Installing and Troubleshooting the Extraction Agent (2025)
July 2nd, 2025 by Oleg Afonin
Over the years, we’ve published numerous guides on installing the iOS Forensic Toolkit extraction agent and troubleshooting issues. As both the tool and its environment evolved, so did our documentation – often leading to outdated or scattered information. This article consolidates and updates everything in one place, detailing the correct installation and troubleshooting procedures.
Attached Storage Forensics: Security Analysis of Thecus NAS
January 9th, 2020 by Oleg Afonin
Thecus has been manufacturing NAS devices for more than 15 years. The company develops an in-house Linux-based NAS OS, the ThecusOS. At this time, the most current version of the OS is ThecusOS 7. Thecus advertises secure data encryption in most of its NAS devices. The company’s volume-based encryption tool allows users to fully encrypt their entire RAID volume, defending essential data in instances of theft of the physical device. We found Thecus’ implementation of encryption somewhat unique. In this research, we’ll verify the manufacturer’s claims and check just how secure is Thecus’ implementation of 256-bit AES encryption.
Our Developments and Achievements in 2019
December 24th, 2019 by Olga Koksharova
For us, this year has been extremely replete with all sorts of developments in desktop, mobile and cloud forensics. We are proud with our achievements and want to share with you. Let’s have a quick look at what we’ve achieved in the year 2019.
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
December 20th, 2019 by Vladimir Katalov
We have recently updated Elcomsoft iOS Forensic Toolkit, adding the ability to acquire the file system from a wide range of iOS devices. The supported devices include models ranging from the iPhone 5s through the iPhone X regardless of the iOS version; more on that in iOS Device Acquisition with checkra1n Jailbreak. In today’s update (for both Windows and macOS platforms as usual), we’ve added the ability to extract select keychain records in the BFU (Before First Unlock) mode. We have a few other changes and some tips on extracting locked and disabled devices.
Challenges in Computer and Mobile Forensics: What to Expect in 2020
December 20th, 2019 by Oleg Afonin
The past two years introduced a number of challenges forensic experts have never faced before. In 2018, Apple made it more difficult for the police to safely transport a seized iPhone to the lab by locking the USB port with USB restricted mode, making data preservation a challenge. The release of the A12 platform, also in 2018, made it difficult to unlock iOS devices protected with an unknown password, while this year’s release of iOS 13 rendered unlock boxes useless on iPhones based on the two most recent platforms.
Extracting Skype Histories and Deleted Files Metadata from Microsoft Account
December 19th, 2019 by Oleg Afonin
Skype synchronizes chats, text messages and files sent and received with the Microsoft Account backend. Accessing Skype conversation histories by performing a forensic analysis of the user’s Microsoft Account is often the fastest and easiest way to obtain valuable evidence. Learn how to use Elcomsoft Phone Breaker to quickly extract the complete conversation histories along with attachments and metadata from the user’s Microsoft Account.
iOS Device Acquisition with checkra1n Jailbreak
November 27th, 2019 by Vladimir Katalov
We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak. Why is the checkra1n jailbreak so important for the forensic community, and what new opportunities in acquiring Apple devices does it present to forensic experts? We’ll find out what types of data are available on both AFU (after first unlock) and BFU (before first unlock) devices, discuss the possibilities of acquiring locked iPhones, and provide instructions on installing the checkra1n jailbreak.
Forensic Acquisition of Apple TV with checkra1n Jailbreak
November 22nd, 2019 by Vladimir Katalov
Are you excited about the new checkm8 exploit? If you haven’t heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The good news is that a jailbreak based on this exploit is already available, look at the checkra1n web site.
What is Password Recovery and How It Is Different from Password Cracking
November 21st, 2019 by Oleg Afonin
Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types of password protection, all having their legitimate use cases. In this article, we’ll explain the differences between the many types of password protection.
Synology NAS Encryption: Forensic Analysis of Synology NAS Devices
November 19th, 2019 by Oleg Afonin
Home users and small offices are served by two major manufacturers of network attached storage devices (NAS): QNAP and Synology, with Western Digital being a distant third. All Qnap and Synology network attached storage models are advertised with support for hardware-accelerated AES encryption. Encrypted NAS devices can be a real roadblock on the way of forensic investigations. In this article, we’ll review the common encryption scenarios used in home and small office models of network attached storage devices made by Synology.
Using DC Dimming to Stop PWM Flickering in iPhone 11 Pro and Pro Max, Google Pixel 4 and 4 XL
November 6th, 2019 by Oleg Afonin
Just like the previous generation of OLED-equipped iPhones, the iPhone 11 Pro and Pro Max both employ OLED panels that are prone to flickering that is particularly visible to those with sensitive eyes. The flickering is caused by PWM (Pulse Width Modulation), a technology used by OLED manufacturers to control display brightness. While both panels feature higher peak brightness compared to the OLED panel Apple used in the previous generations of iPhones, they are still prone to the same flickering at brightness levels lower than 50%. The screen flickering is particularly visible in low ambient brightness conditions, and may cause eyestrain with sensitive users.
