iOS 13 (Beta) Forensics
iOS 13 is on the way. While the new mobile OS is still in beta, so far we have not discovered many revolutionary changes in the security department. At the same time, there are quite a few things forensic specialists will need to know about the new iteration of Apple’s mobile operating system. In this article, we’ll be discussing the changes and their meaning for the mobile forensics.
by Vladimir Katalov
👉 https://blog.elcomsoft.com/2019/07/ios-13-beta-forensics/
#iOS13 #iPhone #smartphone #forensics #backups #decryption #dfir #software #encryption
iOS 13 is on the way. While the new mobile OS is still in beta, so far we have not discovered many revolutionary changes in the security department. At the same time, there are quite a few things forensic specialists will need to know about the new iteration of Apple’s mobile operating system. In this article, we’ll be discussing the changes and their meaning for the mobile forensics.
by Vladimir Katalov
👉 https://blog.elcomsoft.com/2019/07/ios-13-beta-forensics/
#iOS13 #iPhone #smartphone #forensics #backups #decryption #dfir #software #encryption
Breaking and Securing Apple iCloud Accounts
The cloud becomes an ever more important (sometimes exclusive) source of the evidence whether you perform desktop or cloud forensics. Even if you are not in forensics, cloud access may help you access deleted or otherwise inaccessible data.
Let’s review all the possibilities of accessing Apple iCloud data with or without a password.
👉 https://blog.elcomsoft.com/2019/07/breaking-and-securing-apple-icloud-accounts/
#iCloud #iOS #forensocs #dfir #forensicsoftware #smartphone #encryption #2FA #toolkit #jailbreak #token #security #cloudsecurity #mobileforensics
The cloud becomes an ever more important (sometimes exclusive) source of the evidence whether you perform desktop or cloud forensics. Even if you are not in forensics, cloud access may help you access deleted or otherwise inaccessible data.
Let’s review all the possibilities of accessing Apple iCloud data with or without a password.
👉 https://blog.elcomsoft.com/2019/07/breaking-and-securing-apple-icloud-accounts/
#iCloud #iOS #forensocs #dfir #forensicsoftware #smartphone #encryption #2FA #toolkit #jailbreak #token #security #cloudsecurity #mobileforensics
Extended Mobile Forensics: Analyzing Desktop Computers
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and possibly will) help accessing information stored both in the physical smartphone and in the cloud. In this article we’ll list all relevant artefacts that can shed light to smartphone data.
👉 https://blog.elcomsoft.com/2019/07/extended-mobile-forensics-analyzing-desktop-computers/
#iphone #ios #mobileforensics #cloud #dfir #cloudexplorer #phone #smartphone #phonebreaker #icloud #password
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and possibly will) help accessing information stored both in the physical smartphone and in the cloud. In this article we’ll list all relevant artefacts that can shed light to smartphone data.
👉 https://blog.elcomsoft.com/2019/07/extended-mobile-forensics-analyzing-desktop-computers/
#iphone #ios #mobileforensics #cloud #dfir #cloudexplorer #phone #smartphone #phonebreaker #icloud #password
New Elcomsoft Cloud Explorer 2.20 fixes Google Photos support, boosts the number of data types available for acquisition, speeds up Photos downloading speed, switches from Google Maps to OpenStreetMap for showing you the user’s location history.
👉 https://www.elcomsoft.com/news/723.html
#google #security #cloud #smartphone #android #photo #locationhistory #maps #onestreetmap #download
👉 https://www.elcomsoft.com/news/723.html
#google #security #cloud #smartphone #android #photo #locationhistory #maps #onestreetmap #download
Apple vs. Law Enforcement: Cloud Forensics
Тoday’s smartphones collect overwhelming amounts of data about the user’s daily activities, like users’ location and number of steps they walked, pictures and videos they take and every message they send or receive. Let's see the types of data that Apple does and does not deliver when served with a government request or while processing the user’s privacy request.
