The Evolution of iOS Passcode Security
January 31st, 2025 by Oleg Afonin
Over the years, Apple has continuously refined its security mechanisms to deter unauthorized access to their devices. One of the most significant aspects of this evolution is the increasingly sophisticated passcode protection system in iOS devices. This article explores how the delay between failed passcode attempts has evolved over time, highlighting changes that have made iOS screen lock protection more secure.
Breaking Passwords on Alder Lake CPUs
May 18th, 2022 by Oleg Afonin
In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.
checkm8: Unlocking and Imaging the iPhone 4s
May 12th, 2022 by Elcomsoft R&D
The seventh beta of iOS Forensic Toolkit 8.0 for Mac introduces passcode unlock and forensically sound checkm8 extraction of iPhone 4s, iPad 2 and 3. The new solution employs a Raspberry Pi Pico board to apply the exploit. Learn how to configure and use the Pico microcontroller for extracting an iPhone 4s!
Identifying the iPhone Model
May 5th, 2022 by Oleg Afonin
A pre-requisite to successful forensic analysis is accurate information about the device being investigated. Knowing the exact model number of the device helps identify the SoC used and the range of available iOS versions, which in turn pre-determines the available acquisition methods. Identifying the iPhone model may not be as obvious as it may seem. In this article, we’ll go through several methods for finding the iPhone model.
Agent-Based Low-Level iOS File System Extraction
April 29th, 2022 by Oleg Afonin
While we continue working on the major update to iOS Forensic Toolkit with forensically sound checkm8 extraction, we keep updating the current release branch. iOS Forensic Toolkit 7.30 brings low-level file system extraction support for iOS 15.1, expanding the ability to perform full file system extraction on iOS devices ranging from the iPhone 8 through iPhone 13 Pro Max.
iOS Low-Level Acquisition: How to Sideload the Extraction Agent
April 26th, 2022 by Oleg Afonin
Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular, one must “verify” the extraction agent on the target iPhone, which requires an active Internet connection. Learn how to verify the extraction agent signed with a regular or disposable Apple ID without the risk of receiving an accidental remote lock or remote erase command.
Preventing BitLocker Lockout and Recovering Access to Encrypted System Drive
April 19th, 2022 by Oleg Afonin
Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.
Decrypting Password-Protected DOC and XLS Files in Minutes
April 13th, 2022 by Oleg Afonin
Accessing the content of password-protected and encrypted documents saved as DOC/XLS files (as opposed to the newer DOCX/XLSX files) is often possible without time-consuming attacks regardless of the length of the password. Advanced Office Password Recovery enables experts quickly breaking the encryption of password-protected DOC and XLS files, which are Microsoft Word and Excel documents saved by modern versions of the app in the “compatibility” format. Organizations are still using the “compatible” Office 97/2000 formats for their document workflow.
Unlock WordPerfect and Lotus Documents with Advanced Office Password Recovery
April 4th, 2022 by Oleg Afonin
We are continuing the consolidation of our product line, now adding WordPerfect and Lotus office apps into Advanced Office Password Recovery. The tool can help experts unlock a host of digital document formats including Microsoft Office, OpenDocument, Hangul/Hancell, and many others without lengthy attacks.
Windows 11 TPM Protection, Passwordless Sign-In and What You Can Do About Them
March 28th, 2022 by Oleg Afonin
Windows 11 introduces increased account protection, passwordless sign-in and hardware-based security. What has been changed compared to Windows 10, how these changes affect forensic extraction and analysis, and to what extent can one overcome the TPM-based protection? Read along to find out!
Simplifying Digital Triage with Bootable Forensic Tools
March 23rd, 2022 by Oleg Afonin
Elcomsoft System Recovery speeds up in-field investigations by providing experts with a forensic tool they can use by booting a PC from a dedicated USB media. The recent update extended the functionality of the tool by adding three new forensic tools.
