Archive for the ‘Tips & Tricks’ category

The keychain is one of the hallmarks of the Apple ecosystem. Containing a plethora of sensitive information, the keychain is one of the best guarded parts of the walled garden. At the same time, the keychain is relatively underexplored by the forensic community. The common knowledge has it that the keychain contains the users’ logins and passwords, and possibly some payment card information. The common knowledge is missing the point: the keychain contains literally thousands of records belonging to various apps and the system that are required to access lots of other sensitive information. Let’s talk about the keychain, its content and its protection, and the methods used to extract, decrypt and analyze the various bits and pieces.

We have published multiple articles on iPhone backup passwords already, covering the different aspects of the backup protection. In this publication, we have collected the most important information about the things you can do under different circumstances, some software recommendations, and some other practical tips and tricks, in a brief and simple form.

The wide spread of full-disk encryption makes live system analysis during incident response a challenge, but also an opportunity. A timely detection of full-disk encryption or a mounted crypto container allows experts take extra steps to secure access to encrypted evidence before pulling the plug. What steps are required and how to tell if the system is using full-disk encryption? “We have a tool for that”.

The checkra1n jailbreak is fantastic. Not only does it work with the latest versions of iOS the other jailbreaks aren’t even available for, but it also allows performing partial data extraction from disabled and locked iPhones even if the passcode is not known. Still, you can encounter some problems if the USB restricted mode has been activated on the device. The latest build of chechra1n is to the rescue.

Having trouble installing the checkra1n jailbreak? If you do it right, you achieve a nearly 100% success rate. We have collected the most important information on how to install and troubleshoot the checkra1n jailbreak. By following these advises, you will be able to jailbreak like a pro, whether you just want to research your own device or perform the file system and keychain acquisition.

Location data is one of the most sensitive pieces of personal information. In today’s world, aggregated location data is as sensitive and as valuable as the user’s passwords. Once this data is transmitted to the OS manufacturer’s cloud service or any of the third-party vendors, the user has the right to know exactly what information is collected; who, when, and how has access to it. In today’s article, we will talk about one of the iOS lesser known features called “Significant locations”.

Breaking passwords becomes more difficult with every other update of popular software. Microsoft routinely bumps the number of hash iterations to make Office document protection coherent with current hardware. Apple uses excessive protection of iTunes backups since iOS 10.1, making brute force attacks a thing of the past. VeraCrypt and BitLocker were secure from the get go. However, everything is not lost if you consider human nature.

BitLocker is Windows default solution for encrypting disk volumes. A large number of organizations protect startup disks with BitLocker encryption. While adding the necessary layer of security, BitLocker also has the potential of locking administrative access to the encrypted volumes if the original Windows logon password is lost. We are offering a straightforward solution for reinstating access to BitLocker-protected Windows systems with the help of a bootable USB drive.

A lot of people have asked me over the past couple of months – “What’s that cable on your desk, James?”. Today I’ll tell you all about it. Every accessory that connects to your iPhone via lightning is ‘flashed’ with an Accessory ID. The Accessory ID essentially identifies the device connected to the iPhone as a specific type. For example, a Lightning-To-Ethernet adapter will identify itself with it’s assigned Accessory ID so the iPhone knows how to treat the device and interact with it. It’s sort of like directing the iPhone to use a specific driver to interact with said device.

How can you obtain the highest amount of data from an iPhone, iPad, Apple TV or Apple Watch? This is not as simple as it may seem. Multiple overlapping extraction methods exist, and some of them are limited to specific versions of the OS. Let’s go through them and summarize their availability and benefits.