Extended Mobile Forensics: Analyzing Desktop Computers
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and...
View ArticleClik here to view.
Why iOS 12.4 Jailbreak Is a Big Deal for the Law Enforcement
By this time, seemingly everyone has published an article or two about Apple re-introducing the vulnerability that was patched in the previous version of iOS. The vulnerability was made into a known...
View ArticleClik here to view.
How To Access Screen Time Password and Recover iOS Restrictions Password
The Screen Time passcode (known as the Restrictions passcode in previous versions of iOS) is a separate 4-digit passcode designed to secure changes to the device settings and the user’s Apple ID...
View ArticleClik here to view.
How to Extract and Decrypt Signal Conversation History from the iPhone
With over half a million users, Signal is an incredibly secure cross-platform instant messaging app. With emphasis on security, there is no wonder that Signal is frequently picked as a communication...
View ArticleClik here to view.
Apple TV Forensics 03: Analysis
.longline { word-wrap: break-word; word-break: break-all; } This post continues the series of articles about Apple companion devices. If you haven’t seen them, you may want to read Apple TV and Apple...
View ArticleiOS 12.4 File System Extraction
The iOS 12.4 jailbreak is out, and so is Elcomsoft iOS Forensic Toolkit. Using the two together, one can image the file system and decrypt the keychain of iPhone and iPad devices running most versions...
View ArticleClik here to view.
iOS Acquisition on Windows: Tips&Tricks
When you perform Apple iCloud acquisition, it almost does not matter what platform to use, Windows or macOS (I say almost, because some differences still apply, as macOS has better/native iCloud...
View ArticleClik here to view.
USB Restricted Mode in iOS 13: Apple vs. GrayKey, Round Two
While the dust surrounding the controversy of rushed iOS 13 release settles, we are continuing our research on what has changed in iOS forensics. In this article we’ll review the new policy on USB...
View ArticleClik here to view.
How to Extract Screen Time Passcodes and Voice Memos from iCloud
The Screen Time passcode is an optional feature of iOS 12 and 13 that can be used to secure the Content & Privacy Restrictions. Once the password is set, iOS will prompt for the Screen Time...
View ArticleClik here to view.
Four and a Half Apple Passwords
Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms,...
View ArticleWhat is Password Recovery and How It Is Different from Password Cracking
Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types...
View ArticleClik here to view.
Forensic Acquisition of Apple TV with checkra1n Jailbreak
Are you excited about the new checkm8 exploit? If you haven’t heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit...
View ArticleClik here to view.
iOS Device Acquisition with checkra1n Jailbreak
We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak. Why is the checkra1n jailbreak so...
View ArticleClik here to view.
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
We have recently updated Elcomsoft iOS Forensic Toolkit, adding the ability to acquire the file system from a wide range of iOS devices. The supported devices include models ranging from the iPhone 5s...
View ArticleOur Developments and Achievements in 2019
For us, this year has been extremely replete with all sorts of developments in desktop, mobile and cloud forensics. We are proud with our achievements and want to share with you. Let’s have a quick...
View ArticleClik here to view.
The True Meaning of iOS Recovery, DFU and SOS Modes for Mobile Forensics
What is DFU, and how is it different from the recovery mode? How do you switch the device to recovery, DFU or SOS mode, what can you do while in these modes and what do they mean in the context of...
View ArticleClik here to view.
Apple vs. Law Enforcement: Cloud Forensics
Today’s smartphones collect overwhelming amounts of data about the user’s daily activities. Smartphones track users’ location and record the number of steps they walked, save pictures and videos they...
View ArticleClik here to view.
The Worst Mistakes in iOS Forensics
What can possibly go wrong with that iPhone? I’ll have a look (oh, it’s locked!), then switch it off, eject the SIM card and pass it on to the expert. Well, you’ve just made three of the five most...
View ArticleClik here to view.
Apple vs Law Enforcement: Cloudy Times
Just days ago, we have reviewed the data stored in iCloud, and studied its encryption mechanisms. We also discussed the discrepancies between the data that is stored in the cloud and the data that’s...
View ArticleClik here to view.
Full File System Acquisition of iPhone 11 and Xr/Xs with iOS 13
The popular unc0ver jailbreak has been updated to v4, and this is quite a big deal. The newest update advertises support for the latest A12 and A13 devices running iOS 13 through 13.3. The current...
View Article
