Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units
November 14th, 2024 by Oleg Afonin
In the latest update of Elcomsoft Distributed Password Recovery (EDPR), we’ve introduced a revamped load-balancing feature. The new feature aims to enhance resource utilization on local workstations across diverse hardware configurations. This update has drastically reduced the time required to break passwords in certain hardware configurations, thanks to a refined load distribution algorithm. In this article, we’ll share some technical details on how load balancing leverages a mix of GPUs and CPU cores.
How to Obtain iMessages from iCloud
June 14th, 2018 by Oleg Afonin
iOS 11.4 has finally brought a feature Apple promised almost a year ago: the iMessage sync via iCloud. This feature made its appearance in iOS 11 beta, but was stripped from the final release. It re-appeared and disappeared several times during the iOS 11 development cycle, and has finally made it into iOS 11.4. Let’s have a look at how iMessages are protected and how to download them from iCloud.
iCloud and iMessage Security Concerns
June 14th, 2018 by Vladimir Katalov
We also trust these companies in ways that we do not understand yet. How many of you trust Apple? No voting… Just me 🙂 Damn! OK. May I ask you a very good question. Trusting to do what? Trusting when they say: “iMessages are end-to-end encrypted”? I mean, with all of that massive security engineering, to make sure it’s as good as it can be, so they genuinely believe they’ve done that. I do, generally, they’re great people. But… people believe themselves they can defend themselves against the Russians. If the Russians specifically targeted Apple, it’s only they can defend themselves. – Ian Levy, director at the GCHQ on anniversary of the foundation of the FIPR event that was held on 29/04/2018).
Protecting Your Data and Apple Account If They Know Your iPhone Passcode
June 12th, 2018 by Oleg Afonin
This publication is somewhat unusual. ElcomSoft does not need an introduction as a forensic vendor. We routinely publish information on how to break into the phone, gain access to information and extract as much evidence as theoretically possible using hacks (jailbreaks) or little known but legitimate workarounds. We teach and train forensic experts on how to extract and decrypt information, how to download information from iCloud with or without the password, how to bypass two-factor authentication and how their iPhone falls your complete victim if you know its passcode.
The iOS File System: TAR and Aggregated Locations Analysis
June 7th, 2018 by Oleg Afonin
Finally, TAR support is there! Using Elcomsoft iOS Forensic Toolkit to pull TAR images out of jailbroken iOS devices? You’ll no longer be left on your own with the resulting TAR file! Elcomsoft Phone Viewer 3.70 can now open the TAR images obtained with Elcomsoft iOS Forensic Toolkit or GrayKey and help you analyse evidence in that file. In addition, we added an aggregated view for location data extracted from multiple sources – such as the system logs or geotags found in media files.
Apple Probably Knows What You Did Last Summer
June 5th, 2018 by Vladimir Katalov
“Significant Locations” are an important part of the evidence logged on iPhones. Forensic experts doing the acquisition will try accessing Significant Locations. At the same time, many iPhone users are completely unaware of the existence of this feature. What are Significant Locations, where are they stored, and how to extract them, and what value do they serve in investigations?
iOS 11.4.1 Beta: USB Restricted Mode Has Arrived
June 2nd, 2018 by Oleg Afonin
As we wrote back in May, Apple is toying with the idea of restricting USB access to iOS devices that have not been unlocked for a certain period of time. At the time of publication, our article received a lot of controversial reports. When this mode did not make it into the final build of iOS 11.4, we enjoyed a flow of sarcastic comments from journalists and the makers of passcode cracking toolkits. Well, there we have it: Apple is back on track with iOS 11.4.1 beta including the new, improved and user-configurable USB Restricted Mode.
WhatsApp Business Acquisition Guide
May 29th, 2018 by Oleg Afonin
Starting with version 2.40, Elcomsoft Extractor for WhatsApp supports physical and cloud acquisition of WhatsApp Business. The physical extraction method requires root access, while cloud acquisition requires authenticating into the user’s Google Drive account with proper authentication credential. In addition, a verification code received from WhatsApp as an SMS must be provided to decrypt the backup downloaded from Google Drive. In this guide, we’ll describe all the steps required to perform physical and cloud acquisition of WhatsApp Business.
Demystifying Android Physical Acquisition
May 29th, 2018 by Oleg Afonin
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another.
Accessing Google Account Data without a Password
May 17th, 2018 by Oleg Afonin
Cloud acquisition is arguably the future of mobile forensics. Even today, cloud services by Apple and Google often contain more information than any single device – mostly due to the fact that cloud data is collected from multiple sources.
Apple Strikes Back: the iPhone Cracking Challenge
May 11th, 2018 by Vladimir Katalov
We live in the era of mobile devices with full-disk encryption, dedicated security co-processors and multiple layers of security designed to prevent device exploitation. The recent generations of Apple mobile devices running iOS 10 and 11 are especially secure, effectively resisting experts’ efforts to extract evidence. Yet, several solutions are known to counter Apple’s security measures even in iOS 11 and even for the last-generation devices. It is not surprising that Apple comes up with counter measures to restrict the effectiveness and usability of such methods, particularly by disabling USB data connection in iOS 11.4 after prolonged inactivity periods (well, in fact it is still in question whether this feature will be available in new iOS version or not; it seems it is not ready yet, and may be delayed till iOS 12).