👉 https://blog.elcomsoft.com/2020/01/apple-vs-law-enforcement-cloud-forensics/
By Oleg Afonin
#dfir #mobileforensics #iossecurity #icloud #apple #iphone #dataextraction #cloudsecurity #smartphone #data #privacy
Тoday’s smartphones collect overwhelming amounts of data about the user’s daily activities, like users’ location and number of steps they walked, pictures and videos they take and every message they send or receive. Let's see the types of data that Apple does and does not deliver when served with a government request or while processing the user’s privacy request.
👉 https://blog.elcomsoft.com/2020/01/apple-vs-law-enforcement-cloud-forensics/
By Oleg Afonin
#dfir #mobileforensics #iossecurity #icloud #apple #iphone #dataextraction #cloudsecurity #smartphone #data #privacy
The Worst Mistakes in iOS Forensics
What can possibly go wrong with that iPhone? I’ll have a look (oh, it’s locked!), then switch it off, eject the SIM card and pass it on to the expert. Well, you’ve just made three of the five most common mistakes making subsequent unlock and extraction attempts significantly more difficult. Learn about the most common mistakes and their consequences.
👉 https://blog.elcomsoft.com/2020/01/the-worst-mistakes-in-ios-forensics/
by Vladimir Katalov
#mistakes #mobileforensics #ios #apple #forensics #iossecurity #icloud #iphone #dataextraction #cloudsecurity #smartphone
What can possibly go wrong with that iPhone? I’ll have a look (oh, it’s locked!), then switch it off, eject the SIM card and pass it on to the expert. Well, you’ve just made three of the five most common mistakes making subsequent unlock and extraction attempts significantly more difficult. Learn about the most common mistakes and their consequences.
👉 https://blog.elcomsoft.com/2020/01/the-worst-mistakes-in-ios-forensics/
by Vladimir Katalov
#mistakes #mobileforensics #ios #apple #forensics #iossecurity #icloud #iphone #dataextraction #cloudsecurity #smartphone
Apple vs Law Enforcement: Cloudy Times
Apple is using point-to-point encryption to protect certain types of data. However, it has not always been that way. Apple security model changed year after year. This article reviews the timeline of Apple security changes over time. We’ll list the security measures and discuss whether the real purpose of these changes were the customers’ security and privacy, or throwing a monkey wrench into the work of the law enforcement.
We will also try to understand where iCloud security stands today, and how safe your data is against hackers and the law enforcement.
Are you a forensic professional? I think you’ll find this article handy.
👉 https://blog.elcomsoft.com/2020/02/apple-vs-law-enforcement-cloudy-times/
by Vladimir Katalov
#dfir #mobileforensics #iossecurity #icloud #apple #iphone #dataextraction #cloudsecurity #smartphone
Apple is using point-to-point encryption to protect certain types of data. However, it has not always been that way. Apple security model changed year after year. This article reviews the timeline of Apple security changes over time. We’ll list the security measures and discuss whether the real purpose of these changes were the customers’ security and privacy, or throwing a monkey wrench into the work of the law enforcement.
We will also try to understand where iCloud security stands today, and how safe your data is against hackers and the law enforcement.
Are you a forensic professional? I think you’ll find this article handy.
👉 https://blog.elcomsoft.com/2020/02/apple-vs-law-enforcement-cloudy-times/
by Vladimir Katalov
#dfir #mobileforensics #iossecurity #icloud #apple #iphone #dataextraction #cloudsecurity #smartphone
ElcomSoft Phone Breaker 9.50 fixes iCloud access, upgrades Home licenses to Pro
Elcomsoft Phone Breaker 9.50 fixes access to iCloud accounts protected with two-factor authentication, supports keychain data extracted with Cellebrite software, and enables the extraction of Apple Map data protected with end-to-end encryption. In addition, we deprecated the Home edition; existing non-expired licenses automatically upgraded to the Professional edition.
