“Get Verification Code” Is Missing in iOS 18 and iOS 26; Here’s Where It Went
June 19th, 2026 by Oleg Afonin
If you have an Apple device running iOS 18 or iOS 26 and gone looking for the old Get Verification Code option under Settings → [user name] → Sign-In & Security, you’ve probably noticed it’s no longer there. A quick search turns up forum threads, support comments, and even GitHub issues all reaching the same conclusion: Apple removed it. Some posts go further and call it “deprecated” or “Apple’s middle finger to users of older devices.” That conclusion is wrong. The option still exists in iOS 26. It just doesn’t show up the way it used to.
Breaking into Password Managers: from Bitwarden to Zoho Vault
September 30th, 2025 by Oleg Afonin
The latest update to Elcomsoft Distributed Password Recovery added eight additional password management tools to the list of supported data formats. The software can now attack master passwords protecting databases from Bitwarden, Dropbox Passwords, Enpass, Kaspersky, Keeper, Roboform, Sticky Password, and Zoho Vault password managers. Let’s talk about password managers – and how to handle them in a forensic lab.
iPhone 17: the End of PWM Flickering?
September 29th, 2025 by Oleg Afonin
Like the previous generation of iPhones, the iPhone 17 range employs OLED panels that are prone to flickering, which some people are sensitive to. The flickering is caused by PWM (Pulse Width Modulation), a technology used by OLED manufacturers to control display brightness. The screen flickering is particularly visible in low ambient brightness conditions, and may cause eyestrain with sensitive users. Fortunately, in this generation Apple provided a simple solution to get rid of the flickering by finally adding the DC Dimming option.
Apple Face ID: Security Implications and Potential Vulnerabilities
September 23rd, 2025 by Oleg Afonin
Since its introduction with the iPhone X in 2017, Apple’s Face ID has become one of the most widely used biometric authentication systems in the world, often praised for its convenience and technological sophistication. Yet, like any system that relies on human biology, it has its share of limitations: reports of identical twins, close relatives or young children occasionally unlocking a parent’s device have circulated since its debut.
Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
Perfect Acquisition Part 5: Perfect APFS Acquisition
July 21st, 2025 by Elcomsoft R&D
Welcome to Part 5 of the Perfect Acquisition series! In case you missed the previous parts, please check them out for background information. This section provides a comprehensive guide to performing the Perfect APFS Acquisition procedure.
Issues Affecting Forensic Disk Imaging
July 10th, 2025 by Oleg Afonin
We previously tested disk imaging speeds using high-performance storage devices. But raw speed is only part of the equation. Even under ideal conditions, getting a fully correct and complete image can be tricky. And achieving peak speed consistently is even harder – many factors can slow things down, and sometimes even corrupt the results. In this article, we explore the key reasons why both speed and accuracy can fall short during disk imaging.
AI-Driven Password Recovery: Myth or Reality?
July 8th, 2025 by Oleg Afonin
Artificial intelligence is everywhere – from phones that guess your next move to fridges that shop for you. It’s only natural to ask whether AI can help in a more serious domain: digital forensics, specifically password cracking. The idea sounds promising: use large language models (LLMs) to produce rules and templates for guessing highly probable password variants, prioritizing the most likely ones first. But in practice, things aren’t so straightforward.
Installing and Troubleshooting the Extraction Agent (2025)
July 2nd, 2025 by Oleg Afonin
Over the years, we’ve published numerous guides on installing the iOS Forensic Toolkit extraction agent and troubleshooting issues. As both the tool and its environment evolved, so did our documentation – often leading to outdated or scattered information. This article consolidates and updates everything in one place, detailing the correct installation and troubleshooting procedures.
Extracting and Analyzing Apple sysdiagnose Logs
June 27th, 2025 by Oleg Afonin
Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS, and other devices from Apple ecosystems. Originally designed for debugging and diagnostics, these logs capture a continuous stream of detailed system activity – including app behavior, biometric events, power state changes, and connectivity transitions. In digital forensics, where traditional sources of evidence like backups or app data may be encrypted or inaccessible, the logs provide an alternative and often untapped reservoir of forensic artifacts. This article explores the content, availability, and forensic value of Apple logs collected via sysdiagnose across different device types, focusing on practical methods for extraction and analysis using modern forensic tools.
The 16 Billion Passwords Panic: What Really Happened and Why It Matters (Or Doesn’t)
June 23rd, 2025 by Oleg Afonin
In June 2025, headlines shouted that 16 billion passwords had leaked. Major outlets warned that credentials for Apple, Google, and other platforms were now exposed. As expected, this triggered a wave of public anxiety and standard advice: change your passwords immediately. Upon closer examination, however, technical sources clarified the situation. This was not a new breach, nor did it expose fresh credentials. The dataset was an aggregation of previously leaked databases, malware logs from infostealers, junk records and millions of duplicate entries. Essentially, it was old material, repackaged and redistributed under a sensational label. For digital forensics teams, however, the question remains open: could this kind of dataset be useful in real-world password recovery? In this article, we will explore if massive password leaks have practical value in the lab.
