Looks Can Lie: Is That Really an NVMe Drive?
March 17th, 2026 by Oleg Afonin
Many storage devices and adapter boards look alike. When holding a module with a connector that looks suspiciously like the M.2, how do you know exactly what you are dealing with? Is that M.2 board a SATA drive, a fast NVMe device or a Wi-Fi/Bluetooth combo? Will a drive removed from an Apple computer work in a simple mechanical adapter, or will it require the original Apple device to access? A physical connector does not guarantee the underlying technology.
How Long Does It Take to Crack Your Password?
April 4th, 2017 by Oleg Afonin
We hear the “how long will it take to break…” question all the time. The answer is always the same: “it depends”. In this article we’ll try to give a detailed explanation and a definite answer for as many possible combinations as possible.
Extracting Unread Notifications from iOS Backups
March 2nd, 2017 by Oleg Afonin
In the world of no jailbreak, acquisition opportunities are limited. Experts are struggling to access more information from those sources that are still available. Every little bit counts. In Elcomsoft Phone Viewer 3.0, we’ve added what might appear like a small bit: the ability to view undismissed iOS notifications. Unexciting? Hardly. Read along to discover how extracting notifications from iOS backups can make all the difference in an investigation!
How to Break 70% of Passwords in Minutes
February 14th, 2017 by Oleg Afonin
According to surveys, the average English-speaking consumer maintains around 27 online accounts. Memorizing 27 unique, cryptographically secure passwords is nearly impossible for a person one could reasonably call “average”. As a result, the average person tends to reuse passwords, which means that a single password (or its simple variations) can be used to protect multiple online accounts and services. The same passwords are very likely to be chosen to protect access to offline resources such as encrypted archives and documents. In fact, several independent researches published between 2012 and 2016 suggest that between 59 and 61 per cent of consumers reuse passwords.
ElcomSoft Extracts Deleted Safari Browsing History from iCloud
February 9th, 2017 by Vladimir Katalov
Your browsing history represents your habits. You are what you read, and your browsing history reflects that. Your Google searches, visits to news sites, activities in blogs and forums, shopping, banking, communications in social networks and other Web-based activities can picture your daily activities. It could be that the browsing history is the most intimate part of what they call “online privacy”. You wouldn’t want your browsing history become public, would you?
How to Break 30 Per Cent of Passwords in Seconds
February 6th, 2017 by Oleg Afonin
This article opens a new series dedicated to breaking passwords. It’s no secret that simply getting a good password recovery tool is not enough to successfully break a given password. Brute-force attacks are inefficient for modern formats (e.g. encrypted Office 2013 documents), while using general dictionaries can still be too much for speedy attacks and too little to actually work. In this article, we’ll discuss the first of the two relatively unknown vectors of attack that can potentially break 30 to 70 per cent of real-world passwords in a matter of minutes. The second method will be described in the follow-up article.
Extracting WhatsApp Conversations from Android Smartphones
February 2nd, 2017 by Oleg Afonin
As you may already know, we’ve added Android support to our WhatsApp acquisition tool, Elcomsoft Explorer for WhatsApp. While the updated tool can now extract WhatsApp communication histories directly from Android smartphones with or without root access, how do you actually use it, and how does it work? In this blog post we’ll be looking into the technical detail and learn how to use the tool.
iOS 10 Physical Acquisition with Yalu Jailbreak
January 30th, 2017 by Vladimir Katalov
Note: we recommend disabling Wi-Fi and cellular connectivity on the device you are acquiring. In addition, disable Wi-Fi on all other iOS devices connected to the same network as your computer.
How Can I Break Into a Locked iOS 10 iPhone?
January 26th, 2017 by Oleg Afonin
Each iteration of iOS is getting more secure. With no jailbreak available for the current version of iOS, what acquisition methods are available for the iPhone 7, 7 Plus and other devices updating to iOS 10? How does the recent update of Elcomsoft iOS Forensic Toolkit help extracting a locked iOS 10 iPhone? Read along to find out!
Who and Why Spies on Android Users, And What They Do With the Data
January 25th, 2017 by Oleg Afonin
If you’ve been following the news, you may already know about the many cases where companies, big and small, were caught spying on their users. It might appear that just about everyone making a phone or an app is after your personal information. In this article we’ll try to figure out who collects your personal data, why they do it and what they do with the data they collect.
Inside ElcomSoft Lab. Part 1
January 20th, 2017 by Oleg Afonin
Staying on the bleeding edge of today’s technologies requires constant work. ElcomSoft lab is one of the busiest places in the company. Last year, we had dozens of devices passing through our lab. This publication opens the series of articles in which we’ll share insider’s information on what we do, what we are about to do, and how we do that. So let’s shed some light on what’s going on inside ElcomSoft lab.
