Posts Tagged ‘Windows’

We have exciting news: iOS Forensic Toolkit 8 is now available for Windows users in the all-new Windows edition. The new build maintains and extends the functionality of EIFT 7, which is now approaching the end of its life cycle. In addition, we’ve made the Toolkit portable, eliminating the need for installation. Learn what’s new in the eights version of the Toolkit!

In the world of digital investigations, the sheer volume of data and the challenge of identifying valuable evidence can be overwhelming. Often, investigators find themselves faced with the need for optimization — the ability to quickly and seamlessly identify what is valuable and requires further examination. We aim to fulfill this need by introducing a new forensic toolkit in Elcomsoft System Recovery, a powerful bootable tool designed to speed up investigations, quickly identify and collect digital evidence right on the spot.

Access to encrypted information can be gained through various methods, including live system analysis (1 and 2), using bootable forensic tools, analysis of sleep/hibernation files, and exploiting TPM vulnerabilities, with password recovery being the last option on the list. Each method has different resource requirements and should be used in order of least resource-intensive to most time-consuming, with password recovery as the last resort. Familiarize yourself with the different encryption recovery strategies and learn about data formats with weak protection or known vulnerabilities.

Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time, NTLM passwords can be used to unlock DPAPI-protected data such as the user’s passwords stored in Web browsers, encrypted chats, EFS-protected files and folders, and a lot more. In this article we argue about prioritizing the recovery of NTLM hashes over any other types of encrypted data.

Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different types of protection. There is also Windows Hello with PIN codes, which are protected differently from everything else. How secure are these types of passwords, and how can you break them? Read along to find out!

Elcomsoft System Recovery 8.30 introduced the ability to break Windows Hello PIN codes on TPM-less computers. This, however, was just one of the many new features added to the updated release. Other features include the ability to detect Microsoft Azure accounts and LUKS2 encryption, as well  as new filters for bootable forensic tools.

Encrypting a Windows system drive with BitLocker provides effective protection against unauthorized access, especially when paired with TPM. A hardware upgrade, firmware update or even a change in the computer’s UEFI BIOS may effectively lock you out, making your data inaccessible and the Windows system unbootable. How to prevent being locked out and how to restore access to the data if you are prompted to unlock the drive? Read along to find out.

While we are still working on the new version of Elcomsoft iOS Forensic Toolkit featuring forensically sound and nearly 100% compatible checkm8 extraction, an intermediate update is available with two minor yet important improvements. The update makes it easier to install the tool on macOS computers, and introduces a new agent extraction option.

How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.

When you perform Apple iCloud acquisition, it almost does not matter what platform to use, Windows or macOS (I say almost, because some differences still apply, as macOS has better/native iCloud support). Logical acquisition can be done on any platform as well. But when doing full file system acquisition of jailbroken devices using Elcomsoft iOS Forensic Toolkit, we strongly recommend using macOS. If you are strongly tied to Windows, however, there are some things you should know.