iOS Forensic Toolkit 7.10 brings low-level file system extraction support for a bunch of iOS versions. This includes the entire range of iPhone models based on the A11, A12, and A13 Bionic platforms running iOS 14.4 through 14.8.

Windows backups are rarely targeted during investigations, yet they can be the only available source of evidence if the suspect’s computer is locked and encrypted. There are multiple third-part backup tools for Windows, and most of them have password protection as an option. We are adding the ability to break password protection of popular backup tools: Acronis True Image, Macrium Reflect, and Veeam.

BestCrypt, developed by the Finnish company Jetico, is a cross-platform commercial disk encryption tool directly competing with BitLocker, FileVault 2 and VeraCrypt. Volume encryption is available for Windows and macOS. Learn how to break BestCrypt full-disk encryption by recovering the original password!

Last month we introduced forensically sound low-level extraction for a range of iPhone devices. Based on the renowned checkm8 exploit, our solution supported devices ranging from the iPhone 5s through 6s/6s Plus/SE. Today, we are extending the range of supported devices, adding checkm8 extraction of the iPhone 7 and 7 Plus.

Before the end of this year, we are releasing one last update. Advanced Office Password Recovery can now break 40-bit encryption in Microsoft Office documents, and gains support for Thunder Tables. What are Thunder Tables exactly, and is 40-bit encryption still relevant? Read along to find out.

WhatsApp is the fastest growing instant messenger app. With over 2 billion monthly users, WhatsApp keeps the crown of the most popular instant messaging tool in the Western hemisphere. The recent introduction of end-to-end encrypted backups and the change of Google’s authentication protocol broke things temporarily for EXWA users, but now everything is back to normal. Learn how Elcomsoft Explorer for WhatsApp can download and decrypt encrypted WhatsApp communication histories from Google Drive and Apple iCloud!

Many security practices still widely accepted today are things of the past. Many of them made sense at the time of short passwords and unrestricted access to workplaces, while some were learned from TV shows with “Russian hackers” breaking Pentagon. In this article we’ll sort it out.

Is surveillance a good or a bad thing? The answer depends on whom you ask. From the point of view of the law enforcement, the strictly regulated ability to use real-time surveillance is an essential part of many investigations. In this article we’ll cover a very unorthodox aspect of real-time surveillance: iCloud.

Half a year ago, we started a closed beta-testing of a revolutionary new build of iOS Forensic Toolkit. Using the checkm8 exploit, the first beta delivered forensically sound file system extraction for a large number of Apple devices. Today, we are rolling out the new, significantly improved second beta of the tool that delivers repeatable, forensically sound extractions based on the checkm8 exploit.

iOS security model offers very are few possibilities to recover anything unless you have a backup, either local or one from the cloud. There are also tricks allowing to recover some bits and pieces even if you don’t. In this article we’ll talk about what you can and what you cannot recover in modern iOS devices.