3060 Ti.

The ninth beta of iOS Forensic Toolkit 8.0 for Mac introduces forensically sound, checkm8-based extraction of sixteen iPad, iPod Touch and Apple TV models. The low-level extraction solution is now available for all iPad and all iPod Touch models susceptible to the checkm8 exploit.

iOS Forensic Toolkit 7.40 brings gapless low-level extraction support for several iOS versions up to and including iOS 15.1 (15.1.1 on some devices), adding compatibility with previously unsupported versions of iOS 14.

Live system analysis is the easiest and often the only way to access encrypted data stored on BitLocker-protected disks. In this article we’ll discuss the available options for extracting BitLocker keys from authenticated sessions during live system analysis.

In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.

A pre-requisite to successful forensic analysis is accurate information about the device being investigated. Knowing the exact model number of the device helps identify the SoC used and the range of available iOS versions, which in turn pre-determines the available acquisition methods. Identifying the iPhone model may not be as obvious as it may seem. In this article, we’ll go through several methods for finding the iPhone model.