Effective Disk Imaging: Ports, Hubs, and Power
October 14th, 2025 by Oleg Afonin
Some time ago, we tested NVMe disk imaging performance (see When Speed Matters: Imaging Fast NVMe Drives), focusing mainly on software. This time, we turned our attention to hardware connections: which ports deliver the best results, and whether using a USB hub, active or passive, affects imaging speed and reliability.
WhatsApp Business Acquisition Guide
May 29th, 2018 by Oleg Afonin
Starting with version 2.40, Elcomsoft Extractor for WhatsApp supports physical and cloud acquisition of WhatsApp Business. The physical extraction method requires root access, while cloud acquisition requires authenticating into the user’s Google Drive account with proper authentication credential. In addition, a verification code received from WhatsApp as an SMS must be provided to decrypt the backup downloaded from Google Drive. In this guide, we’ll describe all the steps required to perform physical and cloud acquisition of WhatsApp Business.
Demystifying Android Physical Acquisition
May 29th, 2018 by Oleg Afonin
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another.
Accessing Google Account Data without a Password
May 17th, 2018 by Oleg Afonin
Cloud acquisition is arguably the future of mobile forensics. Even today, cloud services by Apple and Google often contain more information than any single device – mostly due to the fact that cloud data is collected from multiple sources.
Apple Strikes Back: the iPhone Cracking Challenge
May 11th, 2018 by Vladimir Katalov
We live in the era of mobile devices with full-disk encryption, dedicated security co-processors and multiple layers of security designed to prevent device exploitation. The recent generations of Apple mobile devices running iOS 10 and 11 are especially secure, effectively resisting experts’ efforts to extract evidence. Yet, several solutions are known to counter Apple’s security measures even in iOS 11 and even for the last-generation devices. It is not surprising that Apple comes up with counter measures to restrict the effectiveness and usability of such methods, particularly by disabling USB data connection in iOS 11.4 after prolonged inactivity periods (well, in fact it is still in question whether this feature will be available in new iOS version or not; it seems it is not ready yet, and may be delayed till iOS 12).
iOS 11.4 to Disable USB Port After 7 Days: What It Means for Mobile Forensics
May 8th, 2018 by Oleg Afonin
UPDATE June 2, 2018: USB Restricted Mode did not make it into iOS 11.4. However, in iOS 11.4.1 Beta USB Restricted Mode Has Arrived
Legal and Technical Implications of Chinese iCloud Operations
April 10th, 2018 by Vladimir Katalov
On February 28, 2018, Apple has officially moved its Chinese iCloud operations and encryption keys to China. The reaction to this move from the media was overwhelmingly negative. The Verge, The Guardian, Reuters, Wired, and CNN among other Western media outlets expressed their concerns about the Chinese government potentially violating the human rights of its citizens. Politics aside, we will review Apple policies governing the Chinese accounts, and look into the technical implementation of Chinese iCloud operations. Let us see if the fears are substantiated.
Demystifying Advanced Logical Acquisition
April 3rd, 2018 by Vladimir Katalov
We were attending the DFRWS EU forum in beautiful Florence, and held a workshop on iOS forensics. During the workshop, an attendee tweeted a photo of the first slide of our workshop, and the first response was from… one of our competitors. He said “Looking forward to the “Accessing a locked device” slide”. You can follow our conversation on Twitter, it is worth reading.
Google Services Blocked on Uncertified Devices
April 3rd, 2018 by Oleg Afonin
After testing waters for more than a year, Google has finally pulled the plug and began blocking access to Google Play services on uncertified devices. Why Google took this step, who is affected, and what it means for the end users? Let’s try to find out.
What’s Broken in iOS for iPhone X
March 28th, 2018 by Oleg Afonin
Apple’s latest and greatest iPhone, the iPhone X, received mixed reviews and sells slower than expected. While the high price of the new iPhone is a major factor influencing the slow sales, some of the negative points come from the device usability. The combination of design language, hardware and software interactions make using the new iPhone less than intuitive in many situations. In this article, we collected the list of utterly strange design decisions affecting the daily use of the iPhone X.
iPhone X Eye Strain: How to Stop OLED Flickering in Just Three Clicks
March 5th, 2018 by Oleg Afonin
The iPhone X uses a new (for Apple) display technology. For the first time ever, Apple went with an OLED display instead of the IPS panels used in all other iPhones. While OLED displays have numerous benefits such as the true blacks and wide color gamut, the majority of OLED displays (particularly those made by Samsung) tend to flicker. The flickering is particularly visible at low brightness levels, causing eyestrain and headaches to sensitive users. Very few users have the slightest idea of what’s going on, attributing these health issues to oversaturated colors, the oh-so-harmful blue light and anything but OLED flickering.
