Forensically Sound checkm8 Extraction: Repeatable, Verifiable and Safe

February 1st, 2023 by Oleg Afonin

What does “forensically sound extraction” mean? The classic definition of forensically sound extraction means both repeatable and verifiable results. However, there is more to it. We believe that forensically sound extractions should not only be verifiable and repeatable, but verifiable in a safe, error-proof manner, so we tweaked our product to deliver just that.

Read the rest of this entry »

Agent-Based Low-Level iOS File System Extraction

April 29th, 2022 by Oleg Afonin

While we continue working on the major update to iOS Forensic Toolkit with forensically sound checkm8 extraction, we keep updating the current release branch. iOS Forensic Toolkit 7.30 brings low-level file system extraction support for iOS 15.1, expanding the ability to perform full file system extraction on iOS devices ranging from the iPhone 8 through iPhone 13 Pro Max.

Read the rest of this entry »

iOS Low-Level Acquisition: How to Sideload the Extraction Agent

April 26th, 2022 by Oleg Afonin

Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular, one must “verify” the extraction agent on the target iPhone, which requires an active Internet connection. Learn how to verify the extraction agent signed with a regular or disposable Apple ID without the risk of receiving an accidental remote lock or remote erase command.

Read the rest of this entry »

Preventing BitLocker Lockout and Recovering Access to Encrypted System Drive

April 19th, 2022 by Oleg Afonin

Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.

Read the rest of this entry »

Decrypting Password-Protected DOC and XLS Files in Minutes

April 13th, 2022 by Oleg Afonin

Accessing the content of password-protected and encrypted documents saved as DOC/XLS files (as opposed to the newer DOCX/XLSX files) is often possible without time-consuming attacks regardless of the length of the password. Advanced Office Password Recovery enables experts quickly breaking the encryption of password-protected DOC and XLS files, which are Microsoft Word and Excel documents saved by modern versions of the app in the “compatibility” format. Organizations are still using the “compatible” Office 97/2000 formats for their document workflow.

Read the rest of this entry »

Unlock WordPerfect and Lotus Documents with Advanced Office Password Recovery

April 4th, 2022 by Oleg Afonin

We are continuing the consolidation of our product line, now adding WordPerfect and Lotus office apps into Advanced Office Password Recovery. The tool can help experts unlock a host of digital document formats including Microsoft Office, OpenDocument, Hangul/Hancell, and many others without lengthy attacks.

Read the rest of this entry »

Windows 11 TPM Protection, Passwordless Sign-In and What You Can Do About Them

March 28th, 2022 by Oleg Afonin

Windows 11 introduces increased account protection, passwordless sign-in and hardware-based security. What has been changed compared to Windows 10, how these changes affect forensic extraction and analysis, and to what extent can one overcome the TPM-based protection? Read along to find out!

Read the rest of this entry »

Simplifying Digital Triage with Bootable Forensic Tools

March 23rd, 2022 by Oleg Afonin

Elcomsoft System Recovery speeds up in-field investigations by providing experts with a forensic tool they can use by booting a PC from a dedicated USB media. The recent update extended the functionality of the tool by adding three new forensic tools.

Read the rest of this entry »

GPU Acceleration On The Cheap: Using Affordable Video Cards to Break Passwords Faster

February 17th, 2022 by Oleg Afonin

Most password protection methods rely on multiple rounds of hash iterations to slow down brute-force attacks. Even the fastest processors choke when trying to break a reasonably strong password. Video cards can be used to speed up the recovery with GPU acceleration, yet the GPU market is currently overheated, and most high-end video cards are severely overpriced. Today, we’ll test a bunch of low-end video cards and compare their price/performance ratio.

Read the rest of this entry »

Dude, Where Are My Messages?

February 15th, 2022 by Oleg Afonin

Cloud backups are an invaluable source of information whether you download them from the user’s iCloud account or obtain directly from Apple. But why some iCloud backups miss essential bits and pieces of information such as text messages, particularly iMessages? The answer is “end-to-end encryption”, and there’s more to it than just backups.

Read the rest of this entry »

Apple Mobile Devices and iOS Acquisition Methods

February 11th, 2022 by Vladimir Katalov

Do you have to know which SoC a certain Apple device is based on? If you are working in mobile forensics, the answer is positive. Along with the version of iOS/watchOS/iPadOS, the SoC is one of the deciding factors that affects the data extraction paths available in each case. Read this article to better understand your options for each generation of Apple platforms.

Read the rest of this entry »