What’s New in Elcomsoft System Recovery 8.34: More Data, Faster Imaging, BitLocker Key Extraction
April 29th, 2025 by Oleg Afonin
We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool’s data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here’s a technical breakdown of the changes.
Passcode Unlock and Physical Acquisition of iPhone 4, 5 and 5c
February 2nd, 2021 by Vladimir Katalov
Passcode unlock and true physical acquisition are now available for iPhone 4, 5, and 5c devices – with caveats. Learn about the benefits and limitations of passcode unlocks and true physical imaging of Apple’s legacy devices. Looking for a step by step walkthrough? Check out our imaging guide!
iPhone 4, iPhone 5 and iPhone 5c Physical Acquisition Walkthrough
February 2nd, 2021 by Oleg Afonin
True physical acquisition is back – but only for a handful of old devices. We’re adding support for unlocking and forensically sound extraction of some of Apple’s legacy iPhones. For iPhone 4, 5, and 5c devices, we’re adding software-based passcode unlocking and device imaging functionality. Moreover, on some models you won’t even need to break the passcode in order to make a full disk image! In this walkthrough we’ll describe the steps required to image an iPhone 4, iPhone 5 or iPhone 5c device.
NAS Forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus Encryption Compared
February 1st, 2021 by Oleg Afonin
More than a year ago, we started researching the available encryption options in off the shelf network attached storage devices. We started with Synology devices, followed by Asustor, TerraMaster, Thecus, and finally Qnap. The manufacturers exhibit vastly different approaches to data protection, with different limitations, security implications and vulnerabilities. Today we are publishing the aggregate results of our analysis.
End-to-End Encryption in Apple iCloud, Google and Microsoft Accounts
January 21st, 2021 by Oleg Afonin
The proliferation of always connected, increasingly smart devices had led to a dramatic increase in the amount of highly sensitive information stored in manufacturers’ cloud accounts. Apple, Google, and Microsoft are the three major cloud providers who also develop their own hardware and OS ecosystems. In this report, we’ll see how these companies protect their users’ highly sensitive information compared to each other.
Secure Instant Messengers
January 19th, 2021 by Olga Koksharova
In today’s world of everyone wanting a slice of one’s personal information, users become more and more concerned about the privacy. The WhatsApp/Facebook integration raised an additional concern, considering that Facebook-owned Messenger requests the largest number of invasive permissions among all commonly used messengers. Data privacy and security concerns are mounting like a snowball. 2020 brought multiple data breach incidents from popular blogging resources from LiveJournal whose users’ data was breached and leaked to the darknet to financial institutions like Postbank with 12M exposed credit cards, hospitality giants as Mariott with 383 million records compromised or even Microsoft customers who also suffered from privacy-related issues.
DFU Mode Cheat Sheet
January 14th, 2021 by Oleg Afonin
The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.
Apple, FBI and iPhone Backup Encryption: Everything You Wanted to Know
January 7th, 2021 by Vladimir Katalov
Shame on us, we somehow missed the whole issue about Apple dropping plan for encrypting backups after FBI complained, even mentioned in The Cybersecurity Stories We Were Jealous of in 2020 (and many reprints). In the meantime, the article is full of rumors, guesses, and unverified and technically dubious information. “Fake news”, so to say. Is there truth to the rumors, and what does Apple do and does not do when it comes to encrypting your personal information?
Apple Scraps End-to-End Encryption of iCloud Backups
January 6th, 2021 by Oleg Afonin
Reportedly, Apple dropped plan for encrypting backups after FBI complained. Apple’s decision will undoubtedly cause turmoil and will have a number of consequences. In this article, I want to talk about the technical reasons for encrypting or not encrypting cloud backup, and compare Apple’s approach with the data encryption strategies used by Google, who have been encrypting Android backups for several years.
Understanding BitLocker TPM Protection
January 5th, 2021 by Andrey Malyshev
Investigating a BitLocker-encrypted hard drive can be challenging, especially if the encryption keys are protected by the computer’s hardware protection, the TPM. In this article, we’ll talk about the protection that TPM chips provide to BitLocker volumes, and discuss vulnerabilities found in today’s TPM modules.
2020 in Review: What Was New in Desktop and Mobile Forensics
December 28th, 2020 by Oleg Afonin
This year is different from many before. The Corona pandemic, the lack of travel and canceled events had changed the business landscape for many forensic companies. Yet, even this year, we made a number of achievements we’d love to share.
