Introducing Elcomsoft Quick Triage
December 30th, 2025 by Oleg Afonin
We’re expanding our product line with a new tool: Elcomsoft Quick Triage. With this release, we are expanding into an area we had not previously covered – digital forensic triage. EQT is designed to address a very specific need that arises at the earliest stages of an investigation, when time is limited and quick decisions matter. The new tool is not intended to replace full-featured forensic platforms or in-depth analysis. Instead, it focuses on a different phase of the workflow: fast identification, collection, and review of the most relevant evidence before committing resources to a complete examination.
Breaking FileVault 2 Encryption Through iCloud
August 29th, 2016 by Oleg Afonin
FileVault 2 is a whole-disk encryption scheme used in Apple’s Mac OS X using secure XTS-AES encryption to protect the startup partition. Brute-forcing your way into a crypto container protected with a 256-bit key is a dead end.
iCloud Photo Library: All Your Photos Are Belong to Us
August 25th, 2016 by Oleg Afonin
Releasing a major update of a complex forensic tool is always tough. New data locations and formats, new protocols and APIs require an extensive amount of research. Sometimes, we discover things that surprise us. Researching Apple’s iCloud Photo Library (to be integrated into Elcomsoft Phone Breaker 6.0) led to a particularly big surprise. We discovered that Apple keeps holding on to the photos you stored in iCloud Photo Library and then deleted, keeping “deleted” images for much longer than the advertised 30 days without telling anyone. Elcomsoft Phone Breaker 6.0 becomes the first tool on the market to gain access to deleted images going back past 30 days.
iOS Logical Acquisition: The Last Hope For Passcode-Locked Devices?
August 11th, 2016 by Oleg Afonin
For many months, a working jailbreak was not available for current versions of iOS. In the end of July, Pangu released public jailbreak for iOS 9.2-9.3.3. A few days ago, Apple patched the exploit and started seeding iOS 9.3.4. This was the shortest-living jailbreak in history.
Using Gmail API: The Forensic Way to Acquire Email
August 3rd, 2016 by Oleg Afonin
Just now, we’ve updated Elcomsoft Cloud Explorer to version 1.10. This new release adds the ability to download email messages from the user’s Gmail account for offline analysis. In order to do that, we had to develop a highly specialized email client. We opted to use Google’s proprietary Gmail API to download mail. In this article, we’ll explain our decision and detail the benefits you’ll be getting by choosing a tool that can talk to Gmail in Gmail language.
Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords
July 28th, 2016 by Oleg Afonin
Not all passwords provide equal protection. Some formats are more resistant to brute-force attacks than others. As an example, Microsoft Office 2013 and 2016 employ a smart encryption scheme that is very slow to decrypt. Even the fastest available GPU units found in NVIDIA’s latest GeForce GTX 1080 will only allow trying some 7100 passwords per second.
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part II)
July 27th, 2016 by Vladimir Katalov
How often do you think forensic specialists have to deal with encrypted containers? Compared with office documents and archives that are relatively infrequent, every second case involves an encrypted container. It may vary, but these evaluations are based on a real survey conducted by our company.
Mac OS Forensics: Attacking FileVault 2
July 27th, 2016 by Oleg Afonin
In the world of Windows dominance, Apple’s Mac OS X enjoys a healthy market share of 9.5% among desktop operating systems. The adoption of Apple’s desktop OS (macOS seems to be the new name) is steadily growing. This is why we are targeting Mac OS with our tools.
NVIDIA Pascal: a Great Password Cracking Tool
July 26th, 2016 by Oleg Afonin
During the last several years, progress on the CPU performance front has seemingly stopped. Granted, last-generation CPUs are cool, silent and power-efficient. Anecdotal evidence: my new laptop (a brand new Macbook) is about as fast as the Dell ultrabook it replaced. The problem? I bought the Dell laptop some five years ago. Granted, the Dell was thicker and noisier. It’s battery never lasted longer than a few hours. But it was about as fast as the new Macbook.
Elcomsoft Phone Viewer 2.20 Goes Stand-Alone
June 23rd, 2016 by Oleg Afonin
We have a bunch of mobile forensic tools. We have tools for extracting data from jailbroken iPhones and tools for decrypting password-protected backups. Tools for downloading data from iCloud and tools for analyzing user data mined by Google. We even have a tool for decrypting backups produced by BlackBerry 10, one of the most secure OS’es on the market.
Fingerprint Unlock Security: iOS vs. Google Android (Part II)
June 20th, 2016 by Oleg Afonin
Fingerprint Unlock Security: Google Android and Microsoft Hello
