Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units
November 14th, 2024 by Oleg Afonin
In the latest update of Elcomsoft Distributed Password Recovery (EDPR), we’ve introduced a revamped load-balancing feature. The new feature aims to enhance resource utilization on local workstations across diverse hardware configurations. This update has drastically reduced the time required to break passwords in certain hardware configurations, thanks to a refined load distribution algorithm. In this article, we’ll share some technical details on how load balancing leverages a mix of GPUs and CPU cores.
iOS 12 Beta 5: One Step Forward, Two Steps Back
July 31st, 2018 by Vladimir Katalov
The release of iOS 11.4.1 marked the introduction of USB restricted mode, a then-new protection scheme disabling USB data pins after one hour. The USB restricted mode was not invincible; in fact, one could circumvent protection by connecting the device to a $39 accessory. While a great improvement on itself, the new mode did not provide sufficient protection. We wished Apple maintained a list of “trusted” or previously connected accessories on the device, allowing only such devices to reset the timer. In this new iOS 12 beta, Apple makes attempts to further “improve” USB restricted mode, yet the quotes about “improving” the system are there on purpose.
USB Restricted Mode Inside Out
July 12th, 2018 by Vladimir Katalov
It’s been a lot of hype around the new Apple security measure (USB restricted mode) introduced in iOS 11.4.1. Today we’ll talk about how we tested the new mode, what are the implications, and what we like and dislike about it. If you are new to the topic, consider reading our blog articles first (in chronological order):
Accessing Lockdown Files on macOS
July 12th, 2018 by Oleg Afonin
Lockdown records, or pairing records, are frequently used for accessing locked iOS devices. By using an existing lockdown record extracted from the suspect’s computer, forensic specialists can perform logical acquisition of the iOS device with iOS Forensic Toolkit and other forensic tools. Logical acquisition helps obtain information stored in system backups, access shared and media files, and even extract device crash logs. However, lockdown records may be tricky to access and difficult to extract. macOS protects lockdown files with access permissions. Let’s find out how to access the lockdown files on a live macOS system.
Training in Vienna
July 10th, 2018 by Oleg Afonin
Did you know we have forensic trainings? We’ve partnered with T3K Forensics to feature a 3-day training on iOS forensics. This fall in beautiful Vienna, 17.-19.10.2018, we’ll train a group of law enforcement and forensic specialists on every aspect of iOS acquisition and analysis. We’ll talk about the acquisition workflow and have participants perform logical, physical and cloud extraction of iOS devices. Expect live demonstrations and fully guided hands-on experience jailbreaking and extracting iOS devices, pulling data from locked iPhones and accessing the cloud for even more evidence.
Using iOS 11.2-11.3.1 Electra Jailbreak for iPhone Physical Acquisition
July 10th, 2018 by Oleg Afonin
It’s been fast. iOS 11.3.1 and all earlier versions of the system down to iOS 11.2 have been successfully jailbroken. In addition, the jailbreak is compatible with iOS 11.4 beta 1 through 3. We normally wouldn’t post about each new jailbreak release; however, this time things are slightly different. The new Electra jailbreak uses two different exploits and presents two very different installation routines depending on whether or not you have a developer account with Apple. Considering how much more stable the developer-account exploit is compared to the routine available to the general public, this time it pays to be an Apple developer.
This $39 Device Can Defeat iOS USB Restricted Mode
July 9th, 2018 by Oleg Afonin
The most spoken thing about iOS 11.4.1 is undoubtedly USB Restricted Mode. This highly controversial feature is apparently built in response to threats created by passcode cracking solutions such as those made by Cellerbrite and Grayshift. On unmanaged devices, the new default behavior is to disable data connectivity of the Lightning connector after one hour since the device was last unlocked, or one hour since the device has been disconnected from a trusted USB accessory. In addition, users can quickly disable the USB port manually by following the S.O.S. mode routine.
Apple Warns Users against Jailbreaking iOS Devices: True or False?
July 2nd, 2018 by Oleg Afonin
Apple has an article on their official Web site, warning users against jailbreaking iOS devices. The article “Unauthorized modification of iOS can cause security vulnerabilities, instability, shortened battery life, and other issues” is available at https://support.apple.com/en-us/HT201954. How much truth is in that article, and is jailbreaking as dangerous as Apple claims? We’ll comment the article based on our extensive experience in jailbreaking more than a hundred devices running every version of iOS imaginable.
Breaking Deeper Into iPhone Secrets
June 20th, 2018 by Vladimir Katalov
iPhone protection becomes tougher with each iteration. The passcode is extremely hard to break, and it’s just the first layer of defense. Even if the device is unlocked or if you know the passcode, it is not that easy and sometimes impossible to access all the data stored on the device. This includes, for example, conversations in Signal, one of the most secure messengers. Apple did a very good job as a privacy and security advocate.
iOS Forensic Toolkit 4.0 with Physical Keychain Extraction
June 20th, 2018 by Oleg Afonin
We have just released an update to iOS Forensic Toolkit. This is not just a small update. EIFT 4.0 is a milestone, marking the departure from supporting a large number of obsolete devices to focusing on current iOS devices (the iPhone 5s and newer) with and without a jailbreak. Featuring straightforward acquisition workflow, iOS Forensic Toolkit can extract more information from supported devices than ever before.
iOS 11.4.1 Second Beta Extends USB Restricted Mode with Manual Activation
June 14th, 2018 by Vladimir Katalov
Thinking Apple is done with USB Restricted Mode? Not yet. They have at least one more deus ex machina to shake up the forensic community.
