Archive for the ‘Elcomsoft News’ category

In the world of digital forensics, there are various ways to analyze computer systems. You might be familiar live system analysis or investigating forensic disk images, but there’s yet another method called cold system analysis. Unlike live analysis where experts deal with active user sessions, cold system analysis works differently. It’s like a middle ground between live analysis and examining saved images of a computer’s storage. But why and when would someone use cold analysis? What can you do with it, and how does it compare to the usual methods?

We have exciting news: iOS Forensic Toolkit 8 is now available for Windows users in the all-new Windows edition. The new build maintains and extends the functionality of EIFT 7, which is now approaching the end of its life cycle. In addition, we’ve made the Toolkit portable, eliminating the need for installation. Learn what’s new in the eights version of the Toolkit!

We are excited to announce the release of an open-source software for Orange Pi R1 LTS designed to provide firewall functionality for sideloading, signing, and verifying the extraction agent that delivers robust file system imaging and keychain decryption on a wide range of Apple devices with iOS Forensic Toolkit. This development aims to address the growing security challenge faced by forensic experts when sideloading the extraction agent using regular and developer Apple accounts.

When it comes to iOS data acquisition, Elcomsoft iOS Forensic Toolkit is the top choice for forensic experts. Its cutting-edge features and unmatched capabilities have made it the go-to software for investigating iOS devices. In a recent update, we expanded the capabilities of the low-level extraction agent to support full file system extraction and keychain decryption on Apple’s newest devices running iOS 16.5. This achievement represents a breakthrough, as the delay between Apple’s iOS updates and our forensic software release has significantly reduced.

When it comes to iOS data acquisition, Elcomsoft iOS Forensic Toolkit stands head and shoulders above the competition. With its cutting-edge features and unmatched capabilities, the Toolkit has become the go-to software for forensic investigations on iOS devices. The recent update expanded the capabilities of the tool’s low-level extraction agent, adding keychain decryption support on Apple’s newest devices running iOS 16.0 through 16.4.

A while ago, we introduced an innovative mechanism that enabled access to parts of the file system for latest-generation Apple devices. The process we called “partial extraction” relied on a weak exploit that, at the time, did not allow a full sandbox escape. We’ve been working to improve the process, slowly lifting the “partial” tag from iOS 15 devices. Today, we are introducing a new, enhanced low-level extraction mechanism that enables full file system extraction for the iOS 16 through 16.3.1 on all devices based on Apple A12 Bionic and newer chips.

Intel has unveiled its latest lineup of dedicated graphics cards, driven by the powerful Intel Xe architecture. The Intel Arc series showcases impressive performance, rivaling mid-range offerings from competing brands, while maintaining an exceptional price-performance ratio that outperforms NVIDIA’s counterparts. In this article, we explore the potential of Intel Arc GPUs for forensic password recovery and delve into their performance capabilities, comparing them with both Intel’s built-in graphics and mid-range NVIDIA RTX boards.

Every three years, NVIDIA releases a new architecture used in their GeForce series graphics cards. Powered by Ada Lovelace, the new generation of GPUs delivers 80% better performance in password recovery compared to Ampere. While the new generation of NVIDIA graphics is faster and more efficient than Ampere, it also received a price hike. Is the update worth it for the forensic experts? Let’s try to find out.

As a provider of mobile forensic tools, we at Elcomsoft strongly believe in giving back to the community. Our iOS Forensic Toolkit (EIFT) is a highly complex and powerful mobile acquisition tool, consisting of almost eighty sub-projects, many of which are open source. While we have benefited from the contributions of the community, we also believe that it’s time to contribute back to the open source community by publishing our changes to those projects as required by their permissive license.

Last month, we introduced a new low-level mechanism, which enabled access to parts of the file system from many Apple devices. The partial extraction process relies on a weak exploit that did not allow full sandbox escape. Today, the limitations are gone, and we are proud to offer the full file system extraction and keychain decryption for the entire iOS 15 range up to and including iOS/iPadOS 15.7.2.