When Speed Matters: Optimizing Disk Imaging

September 27th, 2024 by Vladimir Katalov

We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additional test, and we’re ready to share further insights into the performance of disk imaging.

Read the rest of this entry »

All You Wanted To Know About iOS Backups

April 17th, 2024 by Oleg Afonin

iOS backup passwords are a frequent topic in our blog. We published numerous articles about these passwords, and we do realize it might be hard for a reader to get a clear picture from these scattered articles. This one publication is to rule them all. We’ll talk about what these passwords are, how they affect things, how to recover them, whether they can be reset, and whether you should bother. We’ll summarize years of research and provide specific recommendations for dealing with passwords.

Read the rest of this entry »

checkm8: Advancements in iOS 16 Forensic Extraction

March 15th, 2024 by Elcomsoft R&D

In iOS device forensics, the process of low-level extraction plays a crucial role in accessing essential data for analysis. Bootloader-level extraction through checkm8 has consistently been the best and most forensically sound method for devices with a bootloader vulnerability. But even though we brought the best extraction method to Linux and Windows in recent releases, support for iOS 16 on these platforms was still lacking behind. In this article we’ll talk about the complexities in iOS 16 extractions and how we worked around them in the newest release of iOS Forensic Toolkit.

Read the rest of this entry »

Resource Management in Distributed Password Attacks

February 20th, 2024 by Oleg Afonin

In the latest update, Elcomsoft Distributed Password Recovery introduced a new feature that allows managing the available computational resources. The new resource management capability allows administrators to manage and distribute the available computational resources across multiple jobs. The feature enables users to tap into a pool of available resources by requesting a certain number of recovery agents. The reserved recovery agents will be allocated, allowing multiple jobs to run separately at the same time.

Read the rest of this entry »

Bootloader-Level Extraction for Apple Hardware

February 9th, 2024 by Oleg Afonin

The bootloader vulnerability affecting several generations of Apple devices, known as “checkm8”, allows for forensically sound extraction of a wide range of Apple hardware including several generations of iPhones, iPads, Apple Watch, Apple TV, and even HomePod devices. The exploit is available for chips that range from the Apple A5 found in the iPhone 4s and several iPad models to A11 Bionic empowering the iPhone 8, 8 Plus, and iPhone X; older devices such as the iPhone 4 have other bootloader vulnerabilities that can be exploited to similar effect. In this article, we will go through the different chips and their many variations that are relevant for bootloader-level extractions.

Read the rest of this entry »

EU: Apple to Allow Alternative App Marketplaces

February 6th, 2024 by Vladimir Katalov

In the upcoming iOS 17.4 update, Apple is introducing significant changes to its App Store policies for apps distributed in the European Union. The new policy brings multiple changes, one of them being alternative app marketplaces (which are effectively third-party app stores). These changes have both technical and financial implications for developers, but do they bring news to the digital forensic crowd? Let’s have a look into what Apple’s new policy brings and how it may impact forensic experts.

Read the rest of this entry »

Navigating NVIDIA’s Super 40-Series GPU Update: A Guide for IT Professionals

February 2nd, 2024 by Oleg Afonin

With the launch of the Super update of 40-Series NVIDIA GPUs, the company’s product lineup has become quite complex. In the 4070 series alone, four models of the NVIDIA GeForce RTX are available: the original 4070, 4070 Ti, and now also 4070 Super, and 4070 Ti Super. Understanding the differences between these cards and learning which models offer the best price/performance ratio in password recovery jobs are crucial considerations for IT professionals.

Read the rest of this entry »

iOS Forensic Toolkit: Mounting HFS Images in Windows

February 1st, 2024 by Oleg Afonin

The latest update to iOS Forensic Toolkit brought the ability to mount HFS disk images extracted from legacy Apple devices as drive letters on Windows systems. This new capability to mount HFS images on Windows empowers experts to efficiently process and analyze digital evidence extracted from legacy Apple devices on Windows-based computers. This article provides detailed instructions on using the new feature.

Read the rest of this entry »

Changes to U.S. iOS App Store Policies Allow External Purchase Links

January 17th, 2024 by Vladimir Katalov

In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple will continue to collect a commission ranging from 12 to 27 percent on content purchased through this avenue, providing only a 3 percentage points commission cut compared to purchases made through the official Apple App Store.

Read the rest of this entry »

When Extraction Meets Analysis: Cellebrite Physical Analyzer

January 12th, 2024 by Oleg Afonin

When equipping a forensic lab, having a diverse set of tools is extremely important due to their diverse, rarely overlapping capabilities, and the need for cross-checking the results. With that many tools, compatibility is crucial. This is why we went a long way to ensure that any data extracted with our mobile forensic tools can be opened in many popular forensic analysis tools.

Read the rest of this entry »

Forensically Sound Cold System Analysis

January 8th, 2024 by Oleg Afonin

In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?

Read the rest of this entry »