Android Pre-Installed Apps: What Could Possibly Go Wrong?
March 13th, 2026 by Oleg Afonin
Picture this: you just dropped $1,300 on a brand-new, top-of-the-line Android flagship. You unbox it, peel off the plastic film, boot it up, and get ready for the daily grind. But before you can even sync your contacts, you notice the app drawer is already cluttered with unsolicited apps. If you think this is a problem exclusive to fifty-dollar burner phones bought at a gas station or cheap Chinese handsets obtained from an online shopping site, think again. We’ve seen this corporate hoarding disease infect even the highest tiers. Just look at the new Samsung Galaxy S26 Ultra; a clean setup of a 512GB model immediately sacrifices over 40GB to system files and third-party apps you never asked for. To be clear, you get zero say in the matter – they are pre-installed without a single prompt. You pay top dollar for premium hardware, and the manufacturer still treats your device like a subsidized billboard.
Extended Mobile Forensics: Analyzing Desktop Computers
July 30th, 2019 by Oleg Afonin
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and possibly will) help accessing information stored both in the physical smartphone and in the cloud. In this article we’ll list all relevant artefacts that can shed light to smartphone data. The information applies to Apple iOS devices as well as smartphones running Google Android.
Accessing iCloud With and Without a Password in 2019
July 25th, 2019 by Oleg Afonin
In iOS forensics, cloud extraction is a viable alternative when physical acquisition is not possible. The upcoming release of iOS 13 brings additional security measures that will undoubtedly make physical access even more difficult. While the ability to download iCloud backups has been around for years, the need to supply the user’s login and password followed by two-factor authentication was always a roadblock.
Breaking and Securing Apple iCloud Accounts
July 25th, 2019 by Vladimir Katalov
The cloud becomes an ever more important (sometimes exclusive) source of the evidence whether you perform desktop or cloud forensics. Even if you are not in forensics, cloud access may help you access deleted or otherwise inaccessible data.
iOS 13 (Beta) Forensics
July 25th, 2019 by Vladimir Katalov
iOS 13 is on the way. While the new mobile OS is still in beta, so far we have not discovered many revolutionary changes in the security department. At the same time, there are quite a few things forensic specialists will need to know about the new iteration of Apple’s mobile operating system. In this article, we’ll be discussing the changes and their meaning for the mobile forensics.
The Art of iPhone Acquisition
July 9th, 2019 by Vladimir Katalov
We all know how much important data is stored in modern smartphones, making them an excellent source of evidence. However, data preservation and acquisition are not as easy as they sound. There is no silver bullet or “fire and forget” solutions to solve cases or extract evidence on your behalf. In this article, which is loosely based on our three-day training program, we will describe the proper steps in the proper order to retain and extract as much data from the iPhone as theoretically possible.
Digital Forensics: Training Required
June 26th, 2019 by Oleg Afonin
If you are working in the area of digital forensics, you might have wondered about one particular thing in the marketing of many forensic solutions. While most manufacturers are claiming that their tools are easy to use and to learn, those very same manufacturers offer training courses with prices often exceeding the cost of the actual tools. Are these trainings necessary at all if the tools are as easy to use as the marketing claims?
Apple Watch Forensics 02: Analysis
June 26th, 2019 by Mattia Epifani
Over the last several years, the use of smart wearables has increased significantly. With 141 million smartwatch units sold in 2018, the number of smart wearables sold has nearly doubled compared to the year before. Among the various competitors, the Apple Watch is dominating the field with more than 22.5 million of wearable devices sold in 2018. Year over year, the Apple Watch occupies nearly half of the global market.
Apple TV and Apple Watch Forensics 01: Acquisition
June 19th, 2019 by Vladimir Katalov
While the iPhone is Apple’s bread and butter product, is not the only device produced by the company. We’ve got the Mac (in desktop and laptop variations), the complete range of tablets (the iPad line, which is arguably the best tablet range on the market), the music device (HomePod), the wearable (Apple Watch), and the Apple TV. In today’s article, we are going to cover data extraction from Apple TV and Apple Watch. They do contain tons of valuable data, and are often the only source of evidence.
The Most Unusual Things about iPhone Backups
June 18th, 2019 by Vladimir Katalov
If you are familiar with breaking passwords, you already know that different tools and file formats require a very different amount of efforts to break. Breaking a password protecting a RAR archive can take ten times as long as breaking a password to a ZIP archive with the same content, while breaking a Word document saved in Office 2016 can take ten times as long as breaking an Office 2010 document. With solutions for over 300 file formats and encryption algorithms, we still find iTunes backups amazing, and their passwords to be very different from the rest of the crop in some interesting ways. In this article we tried to gather everything we know about iTunes backup passwords to help you break (or reset) their passwords in the most efficient way.
Forensic Implications of iOS Jailbreaking
June 12th, 2019 by Oleg Afonin
Jailbreaking is used by the forensic community to access the file system of iOS devices, perform physical extraction and decrypt device secrets. Jailbreaking the device is one of the most straightforward ways to gain low-level access to many types of evidence not available with any other extraction methods.
