Elcomsoft Forensic Acquisition System (EFAS)
May 2nd, 2024 by Elcomsoft R&D
Forensic acquisition using Elcomsoft iOS Forensic Toolkit (EIFT) has undergone significant changes over the last few years. The earlier major branch, EIFT 7, was a carefully crafted but Windows-only script that automated the use of several bundled tools and guided the user without requiring them to know how to use each of them individually. EIFT 8 brought many new features, a more powerful interface and widespread support for new devices and host operating systems. Due to restrictions and challenges, not all features were immediately available on all platforms. There are still some minor differences in features between Windows, Linux, and macOS versions of the tool.
The Implications of Resetting the Screen Lock Passcode in iOS Forensics
April 30th, 2024 by Oleg Afonin
In the realm of iOS device forensics, the use of the checkm8 exploit for low-level extractions has become a common practice. However, when using this method, you may occasionally need to remove the device’s screen lock passcode, which can lead to several undesirable consequences. In this article, we’ll study these consequences and learn when you need a screen lock reset, when it can be avoided, and how what the latest iOS Forensic Toolkit has to do with it.
All You Wanted To Know About iOS Backups
April 17th, 2024 by Oleg Afonin
iOS backup passwords are a frequent topic in our blog. We published numerous articles about these passwords, and we do realize it might be hard for a reader to get a clear picture from these scattered articles. This one publication is to rule them all. We’ll talk about what these passwords are, how they affect things, how to recover them, whether they can be reset, and whether you should bother. We’ll summarize years of research and provide specific recommendations for dealing with passwords.
checkm8: Advancements in iOS 16 Forensic Extraction
March 15th, 2024 by Elcomsoft R&D
In iOS device forensics, the process of low-level extraction plays a crucial role in accessing essential data for analysis. Bootloader-level extraction through checkm8 has consistently been the best and most forensically sound method for devices with a bootloader vulnerability. But even though we brought the best extraction method to Linux and Windows in recent releases, support for iOS 16 on these platforms was still lacking behind. In this article we’ll talk about the complexities in iOS 16 extractions and how we worked around them in the newest release of iOS Forensic Toolkit.
Resource Management in Distributed Password Attacks
February 20th, 2024 by Oleg Afonin
In the latest update, Elcomsoft Distributed Password Recovery introduced a new feature that allows managing the available computational resources. The new resource management capability allows administrators to manage and distribute the available computational resources across multiple jobs. The feature enables users to tap into a pool of available resources by requesting a certain number of recovery agents. The reserved recovery agents will be allocated, allowing multiple jobs to run separately at the same time.
Bootloader-Level Extraction for Apple Hardware
February 9th, 2024 by Oleg Afonin
The bootloader vulnerability affecting several generations of Apple devices, known as “checkm8”, allows for forensically sound extraction of a wide range of Apple hardware including several generations of iPhones, iPads, Apple Watch, Apple TV, and even HomePod devices. The exploit is available for chips that range from the Apple A5 found in the iPhone 4s and several iPad models to A11 Bionic empowering the iPhone 8, 8 Plus, and iPhone X; older devices such as the iPhone 4 have other bootloader vulnerabilities that can be exploited to similar effect. In this article, we will go through the different chips and their many variations that are relevant for bootloader-level extractions.
EU: Apple to Allow Alternative App Marketplaces
February 6th, 2024 by Vladimir Katalov
In the upcoming iOS 17.4 update, Apple is introducing significant changes to its App Store policies for apps distributed in the European Union. The new policy brings multiple changes, one of them being alternative app marketplaces (which are effectively third-party app stores). These changes have both technical and financial implications for developers, but do they bring news to the digital forensic crowd? Let’s have a look into what Apple’s new policy brings and how it may impact forensic experts.
Navigating NVIDIA’s Super 40-Series GPU Update: A Guide for IT Professionals
February 2nd, 2024 by Oleg Afonin
With the launch of the Super update of 40-Series NVIDIA GPUs, the company’s product lineup has become quite complex. In the 4070 series alone, four models of the NVIDIA GeForce RTX are available: the original 4070, 4070 Ti, and now also 4070 Super, and 4070 Ti Super. Understanding the differences between these cards and learning which models offer the best price/performance ratio in password recovery jobs are crucial considerations for IT professionals.
iOS Forensic Toolkit: Mounting HFS Images in Windows
February 1st, 2024 by Oleg Afonin
The latest update to iOS Forensic Toolkit brought the ability to mount HFS disk images extracted from legacy Apple devices as drive letters on Windows systems. This new capability to mount HFS images on Windows empowers experts to efficiently process and analyze digital evidence extracted from legacy Apple devices on Windows-based computers. This article provides detailed instructions on using the new feature.
Changes to U.S. iOS App Store Policies Allow External Purchase Links
January 17th, 2024 by Vladimir Katalov
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple will continue to collect a commission ranging from 12 to 27 percent on content purchased through this avenue, providing only a 3 percentage points commission cut compared to purchases made through the official Apple App Store.
