What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
June 2nd, 2025 by Oleg Afonin
If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks down what TRIM actually does, how SSDs respond, and what forensic experts need to know when handling modern storage.
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part II)
July 27th, 2016 by Vladimir Katalov
How often do you think forensic specialists have to deal with encrypted containers? Compared with office documents and archives that are relatively infrequent, every second case involves an encrypted container. It may vary, but these evaluations are based on a real survey conducted by our company.
Mac OS Forensics: Attacking FileVault 2
July 27th, 2016 by Oleg Afonin
In the world of Windows dominance, Apple’s Mac OS X enjoys a healthy market share of 9.5% among desktop operating systems. The adoption of Apple’s desktop OS (macOS seems to be the new name) is steadily growing. This is why we are targeting Mac OS with our tools.
NVIDIA Pascal: a Great Password Cracking Tool
July 26th, 2016 by Oleg Afonin
During the last several years, progress on the CPU performance front has seemingly stopped. Granted, last-generation CPUs are cool, silent and power-efficient. Anecdotal evidence: my new laptop (a brand new Macbook) is about as fast as the Dell ultrabook it replaced. The problem? I bought the Dell laptop some five years ago. Granted, the Dell was thicker and noisier. It’s battery never lasted longer than a few hours. But it was about as fast as the new Macbook.
Elcomsoft Phone Viewer 2.20 Goes Stand-Alone
June 23rd, 2016 by Oleg Afonin
We have a bunch of mobile forensic tools. We have tools for extracting data from jailbroken iPhones and tools for decrypting password-protected backups. Tools for downloading data from iCloud and tools for analyzing user data mined by Google. We even have a tool for decrypting backups produced by BlackBerry 10, one of the most secure OS’es on the market.
Fingerprint Unlock Security: iOS vs. Google Android (Part II)
June 20th, 2016 by Oleg Afonin
Fingerprint Unlock Security: Google Android and Microsoft Hello
Elcomsoft System Recovery UEFI Support
June 16th, 2016 by Oleg Afonin
As you may already know, we’ve released an update to Elcomsoft System Recovery, a tool allowing to reset or recover Windows and Microsoft Account passwords by booting from an external USB drive. The new build allows creating bootable USB drives for devices exclusively relying on UEFI bootloaders. Why was this change needed? Read below for an answer!
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)
June 8th, 2016 by Vladimir Katalov
Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?
Fingerprint Unlock Security: iOS vs. Google Android (Part I)
June 6th, 2016 by Oleg Afonin
Biometric approach to unlocking portable electronics has been on the rise since late 2013 when Apple released iPhone 5S. Ever since, manufacturers started adding fingerprint scanners to their devices. In the world of Android, this was frequently done without paying much (if any) attention to actual security. So how do these systems compare?
Dealing with a Locked iPhone
April 15th, 2016 by Oleg Afonin
So you’ve got an iPhone, and it’s locked, and you don’t know the passcode. This situation is so common, and the market has so many solutions and “solutions” that we felt a short walkthrough is necessary.
