Leveraging User Profiles for Smarter Password Attacks
November 24th, 2025 by Oleg Afonin
Most real-world passwords aren’t random – they follow the owner’s habits, preferences, and personal history. Names, birthdays, pets, team loyalties, and even old usernames affect how people build their “secret” strings. By turning this everyday information into structured, prioritized password candidates, analysts can reach higher success rates than with generic dictionaries or blind brute force. This article explains how to transform user data into a focused attack strategy.
Apple Watch Forensics Reloaded
November 13th, 2020 by Vladimir Katalov
Is it possible to extract any data from an Apple Watch? It’s relatively easy if you have access to the iPhone the device is paired to, or if you have a backup of that iPhone. But what if the watch is all you have? If there is no paired iPhone, no backup and no iCloud credentials, how can you connect the Apple Watch to the computer, and can you backup the watch?
Elcomsoft and The Case of the Apple iPad
November 12th, 2020 by Shafik Punja
For almost a decade, if not longer, I have collaborated with Vladimir Katalov on various digital forensics research topics. He has always been a great source of guidance, especially on iOS related challenges. When he offered me a standing invitation to post on the Elcomsoft Blog, I felt very humbled and honored to be given the opportunity to post on the ElcomSoft Blog, and I would like to thank the ElcomSoft team. This article has also been prepared together, with Vladimir Katalov.
iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System Extraction
November 11th, 2020 by Vladimir Katalov
It’s been a week since Apple has released iOS 14.2 as well as iOS 12.4.9 for older devices. Just a few days later, the developers updated the checkra1n jailbreak with support for new devices and iOS versions. What does that mean for iOS forensics? Let’s have a look; we have done some testing, and our discoveries are positively consistent with our expectations. Just one exception: to our surprise, Apple did not patch the long lasting vulnerability in iOS 12.4.9 that leaves the door open to full file system extraction and keychain acquisition without jailbreaking.
Protecting iMessage Communications
November 4th, 2020 by Oleg Afonin
How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular instant messaging system, the iMessage. But how secure it really is? Let’s find out.
Breaking Intuit Quicken and QuickBooks Passwords in 2021
November 2nd, 2020 by Oleg Afonin
Intuit Quicken is one of the oldest tools of its kind. Over the years, Quicken had become the de facto standard for accounting, tax reporting and personal finance management in North America.
Five Hundred Posts
October 30th, 2020 by Vladimir Katalov
Believe me or not, but this is exactly the 500th post in our blog! The first one was posted in March 2009 and was about Distributed Password Recovery and GPU acceleration. At that time, we even did not do mobile or cloud forensics. Today it’s not about our achievements. I want to thank you for being with us, and share a few bits and pieces about our blog that you may find handy or at least amusing.
The Forensic View of iMessage Security
October 29th, 2020 by Vladimir Katalov
Apple iMessage is an important communication channel and an essential part of forensic acquisition efforts. iMessage chats are reasonably secure. Your ability to extract iMessages as well as the available sources of extraction will depend on several factors. Let’s discuss the factors that may affect your ability to extract, and what you can do to overcome them.
May the [Brute] Force Be with You!
October 28th, 2020 by Vladimir Katalov
Remember the good old times when there was a lot of applications with “snake oil” encryption? You know, the kind of “peace of mind” protection that allowed recovering or removing the original plaintext password instantly? It is still the case for a few “we-don’t-care” apps such as QuickBooks 2021, but all of the better tools can no longer be cracked that easily. Let’s review some password recovery strategies used in our software today.
Extracting the iPhone: (No) Tools Required?
October 27th, 2020 by Vladimir Katalov
If the iPhone is locked with a passcode, it is considered reasonably secure. The exception are some older devices, which are relatively vulnerable. But what if the passcode is known or is not set? Will it be easy to gain access to all of the data stored in the device? And why do we have the countless forensic tools –is analysis and reporting the sole reason for their existence? Not really. If you’ve been wondering what this acquisition thing is all about, this article is for you.
13 Years of GPU Acceleration
October 22nd, 2020 by Oleg Afonin
Today, we have an important date. It’s been 13 years since we invented a technique that reshaped the landscape of modern password recovery. 13 years ago, we introduced GPU acceleration in our then-current password recovery tool, enabling the use of consumer-grade gaming video cards for breaking passwords orders of magnitude faster.
