Archive for the ‘Tips & Tricks’ category

The seventh beta of iOS Forensic Toolkit 8.0 for Mac introduces passcode unlock and forensically sound checkm8 extraction of iPhone 4s, iPad 2 and 3. The new solution employs a Raspberry Pi Pico board to apply the exploit. Learn how to configure and use the Pico microcontroller for extracting an iPhone 4s!

A pre-requisite to successful forensic analysis is accurate information about the device being investigated. Knowing the exact model number of the device helps identify the SoC used and the range of available iOS versions, which in turn pre-determines the available acquisition methods. Identifying the iPhone model may not be as obvious as it may seem. In this article, we’ll go through several methods for finding the iPhone model.

While we continue working on the major update to iOS Forensic Toolkit with forensically sound checkm8 extraction, we keep updating the current release branch. iOS Forensic Toolkit 7.30 brings low-level file system extraction support for iOS 15.1, expanding the ability to perform full file system extraction on iOS devices ranging from the iPhone 8 through iPhone 13 Pro Max.

Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular, one must “verify” the extraction agent on the target iPhone, which requires an active Internet connection. Learn how to verify the extraction agent signed with a regular or disposable Apple ID without the risk of receiving an accidental remote lock or remote erase command.

Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.

Accessing the content of password-protected and encrypted documents saved as DOC/XLS files (as opposed to the newer DOCX/XLSX files) is often possible without time-consuming attacks regardless of the length of the password. Advanced Office Password Recovery enables experts quickly breaking the encryption of password-protected DOC and XLS files, which are Microsoft Word and Excel documents saved by modern versions of the app in the “compatibility” format. Organizations are still using the “compatible” Office 97/2000 formats for their document workflow.

We are continuing the consolidation of our product line, now adding WordPerfect and Lotus office apps into Advanced Office Password Recovery. The tool can help experts unlock a host of digital document formats including Microsoft Office, OpenDocument, Hangul/Hancell, and many others without lengthy attacks.

Windows 11 introduces increased account protection, passwordless sign-in and hardware-based security. What has been changed compared to Windows 10, how these changes affect forensic extraction and analysis, and to what extent can one overcome the TPM-based protection? Read along to find out!

Elcomsoft System Recovery speeds up in-field investigations by providing experts with a forensic tool they can use by booting a PC from a dedicated USB media. The recent update extended the functionality of the tool by adding three new forensic tools.

Most password protection methods rely on multiple rounds of hash iterations to slow down brute-force attacks. Even the fastest processors choke when trying to break a reasonably strong password. Video cards can be used to speed up the recovery with GPU acceleration, yet the GPU market is currently overheated, and most high-end video cards are severely overpriced. Today, we’ll test a bunch of low-end video cards and compare their price/performance ratio.