Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units
November 14th, 2024 by Oleg Afonin
In the latest update of Elcomsoft Distributed Password Recovery (EDPR), we’ve introduced a revamped load-balancing feature. The new feature aims to enhance resource utilization on local workstations across diverse hardware configurations. This update has drastically reduced the time required to break passwords in certain hardware configurations, thanks to a refined load distribution algorithm. In this article, we’ll share some technical details on how load balancing leverages a mix of GPUs and CPU cores.
The Five Ways to Recover iPhone Deleted Data
November 4th, 2021 by Oleg Afonin
iOS security model offers very are few possibilities to recover anything unless you have a backup, either local or one from the cloud. There are also tricks allowing to recover some bits and pieces even if you don’t. In this article we’ll talk about what you can and what you cannot recover in modern iOS devices.
Digital Triage Forensics: Write-Blocking, Verifiable Disk Imaging
November 3rd, 2021 by Oleg Afonin
When accessing a locked system during an in-field investigation, speed is often the most important factor. However, maintaining digital chain of custody is just as if not more important in order to produce court admissible evidence. We are introducing new features in Elcomsoft System Recovery, our forensic triage tool, to help establish and maintain digital chain of custody throughout the investigation.
Protecting Linux and NAS Devices: LUKS, eCryptFS and Native ZFS Encryption Compared
November 2nd, 2021 by Oleg Afonin
Many Linux distributions including those used in off the shelf Network Attached Storage (NAS) devices have the ability to protect users’ data with one or more types of encryption. Full-disk and folder-based encryption options are commonly available, each with its own set of pros and contras. The new native ZFS encryption made available in OpenZFS 2.0 is designed to combine the benefits of full-disk and folder-based encryption without the associated drawbacks. In this article, we’ll compare the strengths and weaknesses of LUKS, eCryptFS and ZFS encryption.
Using a Trusted Device for iCloud Authentication
October 26th, 2021 by Oleg Afonin
To perform an iCloud extraction, a valid password is generally required, followed by solving the two-factor authentication challenge. If the user’s iPhone is everything that you have, the iCloud password may not be available. By using a trusted device, one can gain unrestricted access to everything that is stored in the user’s iCloud account. This article gives a comprehensive walkthrough on this alternative authentication method.
iCloud Extractions Without Passwords and Tokens: When a Trusted Device is Enough
October 26th, 2021 by Vladimir Katalov
A lot of folks (and even some law enforcement experts) are looking for a one-click solution for mobile extractions and data decryption. Unfortunately, in today’s day and age there are no ‘silver bullet’ solutions. In the days of high-tech mobile devices and end-to-end encryption one must clearly understand the available options, and plan their actions accordingly. The time of ‘snake oil’ exploits is long gone. The modern world of mobile forensics is complex, and your actions will depend on a lot of factors. Today, we’re going to make your life a notch more complex by introducing a new iCloud authentication option you’ve never heard of before.
Cloud Forensics: the New Reality
September 23rd, 2021 by Oleg Afonin
The majority of mobile devices today are encrypted throughout, making extractions difficult or even impossible for major platforms. Traditional attack vectors are becoming a thing of the past with encryption being moved into dedicated security chips, and encryption keys generated on first unlock based on the user’s screen lock passwords. Cloud forensics is a great alternative, often returning as much or even more data compared to what is stored on the device itself.
How to Put an iOS Device with Broken Buttons in DFU Mode
September 20th, 2021 by Elcomsoft R&D
Switching the iPhone into DFU mode is frequently required during the investigation, especially for older devices that are susceptible to checkm8 exploit. However, switching to DFU requires a sequence of key presses on the device with precise timings. If the device is damaged and one or more keys are not working correctly, entering DFU may be difficult or impossible. In this guide, we offer an alternative.
Forensic Implications of Sleep, Hybrid Sleep, Hibernation, and Fast Startup in Windows 10
September 17th, 2021 by Oleg Afonin
When analyzing connected computers, one may be tempted to pull the plug and bring the PC to the lab for in-depth research. This strategy carries risks that may overweigh the benefits. In this article we’ll discuss what exactly you may be losing when pulling the plug.
The iPhone Upgrade: How to Back Up and Restore iOS Devices Without Losing Data
August 27th, 2021 by Vladimir Katalov
In just a few weeks, the new iPhone range will be released. Millions of users all over the world will upgrade, migrating their data from old devices. While Apple has an ingenious backup system in place, it has quite a few things behind the scenes that can make the migration not go as smooth as planned. How do you do the migration properly not to lose anything?
Instant Messengers: Authentication Methods and Instant Password Extraction
August 24th, 2021 by Oleg Afonin
iMessage, Hangouts, Skype, Telegram, Signal, WhatsApp are familiar, while PalTalk, Pigin, Psi Jabber client, Gadu-Gadu, Gajim, Trillian, BigAnt or Brosix are relatively little known. The tools from the first group are not only more popular but infinitely more secure compared to the tools from the second group. In this publication we’ll review the authentication methods used by the various instant messengers, and attempt to extract a password to the user’s account.
