July 15th, 2026 by Elcomsoft R&D
BootROM exploits are an important part of modern low-level forensic acquisition, and our Elcomsoft iOS Forensic Toolkit is no stranger to it. It allows getting code execution at the earliest stage on the device and lets us then load custom software for data decryption and extraction. It has been almost 7 years since the last major BootROM exploit called checkm8 was released, which exploits Apple chips up to A11 (iPhone 8 / iPhone X).
November 9th, 2017 by Vladimir Katalov
Tired of reading on lockdown/pairing records? Sorry, we can’t stop. Pairing records are the key to access the content of a locked iPhone. We have recently made a number of findings allowing us to extract even more information from locked devices through the use of lockdown records. It’s not a breakthrough discovery and will never make front page news, but having more possibilities is always great.
November 2nd, 2017 by Vladimir Katalov
iOS 11 has arrived, now running on every second Apple device. There could not be a better time to reminiscent how iOS forensics has started just a few short years ago. Let’s have a look at what was possible back then, what is possible now, and what can be expected of iOS forensics in the future.
October 30th, 2017 by Vladimir Katalov
“Can you unlock that iPhone?” is one of the most common questions we hear on various events and from our customers. There is no simple answer, but more often than not some options are available.
October 23rd, 2017 by Vladimir Katalov
iOS forensics is always a lot of fun. Say, you’ve got an iPhone of a recent generation. It’s locked, you are blank about the passcode, and the worst part is it’s more than just the four proverbial digits (the last iOS defaults to six). And you don’t have their computer, and there is not an iCloud account either. A horror story where no one, even us, can do anything about it.
October 20th, 2017 by Oleg Afonin
Today’s mobile devices are getting increasingly more resistant to physical imaging, mostly due to the use of full-disk encryption. Full-disk encryption makes useless some low-level acquisition techniques of yesterday, which includes JTAG and chip-off.
October 3rd, 2017 by Oleg Afonin
Accessing the list of apps installed on an iOS device can give valuable insight into which apps the user had, which social networks they use, and which messaging tools they communicate with. While manually reviewing the apps by examining the device itself is possible by scrolling a potentially long list, we offer a better option. Elcomsoft Phone Viewer can not just display the list of apps installed on a given device, but provide information about the app’s version, date and time of acquisition (first download for free apps and date and time of purchase for paid apps), as well as the Apple ID that was used to acquire the app. While some of that data is part of iOS system backups, data on app’s acquisition time must be obtained separately by making a request to Apple servers. Elcomsoft Phone Viewer automates such requests, seamlessly displaying the most comprehensive information about the apps obtained from multiple sources.
September 28th, 2017 by Oleg Afonin
In this how-to guide, we’ll cover the steps required to access the list of saved wireless networks along with their passwords.
September 21st, 2017 by Oleg Afonin
In each major Android update, Google improves security on the one hand, and moves a few more things to the cloud on the other. The recently finalized and finally released Android 8.0 Oreo adds one important thing to all devices running the newest build of Google’s OS: the ability to back up SMS text messages into the user’s Google Account.
September 14th, 2017 by Oleg Afonin
With all attention now being on new iPhone devices, it is easy to forget about the new version of iOS. While new iPhone models were mostly secret until announcement, everyone could test iOS 11 for months before the official release.
September 14th, 2017 by Vladimir Katalov
iOS 11 is finally here. We already covered some of the issues related to iOS 11 forensics, but that was only part of the story.