Extracting and Analyzing Apple sysdiagnose Logs
June 27th, 2025 by Oleg Afonin
Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS, and other devices from Apple ecosystems. Originally designed for debugging and diagnostics, these logs capture a continuous stream of detailed system activity – including app behavior, biometric events, power state changes, and connectivity transitions. In digital forensics, where traditional sources of evidence like backups or app data may be encrypted or inaccessible, the logs provide an alternative and often untapped reservoir of forensic artifacts. This article explores the content, availability, and forensic value of Apple logs collected via sysdiagnose across different device types, focusing on practical methods for extraction and analysis using modern forensic tools.
Office 2010: two times more secure
July 28th, 2009 by Andrey Malyshev
We are waiting for release of new Microsoft office suite – Office 2010. Right now Microsoft has only technical preview of new Office; this preview has been leaked from Microsoft and everyone can download it with the help of torrent trackers. We’ve got a copy of Office 2010 and analysed its (new) password protection.
ElcomSoft News
July 22nd, 2009 by Katerina Korolkova, Direktur Humas
As the second summer month is coming to an end, it’s time to sum up our news and updates that you might have missed because of vacation in some tropical heaven. Last two weeks brought us really hot days, not only because of the temperature in Moscow City but also due to hard work on program updates. Here is the news:
Password masking: myths and truths
July 7th, 2009 by Vladimir Katalov
In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.
Disaster Recovery and its key objectives
July 6th, 2009 by Olga Koksharova
New statistics* shows disaster recovery (DR) is getting more attention, and more upper level execs become involved with DR issues. Ideally, each company should have an emergency plan in case of power/system failure, loss of access, outside attack, sabotage or else – called DRP (disaster recovery plan) or even DRRP (disaster response and recovery plan). DRP is only a part of risk management practices which ensure emergency preparedness and risk reduction and include such initiatives as regular data backups, stocking recovery software, archiving, etc. – these activities are reflected in PMI and NIST standards.
Encryption and decryption from security law perspective (Part II)
July 3rd, 2009 by Olga Koksharova
In my previous post I suggested several variants of computer security translated by different laws. Now I’d like to get to ciphers…again viewed by law.
Rumored AMD Phenom II X4 TWKR chips accessible?
July 1st, 2009 by Olga Koksharova
Not long ago I wrote about AMD’s TWKR when the first rumors reached the media. Now we have more news on that. And the sad one is that TWKR still cannot be purchased in retail and most probably won’t be, at least not the ones from the sought-after 100 exemplars that exist today.
Password by Toolman
July 1st, 2009 by Olga Koksharova
Do you understand a word? Except for "password"? Translator needed! 🙂
Reasonable, appropriate, adequate…security (Part I)
June 30th, 2009 by Olga Koksharova
Most laws define security obligations as reasonable, appropriate, suitable, necessary, adequate etc. without giving more precise directives to follow. Is it good or bad? And what should be known about these standards?
Thunder Tables – now registered trademark
June 29th, 2009 by Olga Koksharova
Good news over here! We’ve got a nice and shiny registration certificate from the United States Patent and Trademark Office. Now our Thunder Tables have their (R) sign.
