Forensic Implications of BitLocker-by-Default in Windows 11 24H2
May 8th, 2025 by Oleg Afonin
The Windows 11 24H2 update introduced a change in Microsoft’s approach to disk encryption, a shift that will have long lasting implications on digital forensics. In this release, BitLocker encryption is automatically enabled on most modern hardware when installing Windows when a Microsoft Account (MSA) is used during setup. Encryption starts seamlessly and silently in the background, covering even Home editions and consumer devices such as desktop computers that historically escaped full-disk encryption defaults.
Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords
July 28th, 2016 by Oleg Afonin
Not all passwords provide equal protection. Some formats are more resistant to brute-force attacks than others. As an example, Microsoft Office 2013 and 2016 employ a smart encryption scheme that is very slow to decrypt. Even the fastest available GPU units found in NVIDIA’s latest GeForce GTX 1080 will only allow trying some 7100 passwords per second.
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part II)
July 27th, 2016 by Vladimir Katalov
How often do you think forensic specialists have to deal with encrypted containers? Compared with office documents and archives that are relatively infrequent, every second case involves an encrypted container. It may vary, but these evaluations are based on a real survey conducted by our company.
Mac OS Forensics: Attacking FileVault 2
July 27th, 2016 by Oleg Afonin
In the world of Windows dominance, Apple’s Mac OS X enjoys a healthy market share of 9.5% among desktop operating systems. The adoption of Apple’s desktop OS (macOS seems to be the new name) is steadily growing. This is why we are targeting Mac OS with our tools.
NVIDIA Pascal: a Great Password Cracking Tool
July 26th, 2016 by Oleg Afonin
During the last several years, progress on the CPU performance front has seemingly stopped. Granted, last-generation CPUs are cool, silent and power-efficient. Anecdotal evidence: my new laptop (a brand new Macbook) is about as fast as the Dell ultrabook it replaced. The problem? I bought the Dell laptop some five years ago. Granted, the Dell was thicker and noisier. It’s battery never lasted longer than a few hours. But it was about as fast as the new Macbook.
Elcomsoft Phone Viewer 2.20 Goes Stand-Alone
June 23rd, 2016 by Oleg Afonin
We have a bunch of mobile forensic tools. We have tools for extracting data from jailbroken iPhones and tools for decrypting password-protected backups. Tools for downloading data from iCloud and tools for analyzing user data mined by Google. We even have a tool for decrypting backups produced by BlackBerry 10, one of the most secure OS’es on the market.
Fingerprint Unlock Security: iOS vs. Google Android (Part II)
June 20th, 2016 by Oleg Afonin
Fingerprint Unlock Security: Google Android and Microsoft Hello
Elcomsoft System Recovery UEFI Support
June 16th, 2016 by Oleg Afonin
As you may already know, we’ve released an update to Elcomsoft System Recovery, a tool allowing to reset or recover Windows and Microsoft Account passwords by booting from an external USB drive. The new build allows creating bootable USB drives for devices exclusively relying on UEFI bootloaders. Why was this change needed? Read below for an answer!
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)
June 8th, 2016 by Vladimir Katalov
Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?
Fingerprint Unlock Security: iOS vs. Google Android (Part I)
June 6th, 2016 by Oleg Afonin
Biometric approach to unlocking portable electronics has been on the rise since late 2013 when Apple released iPhone 5S. Ever since, manufacturers started adding fingerprint scanners to their devices. In the world of Android, this was frequently done without paying much (if any) attention to actual security. So how do these systems compare?
