All You Wanted To Know About iOS Backups
April 17th, 2024 by Oleg Afonin
iOS backup passwords are a frequent topic in our blog. We published numerous articles about these passwords, and we do realize it might be hard for a reader to get a clear picture from these scattered articles. This one publication is to rule them all. We’ll talk about what these passwords are, how they affect things, how to recover them, whether they can be reset, and whether you should bother. We’ll summarize years of research and provide specific recommendations for dealing with passwords.
What Forensic Vendors Don’t Like To Tell Their Customers. Part 2
June 14th, 2023 by Vladimir Katalov
Year after year, the field of digital forensics and incident response (DFIR) presents us with new challenges. Various vendors from around the world are tirelessly striving to simplify and enhance the work of experts in this field, but there are some things you probably do not know about (or simply never paid attention to) that we discussed in the first part of these series. Today we’ll discuss some real cases to shed light onto some vendors’ shady practices.
What Forensic Vendors Don’t Like To Tell Their Customers. Part 1
June 13th, 2023 by Vladimir Katalov
The market of digital forensic tools is a tight one, just like any other niche market. The number of vendors is limited, especially when catering such specific needs as unlocking suspects’ handheld devices or breaking encryption. However, amidst the promises of cutting-edge technology and groundbreaking solutions, there are certain limitations that forensic vendors often don’t like to disclose to their customers. These limitations can have a significant impact on the applicability, effectiveness and reliability of the tools being offered.
Elcomsoft Lab: Benchmarking Password Recovery Speeds
June 9th, 2023 by Oleg Afonin
In the realm of password recovery, benchmarking the speed of attacks holds significant importance. It is a customary practice to gauge the speed of attacks on various data formats using diverse hardware configurations. These tests yield results that are visually represented through graphs clearly demonstrating the performance of our products. However, these graphical representations merely scratch the surface of a much broader scope. Today, we delve deeper into the objectives and methodologies behind our password cracking speed tests.
Volume Encryption in Synology DSM 7.2: LUKS with Questionable Key Management
June 8th, 2023 by Oleg Afonin
Synology DSM 7.2 introduced a highly anticipated feature: volume-level encryption. This data protection mechanism works faster and has less limitations than shared folder encryption, which was the only encryption option supported in prior DSM releases. However, upon investigation, we determined that the implementation of the encryption key management mechanism for full-volume encryption fails to meet the expected standards of security for encrypted data for many users.
Breaking Wi-Fi Passwords with Intel Arc Graphics Cards
May 30th, 2023 by Oleg Afonin
Intel has unveiled its latest lineup of dedicated graphics cards, driven by the powerful Intel Xe architecture. The Intel Arc series showcases impressive performance, rivaling mid-range offerings from competing brands, while maintaining an exceptional price-performance ratio that outperforms NVIDIA’s counterparts. In this article, we explore the potential of Intel Arc GPUs for forensic password recovery and delve into their performance capabilities, comparing them with both Intel’s built-in graphics and mid-range NVIDIA RTX boards.
NVIDIA RTX 40 Series Graphics Cards: The Faster and More Efficient Password Recovery Accelerators
May 18th, 2023 by Oleg Afonin
Every three years, NVIDIA releases a new architecture used in their GeForce series graphics cards. Powered by Ada Lovelace, the new generation of GPUs delivers 80% better performance in password recovery compared to Ampere. While the new generation of NVIDIA graphics is faster and more efficient than Ampere, it also received a price hike. Is the update worth it for the forensic experts? Let’s try to find out.
iOS Forensic Toolkit and Open Source
May 4th, 2023 by Oleg Afonin
As a provider of mobile forensic tools, we at Elcomsoft strongly believe in giving back to the community. Our iOS Forensic Toolkit (EIFT) is a highly complex and powerful mobile acquisition tool, consisting of almost eighty sub-projects, many of which are open source. While we have benefited from the contributions of the community, we also believe that it’s time to contribute back to the open source community by publishing our changes to those projects as required by their permissive license.
Low-level Extraction for iOS 15
May 2nd, 2023 by Oleg Afonin
Last month, we introduced a new low-level mechanism, which enabled access to parts of the file system from many Apple devices. The partial extraction process relies on a weak exploit that did not allow full sandbox escape. Today, the limitations are gone, and we are proud to offer the full file system extraction and keychain decryption for the entire iOS 15 range up to and including iOS/iPadOS 15.7.2.
Analyzing iPhone PINs
April 18th, 2023 by Oleg Afonin
In recent years, Apple had switched from 4-digit PINs to 6 digits, while implementing blacklists of insecure PIN codes. How do these measures affect security, how much more security do six-digit PINs deliver compared to four-digit PINs, and do blacklists actually work? Let’s try to find out.
Automating Scrolling Screenshots with Raspberry Pi Pico
April 13th, 2023 by Oleg Afonin
The recent update to iOS Forensic Toolkit brought two automations based on the Raspberry Pi Pico board. One of the new automations makes it possible to make long, scrollable screen shots in a semi-automatic fashion. In this article we will show how to build, program, and use a Raspberry Pi Pico board to automate scrolling screenshots.