👉 https://www.elcomsoft.com/news/738.html
Download Elcomsooft Phone Breaker 9.50
#smartphone #iphone #icloud #keychain #messages #applehealth #screentime #maps #dataprotection #dataextraction #dataaccess
Elcomsoft Phone Breaker 9.50 fixes access to iCloud accounts protected with two-factor authentication, supports keychain data extracted with Cellebrite software, and enables the extraction of Apple Map data protected with end-to-end encryption. In addition, we deprecated the Home edition; existing non-expired licenses automatically upgraded to the Professional edition.
👉 https://www.elcomsoft.com/news/738.html
Download Elcomsooft Phone Breaker 9.50
#smartphone #iphone #icloud #keychain #messages #applehealth #screentime #maps #dataprotection #dataextraction #dataaccess
iOS acquisition methods compared: logical, full file system and iCloud
The iPhone is one of the most popular smartphone device. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more or less efforts. Some of these acquisition methods are based on undocumented exploits and public jailbreaks, while some other methods utilize published APIs to access information. In this article, we’ll compare the types and amounts of data one can extract from the same 256-GB iPhone 11 Pro Max using three different acquisition methods: advanced logical, full file system and iCloud extraction.
👉 https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
by Vladimir Katalov
#iOS #security #iphone #macOS #macbook #applewatch #ipad #smartphone #icloud #keychain #dataextraction #dataaccess #apple
The iPhone is one of the most popular smartphone device. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more or less efforts. Some of these acquisition methods are based on undocumented exploits and public jailbreaks, while some other methods utilize published APIs to access information. In this article, we’ll compare the types and amounts of data one can extract from the same 256-GB iPhone 11 Pro Max using three different acquisition methods: advanced logical, full file system and iCloud extraction.
👉 https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
by Vladimir Katalov
#iOS #security #iphone #macOS #macbook #applewatch #ipad #smartphone #icloud #keychain #dataextraction #dataaccess #apple
iOS Acquisition Reloaded
The new build of iOS Forensic Toolkit is out. This time around, most of the changes are “internal” and do not add much functionality, but there is a lot going on behind the scenes. In this article, we will describe in details what is new and important, and how it’s going to affect you. We’ll share some tips on how to use the software in the most effective way, making sure that you extract all the data from iOS devices in the most forensically sound possible.
👉 https://blog.elcomsoft.com/2020/05/ios-acquisition-reloaded/
#eift #iphone #ios #mobilesecurity #mobileforensics #dfir #itsecurity #smartphone #dataextraction #ElcomsoftAgent #decryption
The new build of iOS Forensic Toolkit is out. This time around, most of the changes are “internal” and do not add much functionality, but there is a lot going on behind the scenes. In this article, we will describe in details what is new and important, and how it’s going to affect you. We’ll share some tips on how to use the software in the most effective way, making sure that you extract all the data from iOS devices in the most forensically sound possible.
👉 https://blog.elcomsoft.com/2020/05/ios-acquisition-reloaded/
#eift #iphone #ios #mobilesecurity #mobileforensics #dfir #itsecurity #smartphone #dataextraction #ElcomsoftAgent #decryption
iOS Jailbreaks, SSH, and root Password
Modern jailbreaks, in addition to removing several iOS restrictions (for example, disabling signature verification, escalating privileges or bypassing the sandbox), allow obtaining low-level access to the device’s file system. This allows connecting to an iOS device via SSH and gaining almost unlimited access to the system. Some jailbreaks install an OpenSSH (or dropbear) server immediately as they are installed. If not, then SSH can be installed manually from the Cydia repository (OpenSSH package). In this article, I’ll discuss several issues related to SSH, including the following.
- How to understand if SSH is installed and working on the device?
- How to change the root password?
- How to reset the root password to its default value if one is unknown?
👉 https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
#mobileforensics #ios #iphone #smartphone #jailbreak #password #ssh
Modern jailbreaks, in addition to removing several iOS restrictions (for example, disabling signature verification, escalating privileges or bypassing the sandbox), allow obtaining low-level access to the device’s file system. This allows connecting to an iOS device via SSH and gaining almost unlimited access to the system. Some jailbreaks install an OpenSSH (or dropbear) server immediately as they are installed. If not, then SSH can be installed manually from the Cydia repository (OpenSSH package). In this article, I’ll discuss several issues related to SSH, including the following.
