Perfect Acquisition Part 5: Perfect APFS Acquisition
July 21st, 2025 by Elcomsoft R&D
Welcome to Part 5 of the Perfect Acquisition series! In case you missed the previous parts, please check them out for background information. This section provides a comprehensive guide to performing the Perfect APFS Acquisition procedure.
Elcomsoft vs. Hashcat: Addressing Feedback
November 25th, 2020 by Oleg Afonin
After publishing the first article in the series, we received numerous comments challenging our claims. We carefully reviewed every comment, reread and reevaluated our original article. Elcomsoft vs. Hashcat Rev.1.1 is here.
Extracting Evidence from iPhone Devices: Do I (Still) Need a Jailbreak?
November 23rd, 2020 by Vladimir Katalov
If you are familiar with iOS acquisition methods, you know that the best results can be obtained with a full file system acquisition. However, extracting the file system may require jailbreaking, which may be risky and not always permitted. Are there any reasons to use jailbreaks for extracting evidence from Apple devices?
Elcomsoft vs. Hashcat Part 1: Hardware Acceleration, Supported Formats and Initial Configuration
November 18th, 2020 by Oleg Afonin
Hashcat is a great, free tool competing head to head with the tools we make. We charge several hundred dollars for what, in the end, can be done with a free tool. What are the reasons for our customers to choose ElcomSoft products instead of Hashcat, and is the expense justified? We did our best to compare the two tools to help you make the informed decision.
Mobile Forensics – Advanced Investigative Strategies
November 16th, 2020 by Vladimir Katalov
Four years ago, we published our first book: Mobile Forensics – Advanced Investigative Strategies. We are really proud of this achievement. Do you want to know the story behind it and what’s changed since then in mobile and cloud forensics? Here are some insides (but please do not tell anyone!)
Apple Watch Forensics Reloaded
November 13th, 2020 by Vladimir Katalov
Is it possible to extract any data from an Apple Watch? It’s relatively easy if you have access to the iPhone the device is paired to, or if you have a backup of that iPhone. But what if the watch is all you have? If there is no paired iPhone, no backup and no iCloud credentials, how can you connect the Apple Watch to the computer, and can you backup the watch?
Elcomsoft and The Case of the Apple iPad
November 12th, 2020 by Shafik Punja
For almost a decade, if not longer, I have collaborated with Vladimir Katalov on various digital forensics research topics. He has always been a great source of guidance, especially on iOS related challenges. When he offered me a standing invitation to post on the Elcomsoft Blog, I felt very humbled and honored to be given the opportunity to post on the ElcomSoft Blog, and I would like to thank the ElcomSoft team. This article has also been prepared together, with Vladimir Katalov.
iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System Extraction
November 11th, 2020 by Vladimir Katalov
It’s been a week since Apple has released iOS 14.2 as well as iOS 12.4.9 for older devices. Just a few days later, the developers updated the checkra1n jailbreak with support for new devices and iOS versions. What does that mean for iOS forensics? Let’s have a look; we have done some testing, and our discoveries are positively consistent with our expectations. Just one exception: to our surprise, Apple did not patch the long lasting vulnerability in iOS 12.4.9 that leaves the door open to full file system extraction and keychain acquisition without jailbreaking.
Protecting iMessage Communications
November 4th, 2020 by Oleg Afonin
How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular instant messaging system, the iMessage. But how secure it really is? Let’s find out.
Breaking Intuit Quicken and QuickBooks Passwords in 2021
November 2nd, 2020 by Oleg Afonin
Intuit Quicken is one of the oldest tools of its kind. Over the years, Quicken had become the de facto standard for accounting, tax reporting and personal finance management in North America.
Five Hundred Posts
October 30th, 2020 by Vladimir Katalov
Believe me or not, but this is exactly the 500th post in our blog! The first one was posted in March 2009 and was about Distributed Password Recovery and GPU acceleration. At that time, we even did not do mobile or cloud forensics. Today it’s not about our achievements. I want to thank you for being with us, and share a few bits and pieces about our blog that you may find handy or at least amusing.
