Archive for the ‘General’ category

Live system analysis is the easiest and often the only way to access encrypted data stored on BitLocker-protected disks. In this article we’ll discuss the available options for extracting BitLocker keys from authenticated sessions during live system analysis.

In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.

The new year is just around the corner, and so it’s the right time to review our achievements in 2021. We’ve done plenty of researching, developing and updating, and posted a great deal of content in our blog. Let’s run through the most exciting developments of the year!

Backups are the primary way to preserve data. On smartphones, backups are handled automatically by the OS. Windows lacks a convincing backup app; numerous third-party tools are available, some of which feature strong encryption. Computer backups may contain valuable evidence that can be useful during an investigation – if you can do something about the password.

Many security practices still widely accepted today are things of the past. Many of them made sense at the time of short passwords and unrestricted access to workplaces, while some were learned from TV shows with “Russian hackers” breaking Pentagon. In this article we’ll sort it out.

Is surveillance a good or a bad thing? The answer depends on whom you ask. From the point of view of the law enforcement, the strictly regulated ability to use real-time surveillance is an essential part of many investigations. In this article we’ll cover a very unorthodox aspect of real-time surveillance: iCloud.

If you are doing Apple Watch forensics, I’ve got some bad news for you. The latest model of Apple Watch, the Series 7, does not have a hidden diagnostics port anymore, which was replaced with a wireless 60.5GHz module (and the corresponding dock, which is nowhere to be found). What does that mean for the mobile forensics, and does it make the extraction more difficult? Let’s shed some light on it.

Many Linux distributions including those used in off the shelf Network Attached Storage (NAS) devices have the ability to protect users’ data with one or more types of encryption. Full-disk and folder-based encryption options are commonly available, each with its own set of pros and contras. The new native ZFS encryption made available in OpenZFS 2.0 is designed to combine the benefits of full-disk and folder-based encryption without the associated drawbacks. In this article, we’ll compare the strengths and weaknesses of LUKS, eCryptFS and ZFS encryption.

iMessage, Hangouts, Skype, Telegram, Signal, WhatsApp are familiar, while PalTalk, Pigin, Psi Jabber client, Gadu-Gadu, Gajim, Trillian, BigAnt or Brosix are relatively little known. The tools from the first group are not only more popular but infinitely more secure compared to the tools from the second group. In this publication we’ll review the authentication methods used by the various instant messengers, and attempt to extract a password to the user’s account.

Established NAS manufacturers often offer some kind of encryption to their users. While anyone can use “military-grade AES-256 encryption”, the implementation details vary greatly. Synology, Asustor, and TerraMaster implement folder-based encryption, while QNAP, Thecus, and Asustor (MyAcrhive) employ full-disk encryption; the full comparison is available here. In this article, we’ll have a look at encryption methods used in TrueNAS, a system commonly used by computer enthusiasts for building custom NAS servers.