In our previous article, we figured that iPhone call logs are synced with iCloud. We performed multiple additional tests to try to understand exactly how it works, and are trying to guess why. (more…)

How often do you think forensic specialists have to deal with encrypted containers? Compared with office documents and archives that are relatively infrequent, every second case involves an encrypted container. It may vary, but these evaluations are based on a real survey conducted by our company.

Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?

On Tuesday, a federal judge ordered Apple to assist the authorities in breaking into a locked iPhone 5C used by Syed Farook, who killed 14 in San Bernardino in December. According to the FBI, the phone might contain critical information about connections with Islamic terrorist groups. Apple opposed the motion and published an open letter at https://www.apple.com/customer-letter/ saying that “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

As we all know, Google collects and processes an awful lot of data about pretty much everyone who is using the company’s cloud services or owns a smartphone running the Android OS (or, to be precise, is using a device with Google Mobile Services). Just how much data is available was described in our previous article, What Google Knows about You, and Why It Matters. Today, we’ll discuss something slightly different. Meet Google Timeline, a relatively new feature extending the company’s Maps service.

In today’s thoroughly connected world, everyone shares at least some of their personal information with, well, strangers. Voluntarily or not, people using personal computers or mobile devices have some of their information transmitted to, processed, stored and used by multiple online service providers.

We’ve recently updated Elcomsoft Distributed Password Recovery, adding enhanced GPU-assisted recovery for many supported formats. In a word, the new release adds GPU-accelerated recovery for OS X keychain, triples BitLocker recovery speeds, improves W-Fi password recovery and enhances GPU acceleration support for Internet Key Exchange (IKE).

We have recently released a brand new product, Elcomsoft Explorer for WhatsApp. Targeted at home users and forensic experts along, this Windows-based, iOS-centric tool offers a bunch of extraction options for WhatsApp databases. Why the new tool, and how is it different from other extraction options offered by Elsomsoft’s mobile forensic tools? Before we move on to that, let’s have a look at the current state of WhatsApp.

Big news! iOS Forensic Toolkit receives its first major update. And it’s a big one. Not only does version 2.0 bring support for iOS 9 handys. We also expanded acquisition support for jailbroken devices, enabling limited data extraction from jailbroken devices locked with an unknown passcode.