All USB Cables Are Equal, But Some Are More Equal Than Others
October 17th, 2025 by Elcomsoft R&D
As we outlined in the previous article (Effective Disk Imaging: Ports, Hubs, and Power), it’s better to connect external USB-C devices (such as adapters and especially write-blockers) to a USB-C port that complies with at least the USB 3.2 Gen2 specs (10 Gbit/s). But what if your computer only has USB-A ports, or only a USB-A port is free? Obviously, you’ll need a USB-C to USB-A cable – but you’ll need to choose the right one very carefully, and that’s not the only thing that matters.
The iPhone is Locked-Down: Dealing with Cold Boot Situations
November 9th, 2017 by Oleg Afonin
Even today, seizing and storing portable electronic devices is still troublesome. The possibility of remote wipe routinely makes police officers shut down smartphones being seized in an attempt to preserve evidence. While this strategy used to work just a few short years ago, this strategy is counter-productive today with full-disk encryption. In all versions of iOS since iOS 8, this encryption is based on the user’s passcode. Once the iPhone is powered off, the encryption key is lost, and the only way to decrypt the phone’s content is unlocking the device with the user’s original passcode. Or is it?
What can be extracted from locked iPhones with new iOS Forensic Toolkit
November 9th, 2017 by Vladimir Katalov
Tired of reading on lockdown/pairing records? Sorry, we can’t stop. Pairing records are the key to access the content of a locked iPhone. We have recently made a number of findings allowing us to extract even more information from locked devices through the use of lockdown records. It’s not a breakthrough discovery and will never make front page news, but having more possibilities is always great.
The art of iOS and iCloud forensics
November 2nd, 2017 by Vladimir Katalov
iOS 11 has arrived, now running on every second Apple device. There could not be a better time to reminiscent how iOS forensics has started just a few short years ago. Let’s have a look at what was possible back then, what is possible now, and what can be expected of iOS forensics in the future.
Can You Unlock That iPhone?
October 30th, 2017 by Vladimir Katalov
“Can you unlock that iPhone?” is one of the most common questions we hear on various events and from our customers. There is no simple answer, but more often than not some options are available.
How To Obtain Real-Time Data from iCloud and Forget About 2FA with Just an Old iTunes Backup. No Passwords Needed
October 23rd, 2017 by Vladimir Katalov
iOS forensics is always a lot of fun. Say, you’ve got an iPhone of a recent generation. It’s locked, you are blank about the passcode, and the worst part is it’s more than just the four proverbial digits (the last iOS defaults to six). And you don’t have their computer, and there is not an iCloud account either. A horror story where no one, even us, can do anything about it.
iOS vs. Android: Physical Data Extraction and Data Protection Compared
October 20th, 2017 by Oleg Afonin
Today’s mobile devices are getting increasingly more resistant to physical imaging, mostly due to the use of full-disk encryption. Full-disk encryption makes useless some low-level acquisition techniques of yesterday, which includes JTAG and chip-off.
Obtaining Detailed Information about iOS Installed Apps
October 3rd, 2017 by Oleg Afonin
Accessing the list of apps installed on an iOS device can give valuable insight into which apps the user had, which social networks they use, and which messaging tools they communicate with. While manually reviewing the apps by examining the device itself is possible by scrolling a potentially long list, we offer a better option. Elcomsoft Phone Viewer can not just display the list of apps installed on a given device, but provide information about the app’s version, date and time of acquisition (first download for free apps and date and time of purchase for paid apps), as well as the Apple ID that was used to acquire the app. While some of that data is part of iOS system backups, data on app’s acquisition time must be obtained separately by making a request to Apple servers. Elcomsoft Phone Viewer automates such requests, seamlessly displaying the most comprehensive information about the apps obtained from multiple sources.
Accessing iOS Saved Wi-Fi Networks and Hotspot Passwords
September 28th, 2017 by Oleg Afonin
In this how-to guide, we’ll cover the steps required to access the list of saved wireless networks along with their passwords.
Android 8.0 Oreo: Your Text Messages Are in the Cloud Now
September 21st, 2017 by Oleg Afonin
In each major Android update, Google improves security on the one hand, and moves a few more things to the cloud on the other. The recently finalized and finally released Android 8.0 Oreo adds one important thing to all devices running the newest build of Google’s OS: the ability to back up SMS text messages into the user’s Google Account.
Elcomsoft Phone Breaker 8, New Apple Devices and iOS 11
September 14th, 2017 by Oleg Afonin
With all attention now being on new iPhone devices, it is easy to forget about the new version of iOS. While new iPhone models were mostly secret until announcement, everyone could test iOS 11 for months before the official release.
