In Apple ecosystem, logical acquisition is the most convenient and the most compatible extraction method, with local backups being a major contributor. Password-protected backups contain significantly more information than unencrypted backups, which is why many forensic tools including iOS Forensic Toolkit automatically apply a temporary backup password before creating a backup. If a temporary password is not removed after the extraction, subsequent extraction attempts, especially made with a different tool, will produce encrypted backups protected with an effectively unknown password. In this article we’ll talk about why this happens and how to deal with it.

Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!

Elcomsoft System Recovery 8.30 introduced the ability to break Windows Hello PIN codes on TPM-less computers. This, however, was just one of the many new features added to the updated release. Other features include the ability to detect Microsoft Azure accounts and LUKS2 encryption, as well  as new filters for bootable forensic tools.

Today’s data protection methods utilize many thousands (sometimes millions) hash iterations to strengthen password protection, slowing down the attacks to a crawl. Consumer-grade video cards are commonly used for GPU acceleration. How do these video cards compare, and what about the price-performance ratio? We tested five reasonably priced NVIDIA boards ranging from the lowly GTX 1650 to RTX 3060 Ti.

In Alder Lake, Intel introduced hybrid architecture. Large, hyperthreading-enabled Performance cores are complemented with smaller, single-thread Efficiency cores. The host OS is responsible for assigning threads to one core or another. We discovered that Windows 10 scheduler is not doing a perfect job when it comes to password recovery, which requires a careful approach to thread scheduling.

Accessing the content of password-protected and encrypted documents saved as DOC/XLS files (as opposed to the newer DOCX/XLSX files) is often possible without time-consuming attacks regardless of the length of the password. Advanced Office Password Recovery enables experts quickly breaking the encryption of password-protected DOC and XLS files, which are Microsoft Word and Excel documents saved by modern versions of the app in the “compatibility” format. Organizations are still using the “compatible” Office 97/2000 formats for their document workflow.

Windows 11 introduces increased account protection, passwordless sign-in and hardware-based security. What has been changed compared to Windows 10, how these changes affect forensic extraction and analysis, and to what extent can one overcome the TPM-based protection? Read along to find out!

Most password protection methods rely on multiple rounds of hash iterations to slow down brute-force attacks. Even the fastest processors choke when trying to break a reasonably strong password. Video cards can be used to speed up the recovery with GPU acceleration, yet the GPU market is currently overheated, and most high-end video cards are severely overpriced. Today, we’ll test a bunch of low-end video cards and compare their price/performance ratio.

A lot of folks (and even some law enforcement experts) are looking for a one-click solution for mobile extractions and data decryption. Unfortunately, in today’s day and age there are no ‘silver bullet’ solutions. In the days of high-tech mobile devices and end-to-end encryption one must clearly understand the available options, and plan their actions accordingly. The time of ‘snake oil’ exploits is long gone. The modern world of mobile forensics is complex, and your actions will depend on a lot of factors. Today, we’re going to make your life a notch more complex by introducing a new iCloud authentication option you’ve never heard of before.

iMessage, Hangouts, Skype, Telegram, Signal, WhatsApp are familiar, while PalTalk, Pigin, Psi Jabber client, Gadu-Gadu, Gajim, Trillian, BigAnt or Brosix are relatively little known. The tools from the first group are not only more popular but infinitely more secure compared to the tools from the second group. In this publication we’ll review the authentication methods used by the various instant messengers, and attempt to extract a password to the user’s account.