We’ve just updated Elcomsoft Distributed Password Recovery with the ability to break master passwords protecting encrypted vaults of the four popular password keepers: 1Password, KeePass, LastPass and Dashlane. In this article, we’ll talk about security of today’s password managers, and provide insight on what exactly we did and how to break in to encrypted vaults. Read the rest of this entry »
 |
One Password to Rule Them All: Breaking into 1Password, KeePass, LastPass and Dashlane |
| August 10th, 2017 by Oleg Afonin |
 |
Breaking Passwords in the Cloud: Using Amazon P2 Instances |
| August 1st, 2017 by Andrey Malyshev |
Cloud services such as Amazon EC2 can quickly deliver additional computing power on demand. Amazon’s recent introduction of the a type of EC2 Compute Units made this proposition much more attractive than ever before. With Elcomsoft Distributed Password Recovery now supporting Amazon’s new P2 instances, each with up to 16 GPU units, users can get as much speed as they need the moment they need. In this article, we’ll discuss the benefits of using cloud compute units for password recovery, and provide a step-by-step guide on how to add virtual instances to Elcomsoft Distributed Password Recovery. Read the rest of this entry »
|
Extract and Decrypt WhatsApp Backups from iCloud |
| July 20th, 2017 by Oleg Afonin |
Facebook-owned WhatsApp is the most popular instant messaging tool worldwide. Due to its point-to-point encryption, WhatsApp is an extremely tough target to extract.
As we already wrote in yesterday’s article, WhatsApp decryption is essential for the law enforcement since due to its popularity and extremely tough security it is a common choice among the criminals. However, the need for WhatsApp decryption is not limited to law enforcement. Us mere mortals may need access to our own communications when re-installing WhatsApp, changing devices or extracting conversations occurred on a device we no longer possess. Since WhatsApp data is not always available in iOS system backups, using WhatsApp’ own stand-alone cloud backup system is the more reliable choice compared to pretty much everything else.
Elcomsoft Explorer for WhatsApp can now access iPhone users’ encrypted WhatsApp communication histories stored in Apple iCloud Drive. If you have access to the user’s SIM card with a verified phone number, you can now use Elcomsoft Explorer for WhatsApp to circumvent the encryption and gain access to iCloud-stored encrypted messages. In this article, we’ll tell you how it works, and provide a step-by-step guide to extracting and decrypting WhatsApp backups from iCloud Drive.
 |
WhatsApp: The Bad Guys’ Secret Weapon |
| July 19th, 2017 by Vladimir Katalov |
WhatsApp is one of the most secure messengers with full end-to-end encryption. Messages exchanged between WhatsApp users are using an encrypted point-to-point communication protocol rendering man-in-the-middle attacks useless. WhatsApp communications are never stored or backed up on WhatsApp servers. All this makes government snooping on WhatsApp users increasingly difficult.
WhatsApp has more than a billion users. WhatsApp makes use of the Open Whisper Signal communication protocol to secure communications with end-to-end encryption. WhatsApp users rely on that security to freely exchange messages, discuss sensitive things and, with limited success, avoid religious and political oppression in certain countries. Today, some governments attempt to criminalize WhatsApp protection measures, ban end-to-end encryption and do everything in their power to undermining trust in secure communication tools. What is it all about, and how to find the right balance between public safety and security is the topic of this article.
|
Physical Acquisition Is… |
| July 13th, 2017 by Vladimir Katalov |
…dead? Not really, not completely, and not for every device. We’ve just updated iOS Forensic Toolkit to add physical support for some previously unsupported combinations of hardware (32-bit devices) and software (iOS 9.1 through 9.3.4). The intent was helping our law enforcement and forensic customers clear some of the backlog, finally taking care of evidence kept on dusty shelves in the back room. In order to do the extraction, you’ll need to install the “Home Depot” jailbreak from http://wall.supplies and, obviously, Elcomsoft iOS Forensic Toolkit 2.30.
|
iCloud Outage, New Token Expiration Rules and Fixes for Authentication Issues |
| July 11th, 2017 by Oleg Afonin |
In early July, 2017, Apple has once again revised security measures safeguarding iCloud backups. This time around, the company has altered the lifespan of iCloud authentication tokens, making them just as short-lived as they used to be immediately after celebgate attacks. How this affects your ability to access iCloud data, which rules apply to iCloud tokens, for how long you can still use the tokens and how this affected regular users will be the topic of this article.
|
Cloud Extraction Compared: What Is Available in iCloud, Google Account and Microsoft Account |
| July 6th, 2017 by Oleg Afonin |
There are three major mobile operating systems, and three major cloud services. Most Android users are deep into the Google’s ecosystem. iCloud is an essential part of iOS, while cloud services provided by Microsoft under the OneDrive umbrella are used not only by the few Windows Phone and Windows 10 Mobile customers but by users of other mobile and desktop platforms.
In this article, we’ll try to figure out what types of data are available for extraction and forensic analysis in the three major cloud platforms: Apple iCloud, Google Account and Microsoft Account.
Acquisition Tools
For the purpose of this article, we will use ElcomSoft-developed cloud extraction tools.
- Apple iCloud: Elcomsoft Phone Breaker
- Microsoft Account: Elcomsoft Phone Breaker (version 6.60 or newer)
- Google Account: Elcomsoft Cloud Explorer
|
Elcomsoft Phone Breaker Offers Over-the-Air Windows 10 Acquisition |
| June 19th, 2017 by Vladimir Katalov |
We’ve just updated Elcomsoft Phone Breaker to version 6.60, adding remote acquisition support for Microsoft Windows 10 phones and desktops. The new build can pull search and Web browsing history, call logs, and location history directly from the user’s Microsoft Account. In this article we’ll have a look at what exactly is available and can be extracted and where this information is stored. We will also list the steps required to extract and view the data.
|
Fetching Call Logs, Browsing History and Location Data from Microsoft Accounts |
| June 16th, 2017 by Oleg Afonin |
In other blog post, we discussed the updated Elcomsoft Phone Breaker that allows extracting search and browsing history, location data and call logs from users’ Microsoft Accounts. Now let’s talk about the origins of this data and how to enable its collection on different devices – even if they don’t run Microsoft Windows.
|
The New Google Authentication Engine in Elcomsoft Cloud Explorer 1.31 |
| June 15th, 2017 by Oleg Afonin |
As you may know, we have recently updated Elcomsoft Cloud Explorer, bumping the version number from 1.30 to 1.31. A very minor update? A bunch of unnamed bug fixes and performance improvements? Not really. Under the hood, the new release has major changes that will greatly affect usage experience. What exactly has changed and why, and what are the forensic implications of these changes? Bear with us to find out.
