BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by default on compatible devices if th| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windo| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
Welcome to Part 5 of the Perfect Acquisition series! In case you missed the previous parts, please check them out for background information. This section provides a comprehensive guide to performing the Perfect APFS Acquisition procedure. Perfect Acquisition Part 1: Introduction Perfect Acquisition Part 2: iOS Background Perfect Acquisition Part 3: Perfect HFS Acquisition Perfect […]| ElcomSoft blog
We previously tested disk imaging speeds using high-performance storage devices. But raw speed is only part of the equation. Even under ideal conditions, getting a fully correct and complete image can be tricky. And achieving peak speed consistently is even harder – many factors can slow things down, and sometimes even corrupt the results. In […]| ElcomSoft blog
Artificial intelligence is everywhere - from phones that guess your next move to fridges that shop for you. It's only natural to ask whether AI can help in a more serious domain: digital forensics, specifically password cracking. The idea sounds promising: use large language models (LLMs) to produce| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
Over the years, we’ve published numerous guides on installing the iOS Forensic Toolkit extraction agent and troubleshooting issues. As both the tool and its environment evolved, so did our documentation – often leading to outdated or scattered information. This article consolidates and updates everything in one place, detailing the correct installation and troubleshooting procedures. Introduction […]| ElcomSoft blog
Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS, and other devices from Apple ecosystems. Originally designed for debugging and diagnostics, these logs capture a continuous stream of detailed system activity – including app behavior, biometric events, power state changes, and connectivity transitions. In digital forensics, where […]| ElcomSoft blog
In June 2025, headlines shouted that 16 billion passwords had leaked. Major outlets warned that credentials for Apple, Google, and other platforms were now exposed. As expected, this triggered a wave of public anxiety and standard advice: change your passwords immediately. Upon closer examination, however, technical sources clarified the situation. This was not a new […]| ElcomSoft blog
When it comes to digital evidence, most investigators naturally focus on smartphones - and occasionally tablets. But the rest of the Apple ecosystem often goes unnoticed: Apple Watch, Apple TV, HomePod, even older iPod Touch models. These supplementary devices might seem irrelevant, but they can con| ElcomSoft blog
The first developer beta of iOS 17.3 includes Stolen Device Protection, a major new security feature designed to protect the user's sensitive information stored in the device and in iCloud account if their iPhone is stolen and the thief gets access to the phone's passcode. This optional feature coul| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
SSD forensics is an ongoing subject. While SSD manufacturers increase storage densities and implement non-trivial methods for wear leveling, caching and write acceleration, forensic experts start using new methods for imaging solid-state media. In this article, we discuss the possibility of using fa| ElcomSoft blog
If you're doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs - especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering delete| ElcomSoft blog
When performing forensic tasks on Apple devices, the order in which you enter device modes can make a big difference. While DFU mode is necessary for certain extractions, especially using checkm8, going straight into DFU might not be your best option. Starting with Recovery Mode offers several advantages that make it a safer, faster approach. […]| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
We've released an important update to iOS Forensic Toolkit: the Toolkit expands logical acquisition to all newer models of Apple Watch starting from Apple Watch Series 6 (with a wired third-party adapter), Apple Watch Series 7 through 10, SE2, Ultra, and Ultra 2 (via a special wireless adapter). Wit| ElcomSoft blog
We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool's data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here's a technical breakdown of the changes.| ElcomSoft blog
We are excited to announce the release of an open-source software for Raspberry Pi 4 designed to provide firewall functionality for sideloading, signing, and verifying the extraction agent that delivers robust file system imaging and keychain decryption on a wide range of Apple devices. This develop| ElcomSoft blog
Agent-based low-level extraction of Apple mobile devices requires sideloading an app onto the device, which is currently far from seamless. One can only run sideloaded apps if they are signed with a device-specific digital signature, which must be validated by an Apple server. Establishing a connect| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
Welcome to part 2 of the Perfect Acquisition series! In case you missed part 1, make sure to check it out before continuing with this article. In this section, we will dive deeper into iOS data protection and understand the obstacles we need to overcome in order to access the data, which in turn wil| ElcomSoft blog
Forensic acquisition has undergone significant changes in recent years. In the past, acquisition was relatively easy, with storage media easily separable and disk encryption not yet widespread. However, with the rise of mobile devices and their built-in encryption capabilities, acquiring data has be| ElcomSoft blog
We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additiona| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
All about mobile devices and technologies| ElcomSoft blog
Elcomsoft news| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
«...Everything you wanted to know about password recovery, data decryption, mobile & cloud forensics...»| ElcomSoft blog
In the field of digital forensics, properly handling the task of disk imaging is crucial for preserving data integrity. Using write blockers ensures that no data is altered during the imaging process, a key requirement for maintaining the chain of custody. While there are many factors influencing th| ElcomSoft blog
Welcome to Part 4 of the Perfect Acquisition series! In case you missed the other parts (1, 2, and 3), please check them out for more background information, or dive straight in and learn how to perform Perfect HFS Acquisition yourself. This section contains a comprehensive guide on how to perform t| ElcomSoft blog
Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could util| ElcomSoft blog
Apple accounts are used in mobile forensics for sideloading third-party apps such as our own low-level extraction agent. Enrolling an Apple ID into Apple Developer Program has tangible benefits for experts, but are they worth the investment? Some years back, it was a reassuring "yes". Today, it's no| ElcomSoft blog
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple| ElcomSoft blog
