Four Tools, One Workflow: Using Elcomsoft Desktop Forensic Tools on the Same Case

July 10th, 2026 by Oleg Afonin

Most people meet these four tools one product page at a time, which makes them look like four separate purchases for four separate problems. On a real desktop case they are closer to four stages of a single job. Each one hands its output to the next: Elcomsoft System Recovery and Elcomsoft Quick Triage pull the raw material off the machine, Forensic Disk Decryptor turns keys into mounted volumes, and Distributed Password Recovery grinds through whatever is left. In this article we will not go through the feature lists (the product pages do that job well enough); instead we will look at when to reach for each tool, and why the order in which you use them is not fixed but decided by the situation in front of you.

Read the rest of this entry »

Breaking into the Ecosystem: How One Weak Link Can Unlock a Secure Device

May 19th, 2025 by Oleg Afonin

A forensic examiner receives a locked smartphone – a recent-model iPhone, encrypted and secured with an unknown passcode. No tool works, checkm8 long obsolete, USB port locked. Is this a dead end? Not quite. iPhones don’t operate in isolation. They’re part of a digital ecosystem, and ecosystems often have weak points. This article explores how gaining access through a weak link  can compromise even the most secure smartphone.

Read the rest of this entry »

iOS Forensic Toolkit Now Supports All Models of Apple Watch

May 15th, 2025 by Oleg Afonin

We’ve released an important update to iOS Forensic Toolkit: the Toolkit expands logical acquisition to all newer models of Apple Watch starting from Apple Watch Series 6 (with a wired third-party adapter), Apple Watch Series 7 through 10, SE2, Ultra, and Ultra 2 (via a special wireless adapter). With this update, the Toolkit supports the complete range of Apple Watch devices with no gaps or omissions.

Read the rest of this entry »

Extraction Agent: Offline Extraction with All Developer Accounts

May 15th, 2025 by Oleg Afonin

We are excited to announce an update to Elcomsoft iOS Forensic Toolkit that solves a long-lasting issue connected to the installation and use of the low-level extraction agent. In version 8.70, we introduce a critical improvement: you can now sideload and launch the extraction agent completely offline using any Apple Developer account – regardless of when it was created. What exactly changed, and what does that mean for you? Read along to find out.

Read the rest of this entry »

Microsoft Goes Passwordless: Forensic Implications of Passwordless Microsoft Accounts

May 14th, 2025 by Oleg Afonin

Microsoft has officially announced that newly created Microsoft Accounts will now be passwordless by default for “simpler, safer sign-ins”. This change extends the direction set by Windows 11, where traditional passwords have been gradually phased out in favor of more secure and user-friendly authentication methods – such as PIN codes, biometrics, and passkeys. In this article, we will evaluate the forensic implications of this move.

Read the rest of this entry »

Forensic Implications of BitLocker-by-Default in Windows 11 24H2

May 8th, 2025 by Oleg Afonin

The Windows 11 24H2 update introduced a change in Microsoft’s approach to disk encryption, a shift that will have long lasting implications on digital forensics. In this release, BitLocker encryption is automatically enabled on most modern hardware when installing Windows when a Microsoft Account (MSA) is used during setup. Encryption starts seamlessly and silently in the background, covering even Home editions and consumer devices such as desktop computers that historically escaped full-disk encryption defaults.

Read the rest of this entry »

What’s New in Elcomsoft System Recovery 8.34: More Data, Faster Imaging, BitLocker Key Extraction

April 29th, 2025 by Oleg Afonin

We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool’s data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here’s a technical breakdown of the changes.

Read the rest of this entry »

Forensic Implications of Apple’s “Stolen Device Protection”

March 10th, 2025 by Oleg Afonin

With the release of iOS 17.3, Apple introduced a new security feature called “Stolen Device Protection.” This functionality is designed to prevent unauthorized access to sensitive data in cases where a thief has gained knowledge of an iPhone’s passcode. While this feature significantly enhances security for end users, it simultaneously creates substantial obstacles for digital forensic experts, complicating lawful data extraction.

Read the rest of this entry »

NVIDIA GeForce RTX 5090 Power Connectors Melting Again

March 6th, 2025 by Oleg Afonin

Just a week ago, we published an article about NVIDIA’s new generation of Blackwell-based graphics cards. Despite a noticeable price hike, performance gains in this generation are minimal, with one notable exception: the flagship GeForce RTX 5090 significantly outperforms its predecessor in all key aspects. However, this GPU has also revealed a potential issue that could make its use in workstations running 24/7 problematic and potentially unsafe.

Read the rest of this entry »

NVIDIA Blackwell is Out: Should You Upgrade?

February 27th, 2025 by Oleg Afonin

The newly introduced NVIDIA GeForce RTX 50 series (Blackwell architecture) brings significant changes. Notably, NVIDIA claims a doubling of integer (INT32) computation throughput per clock cycle compared to the previous Ada Lovelace architecture; this is described in the company’s whitepaper.

Read the rest of this entry »

Apple Disables Advanced Data Protection for iCloud in UK

February 25th, 2025 by Oleg Afonin

In the beginning of February, Apple may have received a secret order requiring the company to create an encryption backdoor. According to a leak, the UK government demanded blanket, covert access to all sorts of encrypted data globally. After that demand, Apple decided to disable Advanced Data Protection for iCloud in the UK, issuing an official statement. What does that mean for the law enforcement, and what consequences are expected for the end users?

Read the rest of this entry »