Is it possible to extract any data from an Apple Watch? It’s relatively easy if you have access to the iPhone the device is paired to, or if you have a backup of that iPhone. But what if the watch is all you have? If there is no paired iPhone, no backup and no iCloud credentials, how can you connect the Apple Watch to the computer, and can you backup the watch?

It’s been a week since Apple has released iOS 14.2 as well as iOS 12.4.9 for older devices. Just a few days later, the developers updated the checkra1n jailbreak with support for new devices and iOS versions. What does that mean for iOS forensics? Let’s have a look; we have done some testing, and our discoveries are positively consistent with our expectations. Just one exception: to our surprise, Apple did not patch the long lasting vulnerability in iOS 12.4.9 that leaves the door open to full file system extraction and keychain acquisition without jailbreaking.

Believe me or not, but this is exactly the 500th post in our blog! The first one was posted in March 2009 and was about Distributed Password Recovery and GPU acceleration. At that time, we even did not do mobile or cloud forensics. Today it’s not about our achievements. I want to thank you for being with us, and share a few bits and pieces about our blog that you may find handy or at least amusing.

Apple iMessage is an important communication channel and an essential part of forensic acquisition efforts. iMessage chats are reasonably secure. Your ability to extract iMessages as well as the available sources of extraction will depend on several factors. Let’s discuss the factors that may affect your ability to extract, and what you can do to overcome them.

Remember the good old times when there was a lot of applications with “snake oil” encryption? You know, the kind of “peace of mind” protection that allowed recovering or removing the original plaintext password instantly? It is still the case for a few “we-don’t-care” apps such as QuickBooks 2021, but all of the better tools can no longer be cracked that easily. Let’s review some password recovery strategies used in our software today.

If the iPhone is locked with a passcode, it is considered reasonably secure. The exception are some older devices, which are relatively vulnerable. But what if the passcode is known or is not set? Will it be easy to gain access to all of the data stored in the device? And why do we have the countless forensic tools –is analysis and reporting the sole reason for their existence? Not really. If you’ve been wondering what this acquisition thing is all about, this article is for you.

Criminals are among the most advanced users of modern technology. They learned how to hide information in their smartphones and how to encrypt their laptops. They communicate via secure channels. Their passwords never leak, and they do their best to leave no traces. Forensic investigators encounter new challenges every other day. In this article, we will discuss yet another tool used by the criminals to cover their traces: the encrypted virtual machine.

Making tools for breaking passwords, I am frequently asked whether it’s legal, or how it works, or what one can do to protect their password from being cracked. There are people who have “nothing to hide”. There are those wearing tin foil hats, but there are a lot more people who can make a reasonable effort to secure their lives without going overboard. This article is for them.

When investigating iOS devices, you may have seen references to the SoC generation. Security researchers and developers of various iOS jailbreaks and exploits often list a few iPhone models followed by a note that mentions “compatible iPad models”. This is especially common when discussing iOS forensics, particularly referring to the checkra1n jailbreak. What do those references mean, and how are the iPhone and iPad models related? Can we count the iPod Touch and Apple TV, too? Let’s have a look.

The number of iOS 14 users is on the raise, and we will see it running on most Apple devices pretty soon. Apple had already stopped signing the last version of iOS 13 on all but legacy hardware. Soon, we will only see it running on the iPhone 5s and iPhone 6 which didn’t get the update, and on a small fraction of newer devices. If you are working in the forensic field, what do you need to do to make yourself ready for iOS 14? Our software may help.