Bypassing Stolen Device Protection: Alternative Ways of Installing the Extraction Agent
June 24th, 2026 by Oleg Afonin
Stated plainly: iOS Forensic Toolkit can now get past Stolen Device Protection. There is a catch, and it belongs up front: this is not a magic unlock, and anyone selling it as one is selling something. What we have built is a way to install the extraction agent without ever pairing the iPhone to the workstation over a USB port. Because the most disruptive thing SDP does to a forensic workflow is place Face ID or Touch ID in front of that pairing step, bypassing the pairing step bypasses the gate. You still need the device passcode, a paid Apple Developer account, and a device you are authorized to examine. With those in hand, SDP is no longer the wall it was a month ago.
Password Crackers’ Gold Mine: Browser Passwords
June 1st, 2021 by Vladimir Katalov
How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.
Hey Dude, Where Is My iCloud Data?
May 27th, 2021 by Vladimir Katalov
For more than ten years, we’ve been exploring iPhone backups, both local and iCloud, and we know a lot about them. Let’s reveal some secrets about the different types of backups and how they compare to each other.
The Inception of Elcomsoft Phone Breaker
May 26th, 2021 by Vladimir Katalov
It’s been 10 years since we have released one of our flagship products, Elcomsoft Phone Breaker. The first version appeared in April 2011, and was named “iPhone Password Breaker”. Since then, we made tons of improvements. The tool lost the “iPhone” designation, and the “Password” part was dropped from its name because it was no longer limited to iPhones or passwords. Today, the tool can offer unmatched features for the mobile forensic specialists.
Forensically Sound checkm8 Based Extraction of iPhone 5s, 6, 6s and SE
May 19th, 2021 by Oleg Afonin
Back in 2019, independent researcher axi0mX has developed a ground-breaking exploit. Targeting a vulnerability in the bootloader of several generations of iOS devices, checkm8 made it possible to obtain BootROM code execution and perform forensic analysis on a long list of devices running a wide range of iOS versions. In this article, we’ll talk about the forensic use of checkm8 with iOS Forensic Toolkit.
Guide: Forensically Sound Extraction of iPhone 5s, 6, 6s and SE with checkm8 Exploit
May 19th, 2021 by Vladimir Katalov
The previous publication talks about the basics of using the bootloader-level exploit for extracting iOS devices. In this article, we are posting a comprehensive step-by-step guide of using the new checkm8 capability of iOS Forensic Toolkit for performing forensically sound extractions of a range of Apple devices.
The File System Dirty Bit
May 18th, 2021 by Vladimir Katalov
In older iPhones, the ‘file system dirty’ flag indicates unclean device shutdown, which affects the ability to perform bootloader-level extractions of Apple devices running legacy versions of iOS (prior to iOS 10.3 released in March 2017). As such, the “file system dirty” flag must be cleared before the extraction. In this article we discuss the very different forensic implications of this flag if it is set on the Data or System partitions.
A Tale of One iPhone Backup Password
May 17th, 2021 by Vladimir Katalov
Have an iPhone backup but cannot get around the password protection? I have a story to share. I was recently contacted by an old partner from the other side of the world who asked for assistance in an urgent case. He had an iTunes-style backup of a device full of critical evidence, but the password locked him out of the data.
Our Guidelines For The World Password Day
May 6th, 2021 by Olga Koksharova
There was a 3-fold increase in identity theft and more than 2-fold increase in phishing attacks registered in 2020 compared to 2019 according to IC3 report. A whopping 50 – 81% of attacks (depending on who you read) are targeting both corporate and private sectors to steal users’ login credentials; that is, passwords. No matter what changes happen in data security, passwords remain the most wide-spread means of protection.
Breaking Wi-Fi Passwords with NVIDIA Ampere
April 12th, 2021 by Oleg Afonin
The supply of NVIDIA’s latest and greatest RTX 3000 series boards remains scarce due to production shortages and increased demand from gamers and cryptocurrency miners. That didn’t stop us from giving these cards yet another purpose: breaking Wi-Fi passwords.
Breaking RAR5 and 7Zip Passwords
April 6th, 2021 by Oleg Afonin
The recent update to Elcomsoft Advanced Archive Password Recovery, our go-to tool for breaking passwords to encrypted archives, brought compatibility with RAR5 and 7Zip formats, and enabled multithreaded dictionary attacks. Which archive formats are the most secure, and which ones are the toughest to break? Read along to find out!
