Apple vs Law Enforcement: Cloudy Times

February 4th, 2020 by Vladimir Katalov

Just days ago, we have reviewed the data stored in iCloud, and studied its encryption mechanisms. We also discussed the discrepancies between the data that is stored in the cloud and the data that’s provided to the law enforcement. In case you missed it, make sure to check out Apple vs. Law Enforcement: Cloud Forensics. Today, the differences are great; Apple is using point-to-point encryption to protect certain types of data. However, it has not always been that way. Apple security model changed year after year. This article reviews the timeline of Apple security changes over time.

Read the rest of this entry »

Challenges in Computer and Mobile Forensics: What to Expect in 2020

December 20th, 2019 by Oleg Afonin

The past two years introduced a number of challenges forensic experts have never faced before. In 2018, Apple made it more difficult for the police to safely transport a seized iPhone to the lab by locking the USB port with USB restricted mode, making data preservation a challenge. The release of the A12 platform, also in 2018, made it difficult to unlock iOS devices protected with an unknown password, while this year’s release of iOS 13 rendered unlock boxes useless on iPhones based on the two most recent platforms.

Read the rest of this entry »

Extracting Skype Histories and Deleted Files Metadata from Microsoft Account

December 19th, 2019 by Oleg Afonin

Skype synchronizes chats, text messages and files sent and received with the Microsoft Account backend. Accessing Skype conversation histories by performing a forensic analysis of the user’s Microsoft Account is often the fastest and easiest way to obtain valuable evidence. Learn how to use Elcomsoft Phone Breaker to quickly extract the complete conversation histories along with attachments and metadata from the user’s Microsoft Account.

Read the rest of this entry »

iOS Device Acquisition with checkra1n Jailbreak

November 27th, 2019 by Vladimir Katalov

We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak.  Why is the checkra1n jailbreak so important for the forensic community, and what new opportunities in acquiring Apple devices does it present to forensic experts? We’ll find out what types of data are available on both AFU (after first unlock) and BFU (before first unlock) devices, discuss the possibilities of acquiring locked iPhones, and provide instructions on installing the checkra1n jailbreak.

Read the rest of this entry »

Forensic Acquisition of Apple TV with checkra1n Jailbreak

November 22nd, 2019 by Vladimir Katalov

Are you excited about the new checkm8 exploit? If you haven’t heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The good news is that a jailbreak based on this exploit is already available, look at the checkra1n web site.

Read the rest of this entry »

What is Password Recovery and How It Is Different from Password Cracking

November 21st, 2019 by Oleg Afonin

Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types of password protection, all having their legitimate use cases. In this article, we’ll explain the differences between the many types of password protection.

Read the rest of this entry »

Synology NAS Encryption: Forensic Analysis of Synology NAS Devices

November 19th, 2019 by Oleg Afonin

Home users and small offices are served by two major manufacturers of network attached storage devices (NAS): QNAP and Synology, with Western Digital being a distant third. All Qnap and Synology network attached storage models are advertised with support for hardware-accelerated AES encryption. Encrypted NAS devices can be a real roadblock on the way of forensic investigations. In this article, we’ll review the common encryption scenarios used in home and small office models of network attached storage devices made by Synology.

Read the rest of this entry »

Using DC Dimming to Stop PWM Flickering in iPhone 11 Pro and Pro Max, Google Pixel 4 and 4 XL

November 6th, 2019 by Oleg Afonin

Just like the previous generation of OLED-equipped iPhones, the iPhone 11 Pro and Pro Max both employ OLED panels that are prone to flickering that is particularly visible to those with sensitive eyes. The flickering is caused by PWM (Pulse Width Modulation), a technology used by OLED manufacturers to control display brightness. While both panels feature higher peak brightness compared to the OLED panel Apple used in the previous generations of iPhones, they are still prone to the same flickering at brightness levels lower than 50%. The screen flickering is particularly visible in low ambient brightness conditions, and may cause eyestrain with sensitive users.

Read the rest of this entry »

Microsoft Office encryption evolution: from Office 97 to Office 2019

October 31st, 2019 by Oleg Afonin

The first Microsoft Office product was announced back in 1988. During the past thirty years, Microsoft Office has evolved from a simple text editor to a powerful combination of desktop apps and cloud services. With more than 1.2 billion users of the desktop Office suite and over 60 million users of Office 365 cloud service, Microsoft Office files are undoubtedly the most popular tools on the market. With its backward file format compatibility, Microsoft Office has become a de-facto standard for documents interchange.

Read the rest of this entry »

Four and a Half Apple Passwords

October 3rd, 2019 by Vladimir Katalov

Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms, they have many tangible benefits. They can be as complex or as easy to remember as needed; they can be easy to use and secure at the same time (if used properly).

Read the rest of this entry »

Installing and using iOS Forensic Toolkit on macOS 10.15 Catalina

October 2nd, 2019 by Oleg Afonin

The release of macOS Catalina brought the usual bunch of security updates. One of those new security features directly affects how you install Elcomsoft iOS Forensic Toolkit on Macs running the new OS. In this guide we’ll provide step by step instructions on installing and running iOS Forensic Toolkit on computers running macOS 10.15 Catalina. Note: on macOS Catalina, you must use iOS Forensic Toolkit 5.11 or newer (older versions may also work but not recommended).

Read the rest of this entry »