As we all know, Google collects and processes an awful lot of data about pretty much everyone who is using the company’s cloud services or owns a smartphone running the Android OS (or, to be precise, is using a device with Google Mobile Services). Just how much data is available was described in our previous article, What Google Knows about You, and Why It Matters. Today, we’ll discuss something slightly different. Meet Google Timeline, a relatively new feature extending the company’s Maps service.

In today’s thoroughly connected world, everyone shares at least some of their personal information with, well, strangers. Voluntarily or not, people using personal computers or mobile devices have some of their information transmitted to, processed, stored and used by multiple online service providers.

In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?

Have you ever tried to unlock a password but couldn’t succeed? This happens when the password is really strong and designed to be hard to break quickly. In this article, we’ll explain why this can be a tough challenge and what you can do about it.

Agent-based low-level extraction of Apple mobile devices requires sideloading an app onto the device, which is currently far from seamless. One can only run sideloaded apps if they are signed with a device-specific digital signature, which must be validated by an Apple server. Establishing a connection to the server carries a number of potential risks. In this article, we are proposing a solution that reduces the risks by using a firewall script.

Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time, NTLM passwords can be used to unlock DPAPI-protected data such as the user’s passwords stored in Web browsers, encrypted chats, EFS-protected files and folders, and a lot more. In this article we argue about prioritizing the recovery of NTLM hashes over any other types of encrypted data.

iOS 16 brings many changes to mobile forensics. Users receive additional tools to control the sharing and protection of their personal information, while forensic experts will face tighter security measures. In this review, we’ll talk about the things in iOS 16 that are likely to affect the forensic workflow.

Disk encryption is widely used desktop and laptop computers. Many non-ZFS Linux distributions rely on LUKS for data protection. LUKS is a classic implementation of disk encryption offering the choice of encryption algorithms, encryption modes and hash functions. LUKS2 further improves the already tough disk encryption. Learn how to deal with LUKS2 encryption in Windows and how to break in with distributed password attacks.

Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!

Apple ecosystem includes a comprehensive backup ecosystem that includes both local and cloud backups, and data synchronization with end-to-end encryption for some categories. Today we’ll discuss the iCloud backups, particularly targeting issues that are not covered in the official documentation.