As you may already know, we’ve released an update to Elcomsoft System Recovery, a tool allowing to reset or recover Windows and Microsoft Account passwords by booting from an external USB drive. The new build allows creating bootable USB drives for devices exclusively relying on UEFI bootloaders. Why was this change needed? Read below for an answer!

Biometric approach to unlocking portable electronics has been on the rise since late 2013 when Apple released iPhone 5S. Ever since, manufacturers started adding fingerprint scanners to their devices. In the world of Android, this was frequently done without paying much (if any) attention to actual security. So how do these systems compare?

So you’ve got an iPhone, and it’s locked, and you don’t know the passcode. This situation is so common, and the market has so many solutions and “solutions” that we felt a short walkthrough is necessary.

Two-step verification and two-factor authentication both aim to help users secure their Apple ID, adding a secondary authentication factor to strengthen security. While Apple ID and password are “something you know”, two-step verification (and two-factor authentication) are both based on “something you have”.

BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by default on compatible devices if the administrative account logs in with Microsoft Account credentials. BitLocker protection is extremely robust, becoming a real roadblock for digital forensics.

“Had San Bernardino shooter Syed Rizwan Farook used an Android phone, investigators would have had a better chance at accessing the data”, says Jack Nicas in his article in The Wall Street Journal. Indeed, the stats suggest that only 10 per cent of the world’s 1.4 billion Android phones are encrypted, compared with 95 per cent of Apple’s iPhones. Of those encrypted, a major number are using Nexus smartphones that have encryption enforced by default.

We are closely following the case of Apple battling the US government on unlocking the iPhone of San Bernardino mass murderer Farook who killed 14 in December 2015. In our previous post we looked at what the FBI was asking, and why Apple opposes the motion.

Apple is currently testing a new major iOS release, the iOS 9.3. At this time, the second beta version is available. We looked into what has changed in the new OS, and discovered that iOS 9.3 introduces some minor changes to encryption of certain data stored in cloud backups. However minor, these changes effectively prevented older versions of Elcomsoft Phone Breaker from decrypting the data, which made us release an update ASAP. In addition, we were able to discover and fix the issue with some iOS 9.2 backups not properly decrypting (which wasn’t easy since the issue was intermittent). Finally, we got rid of the requirement to have iCloud for Windows installed as Elcomsoft Phone Breaker shifts to using direct access API.
(more…)

While here at ElcomSoft we offer a limited range of tools for acquiring Android devices that’s pretty much limited to over-the-air acquisition, we are still often approached with questions when one should use cloud extraction, and when other acquisition methods should be used. In this article, we decided to sum up our experience in acquiring the various Android devices, explaining why we decided to go for a cloud acquisition tool instead of implementing the many physical and logical extraction methods. This article is a general summary of available acquisition methods for the various makes, models, chipsets and OS versions of Android smartphones. The article is not intended to be a technical guide; instead, it’s supposed to give you a heads-up on approaching Android acquisition.