What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
June 2nd, 2025 by Oleg Afonin
If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks down what TRIM actually does, how SSDs respond, and what forensic experts need to know when handling modern storage.
Updated iOS Forensic Toolkit Ready for iOS 5.1, Tries Top 100 Common Passcodes First
March 12th, 2012 by Olga Koksharova
Today, we released an updated version of iOS Forensic Toolkit. It’s not as much of an update to make big news shout, but the number of improvements here and there warrants a blog post, and is definitely worth upgrading to if you’re dealing with multiple iPhones on a daily basis.
Breaking Wi-Fi Passwords: Exploiting the Human Factor
March 8th, 2012 by Olga Koksharova
Attacking Wi-Fi passwords is near hopeless if a wireless hotspot is properly secured. Today’s wireless security algorithms such as WPA are using cryptographically sound encryption with long passwords. The standard enforces the use of passwords that are at least 8 characters long. Encryption used to protect wireless communications is tough and very slow to break. Brute-forcing WPA/WPA2 PSK passwords remains a hopeless enterprise even if a horde of GPU’s is employed. Which is, in general, good for security – but may as well inspire a false sense of security if a weak, easy to guess password is selected.
ElcomSoft Discovers Most of Its Customers Want Stricter Security Policies but Won’t Bother Changing Default Passwords
February 22nd, 2012 by Olga Koksharova
We runned yet another Password Usage Bahaviour survey on our Web site and gthered statistically significant data, reflected in the following charts. And the main conclusion was that most people working with sensitive information want stricter security policies but rarely bother changing default passwords.
Newer iOS Forensic Toolkit Acquires iPhones in 20 Minutes, Including iOS 5
November 1st, 2011 by Olga Koksharova
iOS 5 Support
EPPB: Now Recovering BlackBerry Device Passwords
September 29th, 2011 by Andrey Belenko
Less than a month ago, we updated our Elcomsoft Phone Password Breaker tool with the ability to recover master passwords for BlackBerry Password Keeper and BlackBerry Wallet. I have blogged about that and promised the “next big thing” for BlackBerry forensics to be coming soon. The day arrived.
New version of EPPB: Recovering Master Passwords for BlackBerry Password Keeper and BlackBerry Wallet
August 30th, 2011 by Andrey Belenko
Conferences are good. When attending Mobile Forensics Conference this year (and demoing our iOS Forensic Toolkit), we received a lot of requests for tools aimed at BlackBerry forensics. Sorry guys, we can’t offer the solution for physical acquisition of BlackBerries (yet), but there is something new we can offer right now.
Visiting BlackHat and DefCon 2011
August 22nd, 2011 by Olga Koksharova
Yet again, we are back from a couple of conferences organized specially for heavy computer users like us. We are particularly happy that our company was again warmly welcomed by the overseas hacking community – thank you for accepting and visiting our talk – and that FBI didn’t bother us too much during our stay, though they didn’t miss a chance to scare the crap out of Andrey and Vladimir right before their departure back to Moscow. Apart from that little episode with three-letter guys everything went smoothly.
