September 27th, 2024 by Vladimir Katalov
We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additional test, and we’re ready to share further insights into the performance of disk imaging.
April 17th, 2024 by Oleg Afonin
iOS backup passwords are a frequent topic in our blog. We published numerous articles about these passwords, and we do realize it might be hard for a reader to get a clear picture from these scattered articles. This one publication is to rule them all. We’ll talk about what these passwords are, how they affect things, how to recover them, whether they can be reset, and whether you should bother. We’ll summarize years of research and provide specific recommendations for dealing with passwords.
March 15th, 2024 by Elcomsoft R&D
In iOS device forensics, the process of low-level extraction plays a crucial role in accessing essential data for analysis. Bootloader-level extraction through checkm8 has consistently been the best and most forensically sound method for devices with a bootloader vulnerability. But even though we brought the best extraction method to Linux and Windows in recent releases, support for iOS 16 on these platforms was still lacking behind. In this article we’ll talk about the complexities in iOS 16 extractions and how we worked around them in the newest release of iOS Forensic Toolkit.
February 20th, 2024 by Oleg Afonin
In the latest update, Elcomsoft Distributed Password Recovery introduced a new feature that allows managing the available computational resources. The new resource management capability allows administrators to manage and distribute the available computational resources across multiple jobs. The feature enables users to tap into a pool of available resources by requesting a certain number of recovery agents. The reserved recovery agents will be allocated, allowing multiple jobs to run separately at the same time.
February 9th, 2024 by Oleg Afonin
The bootloader vulnerability affecting several generations of Apple devices, known as “checkm8”, allows for forensically sound extraction of a wide range of Apple hardware including several generations of iPhones, iPads, Apple Watch, Apple TV, and even HomePod devices. The exploit is available for chips that range from the Apple A5 found in the iPhone 4s and several iPad models to A11 Bionic empowering the iPhone 8, 8 Plus, and iPhone X; older devices such as the iPhone 4 have other bootloader vulnerabilities that can be exploited to similar effect. In this article, we will go through the different chips and their many variations that are relevant for bootloader-level extractions.
February 6th, 2024 by Vladimir Katalov
In the upcoming iOS 17.4 update, Apple is introducing significant changes to its App Store policies for apps distributed in the European Union. The new policy brings multiple changes, one of them being alternative app marketplaces (which are effectively third-party app stores). These changes have both technical and financial implications for developers, but do they bring news to the digital forensic crowd? Let’s have a look into what Apple’s new policy brings and how it may impact forensic experts.
February 2nd, 2024 by Oleg Afonin
With the launch of the Super update of 40-Series NVIDIA GPUs, the company’s product lineup has become quite complex. In the 4070 series alone, four models of the NVIDIA GeForce RTX are available: the original 4070, 4070 Ti, and now also 4070 Super, and 4070 Ti Super. Understanding the differences between these cards and learning which models offer the best price/performance ratio in password recovery jobs are crucial considerations for IT professionals.
February 1st, 2024 by Oleg Afonin
The latest update to iOS Forensic Toolkit brought the ability to mount HFS disk images extracted from legacy Apple devices as drive letters on Windows systems. This new capability to mount HFS images on Windows empowers experts to efficiently process and analyze digital evidence extracted from legacy Apple devices on Windows-based computers. This article provides detailed instructions on using the new feature.
January 17th, 2024 by Vladimir Katalov
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple will continue to collect a commission ranging from 12 to 27 percent on content purchased through this avenue, providing only a 3 percentage points commission cut compared to purchases made through the official Apple App Store.
January 12th, 2024 by Oleg Afonin
When equipping a forensic lab, having a diverse set of tools is extremely important due to their diverse, rarely overlapping capabilities, and the need for cross-checking the results. With that many tools, compatibility is crucial. This is why we went a long way to ensure that any data extracted with our mobile forensic tools can be opened in many popular forensic analysis tools.
January 8th, 2024 by Oleg Afonin
In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?