All posts by Vladimir Katalov

In just a few weeks, the new iPhone range will be released. Millions of users all over the world will upgrade, migrating their data from old devices. While Apple has an ingenious backup system in place, it has quite a few things behind the scenes that can make the migration not go as smooth as planned. How do you do the migration properly not to lose anything?

How do you extract an Apple Watch? While several extraction methods are available, you need an adapter if you want to get the data directly from the device. There are several different options available on the market, some of them costing north of $200. We tested a large number of such adapters. How do they stand to the marketing claims? In this article, I will share my experience with these adapters.

While we are still working on the new version of Elcomsoft iOS Forensic Toolkit featuring forensically sound and nearly 100% compatible checkm8 extraction, an intermediate update is available with two minor yet important improvements. The update makes it easier to install the tool on macOS computers, and introduces a new agent extraction option.

Have you got an Adobe PDF file that you can open but cannot edit, print or copy selected text to the clipboard? There is an easy solution: with just a couple of clicks, the file can be unprotected. Bad news: you’ll need software. Good news: we’ve built one for you.

How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.

For more than ten years, we’ve been exploring iPhone backups, both local and iCloud, and we know a lot about them. Let’s reveal some secrets about the different types of backups and how they compare to each other.

It’s been 10 years since we have released one of our flagship products, Elcomsoft Phone Breaker. The first version appeared in April 2011, and was named “iPhone Password Breaker”.  Since then, we made tons of improvements. The tool lost the “iPhone” designation, and the “Password” part was dropped from its name because it was no longer limited to iPhones or passwords. Today, the tool can offer unmatched features for the mobile forensic specialists.

The previous publication talks about the basics of using the bootloader-level exploit for extracting iOS devices. In this article, we are posting a comprehensive step-by-step guide of using the new checkm8 capability of iOS Forensic Toolkit for performing forensically sound extractions of a range of Apple devices.

In older iPhones, the ‘file system dirty’ flag indicates unclean device shutdown, which affects the ability to perform bootloader-level extractions of Apple devices running legacy versions of iOS (prior to iOS 10.3 released in March 2017). As such, the “file system dirty” flag must be cleared before the extraction. In this article we discuss the very different forensic implications of this flag if it is set on the Data or System partitions.

Have an iPhone backup but cannot get around the password protection? I have a story to share. I was recently contacted by an old partner from the other side of the world who asked for assistance in an urgent case. He had an iTunes-style backup of a device full of critical evidence, but the password locked him out of the data.