The Windows 11 24H2 update introduced a change in Microsoft’s approach to disk encryption, a shift that will have long lasting implications on digital forensics. In this release, BitLocker encryption is automatically enabled on most modern hardware when installing Windows when a Microsoft Account (MSA) is used during setup. Encryption starts seamlessly and silently in the background, covering even Home editions and consumer devices such as desktop computers that historically escaped full-disk encryption defaults.

We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool’s data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here’s a technical breakdown of the changes.

With the release of iOS 17.3, Apple introduced a new security feature called “Stolen Device Protection.” This functionality is designed to prevent unauthorized access to sensitive data in cases where a thief has gained knowledge of an iPhone’s passcode. While this feature significantly enhances security for end users, it simultaneously creates substantial obstacles for digital forensic experts, complicating lawful data extraction.

Just a week ago, we published an article about NVIDIA’s new generation of Blackwell-based graphics cards. Despite a noticeable price hike, performance gains in this generation are minimal, with one notable exception: the flagship GeForce RTX 5090 significantly outperforms its predecessor in all key aspects. However, this GPU has also revealed a potential issue that could make its use in workstations running 24/7 problematic and potentially unsafe.

The newly introduced NVIDIA GeForce RTX 50 series (Blackwell architecture) brings significant changes. Notably, NVIDIA claims a doubling of integer (INT32) computation throughput per clock cycle compared to the previous Ada Lovelace architecture; this is described in the company’s whitepaper.

In the beginning of February, Apple may have received a secret order requiring the company to create an encryption backdoor. According to a leak, the UK government demanded blanket, covert access to all sorts of encrypted data globally. After that demand, Apple decided to disable Advanced Data Protection for iCloud in the UK, issuing an official statement. What does that mean for the law enforcement, and what consequences are expected for the end users?

Over the years, Apple has continuously refined its security mechanisms to deter unauthorized access to their devices. One of the most significant aspects of this evolution is the increasingly sophisticated passcode protection system in iOS devices. This article explores how the delay between failed passcode attempts has evolved over time, highlighting changes that have made iOS screen lock protection more secure.

In the latest update of Elcomsoft Distributed Password Recovery (EDPR), we’ve introduced a revamped load-balancing feature. The new feature aims to enhance resource utilization on local workstations across diverse hardware configurations. This update has drastically reduced the time required to break passwords in certain hardware configurations, thanks to a refined load distribution algorithm. In this article, we’ll share some technical details on how load balancing leverages a mix of GPUs and CPU cores.

What can a forensic expert find in an Outlook data file? Can they recover deleted emails, contacts and appointments from Microsoft Outlook? Can users erase unwanted correspondence from Outlook? In this article, we’ll demonstrate how experts can recover valuable information from Outlook data files (PST/OST), including deleted emails, contacts, attachments, and appointments. Even when users attempt to erase unwanted correspondence, traces often remain within the database. With the right tools, experts can extract and analyze this hidden data to uncover critical evidence.

We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additional test, and we’re ready to share further insights into the performance of disk imaging.