Looks Can Lie: Is That Really an NVMe Drive?
March 17th, 2026 by Oleg Afonin
Many storage devices and adapter boards look alike. When holding a module with a connector that looks suspiciously like the M.2, how do you know exactly what you are dealing with? Is that M.2 board a SATA drive, a fast NVMe device or a Wi-Fi/Bluetooth combo? Will a drive removed from an Apple computer work in a simple mechanical adapter, or will it require the original Apple device to access? A physical connector does not guarantee the underlying technology.
iOS Logical Acquisition: The Last Hope For Passcode-Locked Devices?
August 11th, 2016 by Oleg Afonin
For many months, a working jailbreak was not available for current versions of iOS. In the end of July, Pangu released public jailbreak for iOS 9.2-9.3.3. A few days ago, Apple patched the exploit and started seeding iOS 9.3.4. This was the shortest-living jailbreak in history.
Using Gmail API: The Forensic Way to Acquire Email
August 3rd, 2016 by Oleg Afonin
Just now, we’ve updated Elcomsoft Cloud Explorer to version 1.10. This new release adds the ability to download email messages from the user’s Gmail account for offline analysis. In order to do that, we had to develop a highly specialized email client. We opted to use Google’s proprietary Gmail API to download mail. In this article, we’ll explain our decision and detail the benefits you’ll be getting by choosing a tool that can talk to Gmail in Gmail language.
Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords
July 28th, 2016 by Oleg Afonin
Not all passwords provide equal protection. Some formats are more resistant to brute-force attacks than others. As an example, Microsoft Office 2013 and 2016 employ a smart encryption scheme that is very slow to decrypt. Even the fastest available GPU units found in NVIDIA’s latest GeForce GTX 1080 will only allow trying some 7100 passwords per second.
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part II)
July 27th, 2016 by Vladimir Katalov
How often do you think forensic specialists have to deal with encrypted containers? Compared with office documents and archives that are relatively infrequent, every second case involves an encrypted container. It may vary, but these evaluations are based on a real survey conducted by our company.
Mac OS Forensics: Attacking FileVault 2
July 27th, 2016 by Oleg Afonin
In the world of Windows dominance, Apple’s Mac OS X enjoys a healthy market share of 9.5% among desktop operating systems. The adoption of Apple’s desktop OS (macOS seems to be the new name) is steadily growing. This is why we are targeting Mac OS with our tools.
NVIDIA Pascal: a Great Password Cracking Tool
July 26th, 2016 by Oleg Afonin
During the last several years, progress on the CPU performance front has seemingly stopped. Granted, last-generation CPUs are cool, silent and power-efficient. Anecdotal evidence: my new laptop (a brand new Macbook) is about as fast as the Dell ultrabook it replaced. The problem? I bought the Dell laptop some five years ago. Granted, the Dell was thicker and noisier. It’s battery never lasted longer than a few hours. But it was about as fast as the new Macbook.
Elcomsoft Phone Viewer 2.20 Goes Stand-Alone
June 23rd, 2016 by Oleg Afonin
We have a bunch of mobile forensic tools. We have tools for extracting data from jailbroken iPhones and tools for decrypting password-protected backups. Tools for downloading data from iCloud and tools for analyzing user data mined by Google. We even have a tool for decrypting backups produced by BlackBerry 10, one of the most secure OS’es on the market.
Fingerprint Unlock Security: iOS vs. Google Android (Part II)
June 20th, 2016 by Oleg Afonin
Fingerprint Unlock Security: Google Android and Microsoft Hello
Elcomsoft System Recovery UEFI Support
June 16th, 2016 by Oleg Afonin
As you may already know, we’ve released an update to Elcomsoft System Recovery, a tool allowing to reset or recover Windows and Microsoft Account passwords by booting from an external USB drive. The new build allows creating bootable USB drives for devices exclusively relying on UEFI bootloaders. Why was this change needed? Read below for an answer!
Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)
June 8th, 2016 by Vladimir Katalov
Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?
