What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
June 2nd, 2025 by Oleg Afonin
If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks down what TRIM actually does, how SSDs respond, and what forensic experts need to know when handling modern storage.
Apple Two-Factor Authentication vs. Two-Step Verification
April 1st, 2016 by Oleg Afonin
Two-step verification and two-factor authentication both aim to help users secure their Apple ID, adding a secondary authentication factor to strengthen security. While Apple ID and password are “something you know”, two-step verification (and two-factor authentication) are both based on “something you have”.
BitLocker: What’s New in Windows 10 November Update, And How To Break It
March 29th, 2016 by Oleg Afonin
BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by default on compatible devices if the administrative account logs in with Microsoft Account credentials. BitLocker protection is extremely robust, becoming a real roadblock for digital forensics.
Smartphone Encryption: Why Only 10 Per Cent of Android Smartphones Are Encrypted
March 21st, 2016 by Oleg Afonin
“Had San Bernardino shooter Syed Rizwan Farook used an Android phone, investigators would have had a better chance at accessing the data”, says Jack Nicas in his article in The Wall Street Journal. Indeed, the stats suggest that only 10 per cent of the world’s 1.4 billion Android phones are encrypted, compared with 95 per cent of Apple’s iPhones. Of those encrypted, a major number are using Nexus smartphones that have encryption enforced by default.
Apple vs. the Government: Follow-up
February 22nd, 2016 by Oleg Afonin
We are closely following the case of Apple battling the US government on unlocking the iPhone of San Bernardino mass murderer Farook who killed 14 in December 2015. In our previous post we looked at what the FBI was asking, and why Apple opposes the motion.
A Message to Our Customers, Apple and FBI
February 18th, 2016 by Vladimir Katalov
On Tuesday, a federal judge ordered Apple to assist the authorities in breaking into a locked iPhone 5C used by Syed Farook, who killed 14 in San Bernardino in December. According to the FBI, the phone might contain critical information about connections with Islamic terrorist groups. Apple opposed the motion and published an open letter at https://www.apple.com/customer-letter/ saying that “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”
Discounts and Novelties From Our ElcomShop!
February 5th, 2016 by Olga Koksharova
Dear friends, here we come with a set of novelties from our ElcomShop. We’ve made a few new designs and added new fancy products, such as long sleeve shirts for girls and baseball caps for boys and separately for dads 🙂 and mugs for everyone. All company designs applied to a wide and varied range of products can be found in our shop window.
Elcomsoft Phone Breaker 5.20: Direct iCloud Access and iOS 9.3 Support
February 4th, 2016 by Oleg Afonin
Apple is currently testing a new major iOS release, the iOS 9.3. At this time, the second beta version is available. We looked into what has changed in the new OS, and discovered that iOS 9.3 introduces some minor changes to encryption of certain data stored in cloud backups. However minor, these changes effectively prevented older versions of Elcomsoft Phone Breaker from decrypting the data, which made us release an update ASAP. In addition, we were able to discover and fix the issue with some iOS 9.2 backups not properly decrypting (which wasn’t easy since the issue was intermittent). Finally, we got rid of the requirement to have iCloud for Windows installed as Elcomsoft Phone Breaker shifts to using direct access API.
This is to say, we have now updated Elcomsoft Phone Breaker to fully support the new encryption mechanisms used in iOS 9.3 iCloud backups. In addition, we fixed the ongoing issue some of our users were experiencing when accessing iCloud backups produced by iOS 9.2.
Hacking For Dummies by Kevin Beaver (5th edition)
January 29th, 2016 by Olga Koksharova
It is our greatest pleasure to recommend the newest edition of “Hacking For Dummies” by Kevin Beaver, an independent IT security consultant, a practical guide on computer and mobile security updated to the current state of industry. With a natural talent of word Kevin easily guides you through security issues in a very clear and consistent manner, so that all major aspects of IT security, authentication and pen-testing are covered. With such a harmonious and sequential unveiling of security subjects as in this book, it is much easier to dig deeper into particular questions of your own interest.
Forensic Acquisition: Android
January 29th, 2016 by Oleg Afonin
While here at ElcomSoft we offer a limited range of tools for acquiring Android devices that’s pretty much limited to over-the-air acquisition, we are still often approached with questions when one should use cloud extraction, and when other acquisition methods should be used. In this article, we decided to sum up our experience in acquiring the various Android devices, explaining why we decided to go for a cloud acquisition tool instead of implementing the many physical and logical extraction methods. This article is a general summary of available acquisition methods for the various makes, models, chipsets and OS versions of Android smartphones. The article is not intended to be a technical guide; instead, it’s supposed to give you a heads-up on approaching Android acquisition.
