Extended Mobile Forensics: Analyzing Desktop Computers
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and...
View ArticleWhy iOS 12.4 Jailbreak Is a Big Deal for the Law Enforcement
By this time, seemingly everyone has published an article or two about Apple re-introducing the vulnerability that was patched in the previous version of iOS. The vulnerability was made into a known...
View ArticleHow To Access Screen Time Password and Recover iOS Restrictions Password
The Screen Time passcode (known as the Restrictions passcode in previous versions of iOS) is a separate 4-digit passcode designed to secure changes to the device settings and the user’s Apple ID...
View ArticleHow to Extract and Decrypt Signal Conversation History from the iPhone
With over half a million users, Signal is an incredibly secure cross-platform instant messaging app. With emphasis on security, there is no wonder that Signal is frequently picked as a communication...
View ArticleApple TV Forensics 03: Analysis
.longline { word-wrap: break-word; word-break: break-all; } This post continues the series of articles about Apple companion devices. If you haven’t seen them, you may want to read Apple TV and Apple...
View ArticleiOS 12.4 File System Extraction
The iOS 12.4 jailbreak is out, and so is Elcomsoft iOS Forensic Toolkit. Using the two together, one can image the file system and decrypt the keychain of iPhone and iPad devices running most versions...
View ArticleiOS Acquisition on Windows: Tips&Tricks
When you perform Apple iCloud acquisition, it almost does not matter what platform to use, Windows or macOS (I say almost, because some differences still apply, as macOS has better/native iCloud...
View ArticleUSB Restricted Mode in iOS 13: Apple vs. GrayKey, Round Two
While the dust surrounding the controversy of rushed iOS 13 release settles, we are continuing our research on what has changed in iOS forensics. In this article we’ll review the new policy on USB...
View ArticleHow to Extract Screen Time Passcodes and Voice Memos from iCloud
The Screen Time passcode is an optional feature of iOS 12 and 13 that can be used to secure the Content & Privacy Restrictions. Once the password is set, iOS will prompt for the Screen Time...
View ArticleFour and a Half Apple Passwords
Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms,...
View ArticleWhat is Password Recovery and How It Is Different from Password Cracking
Why wasting time recovering passwords instead of just breaking in? Why can we crack some passwords but still have to recover the others? Not all types of protection are equal. There are multiple types...
View ArticleForensic Acquisition of Apple TV with checkra1n Jailbreak
Are you excited about the new checkm8 exploit? If you haven’t heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit...
View ArticleiOS Device Acquisition with checkra1n Jailbreak
We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak. Why is the checkra1n jailbreak so...
View ArticleBFU Extraction: Forensic Analysis of Locked and Disabled iPhones
We have recently updated Elcomsoft iOS Forensic Toolkit, adding the ability to acquire the file system from a wide range of iOS devices. The supported devices include models ranging from the iPhone 5s...
View ArticleOur Developments and Achievements in 2019
For us, this year has been extremely replete with all sorts of developments in desktop, mobile and cloud forensics. We are proud with our achievements and want to share with you. Let’s have a quick...
View ArticleThe True Meaning of iOS Recovery, DFU and SOS Modes for Mobile Forensics
What is DFU, and how is it different from the recovery mode? How do you switch the device to recovery, DFU or SOS mode, what can you do while in these modes and what do they mean in the context of...
View ArticleApple vs. Law Enforcement: Cloud Forensics
Today’s smartphones collect overwhelming amounts of data about the user’s daily activities. Smartphones track users’ location and record the number of steps they walked, save pictures and videos they...
View ArticleThe Worst Mistakes in iOS Forensics
What can possibly go wrong with that iPhone? I’ll have a look (oh, it’s locked!), then switch it off, eject the SIM card and pass it on to the expert. Well, you’ve just made three of the five most...
View ArticleApple vs Law Enforcement: Cloudy Times
Just days ago, we have reviewed the data stored in iCloud, and studied its encryption mechanisms. We also discussed the discrepancies between the data that is stored in the cloud and the data that’s...
View ArticleFull File System Acquisition of iPhone 11 and Xr/Xs with iOS 13
The popular unc0ver jailbreak has been updated to v4, and this is quite a big deal. The newest update advertises support for the latest A12 and A13 devices running iOS 13 through 13.3. The current...
View Article
More Pages to Explore .....