Archive for the ‘Tips & Tricks’ category

Elcomsoft iOS Forensic Toolkit supports checkm8 extraction from all compatible devices ranging from the iPhone 4s and all the way through the iPhone X (as well as the corresponding iPad, iPod Touch, Apple Watch and Apple TV models). The new update removes an important obstacle to the acquisition of the iPhone 7 and iPhone 7 Plus devices running recent versions of iOS.

Mobile forensics is not limited to phones and tablets. Many types of other gadgets, including IoT devices, contain tons of valuable data. Such devices include smart watches, media players, routers, smart home devices, and so on. In this article, we will cover the extraction of an Apple TV 4K, one of the most popular digital media players.

This article continues the series of publications aimed to help experts specify and build economical and power-efficient workstations for password recovery workloads. Electricity costs, long-term reliability and warranty coverage must be considered when building a password recovery workstation. In this article we will review the most common cooling solutions found in today’s GPUs, and compare consumer-grade video cards with their much lesser known professional counterparts.

This article opens the series of publications aimed to help experts specify and build effective and power-efficient workstations for brute-forcing passwords. Power consumption and power efficiency are two crucial parameters that are often overlooked in favor of sheer speed. When building a workstation with 24×7 workload, absolute performance numbers become arguably less important compared to performance per watt. We measured the speed and power consumption of seven video cards ranging from the NVIDIA Quadro T600 to NVIDIA RTX 3070 Ti and calculated their efficiency ratings.

Keychain is an essential part of iOS and macOS that securely stores the most critical data: passwords of all kinds, encryption keys, certificates, credit card numbers, and more. Extracting and decrypting the keychain, when possible, is a must in mobile forensics. We seriously improved this part in the latest build of iOS Forensic Toolkit.

Apple ecosystem includes a comprehensive backup ecosystem that includes both local and cloud backups, and data synchronization with end-to-end encryption for some categories. Today we’ll discuss the iCloud backups, particularly targeting issues that are not covered in the official documentation.

We often write about full file system acquisition, yet we rarely explain what it is, when you can do it, and which methods you can use. We decided to clarify low-level extraction of Apple mobile devices (iPhones and iPads, and some other IoT devices such as Apple TVs and Apple Watches).

Speaking of mobile devices, especially Apple’s, “logical acquisition” is probably the most misused term. Are you sure you know what it is and how to properly use it, especially if you are working in mobile forensics? Let us shed some light on it.

The ninth beta of iOS Forensic Toolkit 8.0 for Mac introduces forensically sound, checkm8-based extraction of sixteen iPad, iPod Touch and Apple TV models. The low-level extraction solution is now available for all iPad and all iPod Touch models susceptible to the checkm8 exploit.

The seventh beta of iOS Forensic Toolkit 8.0 for Mac introduces passcode unlock and forensically sound checkm8 extraction of iPhone 4s, iPad 2 and 3. The new solution employs a Raspberry Pi Pico board to apply the exploit. Learn how to configure and use the Pico microcontroller for extracting an iPhone 4s!