Eighteen Years of GPU Acceleration
November 27th, 2025 by Oleg Afonin
Eighteen years ago, before “GPU acceleration” and “AI data center” became household terms, a small hi-tech company changed the rules of cryptography. In 2007, we unveiled a radical idea – using the untapped power of graphics processors to recover passwords, which coincided with the release of video cards capable of performing fixed-point calculations. What began as an experiment would soon redefine performance computing across nearly every field.
iOS Extraction Without a Jailbreak: Full iOS 9 Support, Simplified File System Extraction
August 6th, 2020 by Oleg Afonin
We updated iOS Forensic Toolkit to bring two notable improvements. The first one is the new acquisition option for jailbreak-free extractions. The new extraction mode helps experts save time and disk space by pulling only the content of the user partition while leaving the static system partition behind. The second update expands jailbreak-free extraction all the way back to iOS 9, now supporting all 64-bit devices running all builds of iOS 9.
Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored
August 5th, 2020 by Oleg Afonin
The keychain is one of the hallmarks of the Apple ecosystem. Containing a plethora of sensitive information, the keychain is one of the best guarded parts of the walled garden. At the same time, the keychain is relatively underexplored by the forensic community. The common knowledge has it that the keychain contains the users’ logins and passwords, and possibly some payment card information. The common knowledge is missing the point: the keychain contains literally thousands of records belonging to various apps and the system that are required to access lots of other sensitive information. Let’s talk about the keychain, its content and its protection, and the methods used to extract, decrypt and analyze the various bits and pieces.
The Four Ways to Deal with iPhone Backup Passwords
July 30th, 2020 by Vladimir Katalov
We have published multiple articles on iPhone backup passwords already, covering the different aspects of the backup protection. In this publication, we have collected the most important information about the things you can do under different circumstances, some software recommendations, and some other practical tips and tricks, in a brief and simple form.
Live System Analysis: Discovering Encrypted Disk Volumes
July 28th, 2020 by Oleg Afonin
The wide spread of full-disk encryption makes live system analysis during incident response a challenge, but also an opportunity. A timely detection of full-disk encryption or a mounted crypto container allows experts take extra steps to secure access to encrypted evidence before pulling the plug. What steps are required and how to tell if the system is using full-disk encryption? “We have a tool for that”.
Downloading iOS 13 and iOS 14 iCloud Backups
July 21st, 2020 by Vladimir Katalov
The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.
checkra1n, USB Restrictions and Breaking Into Locked iPhones
July 17th, 2020 by Vladimir Katalov
The checkra1n jailbreak is fantastic. Not only does it work with the latest versions of iOS the other jailbreaks aren’t even available for, but it also allows performing partial data extraction from disabled and locked iPhones even if the passcode is not known. Still, you can encounter some problems if the USB restricted mode has been activated on the device. The latest build of chechra1n is to the rescue.
Defending Americans’ Right to Decrypt
July 16th, 2020 by Olga Koksharova
19 years ago, on July 16, 2001, the FBI arrested Dmitry Sklyarov, almost immediately after his speech at the DEF CON hacker conference, on a number of charges by Adobe. Dmitry was accused of many things, from software trafficking to conspiring with Elcomsoft and “third parties”, who put up the software for sale that could bypass technological protection on copyrighted material. Dmitry’s career at Elcomsoft began with a project on gaining access to protected Access databases. Soon, Dmitry got an idea about the security of PDF documents, and so he started working on it. From this idea the never-to-be-forgotten Advanced eBook Processor was born, because of which Dmitry was arrested in 2001 at DEF CON in Las Vegas, NV.
checkra1n Installation Tips & Tricks
July 14th, 2020 by Vladimir Katalov
Having trouble installing the checkra1n jailbreak? If you do it right, you achieve a nearly 100% success rate. We have collected the most important information on how to install and troubleshoot the checkra1n jailbreak. By following these advises, you will be able to jailbreak like a pro, whether you just want to research your own device or perform the file system and keychain acquisition.
The iPhone Data Recovery Myth: What You Can and Cannot Recover
July 10th, 2020 by Oleg Afonin
There is no lack of tools claiming the ability to recover lost or deleted information from the iPhone. These tools’ claims range from “Recover data lost due to water damaged, broken, deletion, device loss, etc.” to the much more reserved “Selectively recovers iPhone data from internal memory, iCloud, and iTunes”. Do any of those tools actually work, and do they live up to the user’s expectations? The answer is complex, hence this article. Let us place the claims through our usual scrutiny.
Significant Locations, iOS 14 and iCloud
July 9th, 2020 by Vladimir Katalov
Location data is one of the most sensitive pieces of personal information. In today’s world, aggregated location data is as sensitive and as valuable as the user’s passwords. Once this data is transmitted to the OS manufacturer’s cloud service or any of the third-party vendors, the user has the right to know exactly what information is collected; who, when, and how has access to it. In today’s article, we will talk about one of the iOS lesser known features called “Significant locations”.
