Elcomsoft System Recovery Simplifies Digital Field Triage and In-Field Investigations

June 17th, 2021 by Oleg Afonin

Elcomsoft System Recovery is a perfect tool for digital field triage, enabling safer and more secure in-field investigations of live computers by booting from a dedicated USB media instead of using the installed OS. The recent update added a host of features to the already great tool, making it easier to examine the file system and extract passwords from the target computer.

Read the rest of this entry »

Our Guidelines For The World Password Day

May 6th, 2021 by Olga Koksharova

There was a 3-fold increase in identity theft and more than 2-fold increase in phishing attacks registered in 2020 compared to 2019 according to IC3 report. A whopping 50 – 81% of attacks (depending on who you read) are targeting both corporate and private sectors to steal users’ login credentials; that is, passwords. No matter what changes happen in data security, passwords remain the most wide-spread means of protection.

Read the rest of this entry »

Breaking Wi-Fi Passwords with NVIDIA Ampere

April 12th, 2021 by Oleg Afonin

The supply of NVIDIA’s latest and greatest RTX 3000 series boards remains scarce due to production shortages and increased demand from gamers and cryptocurrency miners. That didn’t stop us from giving these cards yet another purpose: breaking Wi-Fi passwords.

Read the rest of this entry »

Breaking RAR5 and 7Zip Passwords

April 6th, 2021 by Oleg Afonin

The recent update to Elcomsoft Advanced Archive Password Recovery, our go-to tool for breaking passwords to encrypted archives, brought compatibility with RAR5 and 7Zip formats, and enabled multithreaded dictionary attacks. Which archive formats are the most secure, and which ones are the toughest to break? Read along to find out!

Read the rest of this entry »

Breaking the iPhone 12: Forensic Extraction of iOS 14 Devices

March 18th, 2021 by Oleg Afonin

iOS Forensic Toolkit 7.0 brings low-level extraction support for the latest generation of Apple devices. This includes the entire range of iPhone 12 models as well as all other devices capable of running iOS 14.0 to 14.3. Learn how to image the latest iPhone models without a jailbreak.

Read the rest of this entry »

iOS Recovery Mode Analysis: Reading iOS Version from Locked and Disabled iPhones

February 18th, 2021 by Oleg Afonin

The iPhone recovery mode has limited use for mobile forensics. However, even the limited amount of information available through recovery mode can be essential for an investigation. Recovery access can be also the only available analysis method if the device becomes unusable, is locked or disabled after ten unsuccessful unlocking attempts, or had entered the USB restricted mode. Learn how to enter and leave Recovery and what information you can obtain in this mode.

Read the rest of this entry »

Breaking Jetico BestCrypt

February 3rd, 2021 by Oleg Afonin

BestCrypt, developed by the Finnish company Jetico, is a cross-platform commercial disk encryption tool. Available for Windows, Linux, macOS and Android platforms, BestCrypt is delivered in two editions, one offering full-disk encryption and the other encrypting virtual disk volumes stored in containers, the latter being supported with our tools.

Read the rest of this entry »

Passcode Unlock and Physical Acquisition of iPhone 4, 5 and 5c

February 2nd, 2021 by Vladimir Katalov

Passcode unlock and true physical acquisition are now available for iPhone 4, 5, and 5c devices – with caveats. Learn about the benefits and limitations of passcode unlocks and true physical imaging of Apple’s legacy devices. Looking for a step by step walkthrough? Check out our imaging guide!

Read the rest of this entry »

iPhone 4, iPhone 5 and iPhone 5c Physical Acquisition Walkthrough

February 2nd, 2021 by Oleg Afonin

True physical acquisition is back – but only for a handful of old devices. We’re adding support for unlocking and forensically sound extraction of some of Apple’s legacy iPhones. For iPhone 4, 5, and 5c devices, we’re adding software-based passcode unlocking and device imaging functionality. Moreover, on some models you won’t even need to break the passcode in order to make a full disk image! In this walkthrough we’ll describe the steps required to image an iPhone 4, iPhone 5 or iPhone 5c device.

Read the rest of this entry »

NAS Forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus Encryption Compared

February 1st, 2021 by Oleg Afonin

More than a year ago, we started researching the available encryption options in off the shelf network attached storage devices. We started with Synology devices, followed by Asustor, TerraMaster, Thecus, and finally Qnap. The manufacturers exhibit vastly different approaches to data protection, with different limitations, security implications and vulnerabilities. Today we are publishing the aggregate results of our analysis.

Read the rest of this entry »

End-to-End Encryption in Apple iCloud, Google and Microsoft Accounts

January 21st, 2021 by Oleg Afonin

The proliferation of always connected, increasingly smart devices had led to a dramatic increase in the amount of highly sensitive information stored in manufacturers’ cloud accounts. Apple, Google, and Microsoft are the three major cloud providers who also develop their own hardware and OS ecosystems. In this report, we’ll see how these companies protect their users’ highly sensitive information compared to each other.

Read the rest of this entry »