What’s New in Elcomsoft System Recovery 8.34: More Data, Faster Imaging, BitLocker Key Extraction
April 29th, 2025 by Oleg Afonin
We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool’s data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here’s a technical breakdown of the changes.
iOS Call Syncing: How It Works
November 17th, 2016 by Vladimir Katalov
In our previous article, we figured that iPhone call logs are synced with iCloud. We performed multiple additional tests to try to understand exactly how it works, and are trying to guess why.
iPhone User? Your Calls Go to iCloud
November 17th, 2016 by Oleg Afonin
iCloud sync is everywhere. Your contacts and calendars, system backups and photos can be stored in the cloud on Apple servers. This time, we discovered that yet another piece of data is stored in the cloud for no apparent reason. Using an iPhone and have an active iCloud account? Your calls will sync with iCloud whether you want it or not. In fact, most users we’ve heard from don’t want this “feature”, yet Apple has no official way to turn off this behavior other than telling people “not using the same Apple ID on different devices”. What’s up with that? Let’s try to find out.
Our First Book is Officially Out
October 10th, 2016 by Oleg Afonin
Today we are super excited: our first book on mobile forensics just got published! The book is called “Mobile Forensics – Advanced Investigative Strategies”, and is about everything you need to successfully acquire evidence from the widest range of mobile devices. Unlike most other books on this subject, we don’t just throw file names or hex dumps at your face. Instead, we discuss the issues of seizing mobile devices and preserving digital evidence before it reaches the lab; talk about acquisition options available in every case, and help you choose the correct acquisition path to extract evidence with least time and minimal risk.
Elcomsoft Cloud Explorer: Extracting Call Logs and Wi-Fi Passwords
October 3rd, 2016 by Oleg Afonin
Google is pushing Android to make it a truly secure mobile OS. Mandatory encryption and secure boot make physical acquisition of new Android devices a dead end.
iOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break
September 23rd, 2016 by Oleg Afonin
We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.
Breaking FileVault 2 Encryption Through iCloud
August 29th, 2016 by Oleg Afonin
FileVault 2 is a whole-disk encryption scheme used in Apple’s Mac OS X using secure XTS-AES encryption to protect the startup partition. Brute-forcing your way into a crypto container protected with a 256-bit key is a dead end.
iCloud Photo Library: All Your Photos Are Belong to Us
August 25th, 2016 by Oleg Afonin
Releasing a major update of a complex forensic tool is always tough. New data locations and formats, new protocols and APIs require an extensive amount of research. Sometimes, we discover things that surprise us. Researching Apple’s iCloud Photo Library (to be integrated into Elcomsoft Phone Breaker 6.0) led to a particularly big surprise. We discovered that Apple keeps holding on to the photos you stored in iCloud Photo Library and then deleted, keeping “deleted” images for much longer than the advertised 30 days without telling anyone. Elcomsoft Phone Breaker 6.0 becomes the first tool on the market to gain access to deleted images going back past 30 days.
iOS Logical Acquisition: The Last Hope For Passcode-Locked Devices?
August 11th, 2016 by Oleg Afonin
For many months, a working jailbreak was not available for current versions of iOS. In the end of July, Pangu released public jailbreak for iOS 9.2-9.3.3. A few days ago, Apple patched the exploit and started seeding iOS 9.3.4. This was the shortest-living jailbreak in history.
Using Gmail API: The Forensic Way to Acquire Email
August 3rd, 2016 by Oleg Afonin
Just now, we’ve updated Elcomsoft Cloud Explorer to version 1.10. This new release adds the ability to download email messages from the user’s Gmail account for offline analysis. In order to do that, we had to develop a highly specialized email client. We opted to use Google’s proprietary Gmail API to download mail. In this article, we’ll explain our decision and detail the benefits you’ll be getting by choosing a tool that can talk to Gmail in Gmail language.
Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords
July 28th, 2016 by Oleg Afonin
Not all passwords provide equal protection. Some formats are more resistant to brute-force attacks than others. As an example, Microsoft Office 2013 and 2016 employ a smart encryption scheme that is very slow to decrypt. Even the fastest available GPU units found in NVIDIA’s latest GeForce GTX 1080 will only allow trying some 7100 passwords per second.