- How to understand if SSH is installed and working on the device?
- How to change the root password?
- How to reset the root password to its default value if one is unknown?
👉 https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
#mobileforensics #ios #iphone #smartphone #jailbreak #password #ssh
checkra1n & unc0ver: How Would You Like to Jailbreak Today?
Extracting the fullest amount of information from the iPhone, which includes a file system image and decrypted keychain records, often requires installing a jailbreak. Even though forensically sound acquisition methods that work without jailbreaking do exist, they may not be available depending on the tools you use. A particular combination of iOS hardware and software may also render those tools ineffective, requiring a fallback to jailbreak. Today, the two most popular and most reliable jailbreaks are checkra1n and unc0ver. How do they fare against each other, and when would you want to use each?
👉 https://blog.elcomsoft.com/2020/06/checkra1n-unc0ver-jailbreak-today/
#checkra1n #unc0ver #jailbreak #smartphone #mobileforensics #iOS #iPhone
Extracting the fullest amount of information from the iPhone, which includes a file system image and decrypted keychain records, often requires installing a jailbreak. Even though forensically sound acquisition methods that work without jailbreaking do exist, they may not be available depending on the tools you use. A particular combination of iOS hardware and software may also render those tools ineffective, requiring a fallback to jailbreak. Today, the two most popular and most reliable jailbreaks are checkra1n and unc0ver. How do they fare against each other, and when would you want to use each?
👉 https://blog.elcomsoft.com/2020/06/checkra1n-unc0ver-jailbreak-today/
#checkra1n #unc0ver #jailbreak #smartphone #mobileforensics #iOS #iPhone
Researching Confide Messenger Encryption
iPhone users have access to literally hundreds of instant messaging apps. These apps range all the way from the built-in iMessage app to the highly secure Signal messengers, with all stops in between. Many of the messaging apps are marketed as ‘secure’ or ‘protected’ messengers, touting end-to-end encryption and zero retention policies. We routinely verify such claims by analyzing the security of various instant messaging apps. It turned out that the degree of protection can vary greatly, having little to do with the developers’ claims. Today we’ll check out Confide, a tool advertising unprecedented level of security.
👉 https://blog.elcomsoft.com/2020/06/researching-confide-messenger-encryption/
#confide #cybersec #mobileforensics #dfir #smartphone #iphone #messenger #datasecurity
iPhone users have access to literally hundreds of instant messaging apps. These apps range all the way from the built-in iMessage app to the highly secure Signal messengers, with all stops in between. Many of the messaging apps are marketed as ‘secure’ or ‘protected’ messengers, touting end-to-end encryption and zero retention policies. We routinely verify such claims by analyzing the security of various instant messaging apps. It turned out that the degree of protection can vary greatly, having little to do with the developers’ claims. Today we’ll check out Confide, a tool advertising unprecedented level of security.
👉 https://blog.elcomsoft.com/2020/06/researching-confide-messenger-encryption/
#confide #cybersec #mobileforensics #dfir #smartphone #iphone #messenger #datasecurity
Apple Two-Factor Authentication: SMS vs. Trusted Devices
Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords make password protection unsafe. Adding “something that you have” to “something that you know” improves the security considerably, having the potential of cutting a chain attack early even in worst case scenarios. However, not all types of two-factor authentication are equally secure.
Let’s talk about the most commonly used type of two-factor authentication: the one based on text messages (SMS) delivered to a trusted phone number.
👉 https://blog.elcomsoft.com/2020/06/apple-two-factor-authentication-sms-vs-trusted-devices/
#2fa #itsecurity #cybersecurity #authentication #clouds #mobilesecurity #smartphone
Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords make password protection unsafe. Adding “something that you have” to “something that you know” improves the security considerably, having the potential of cutting a chain attack early even in worst case scenarios. However, not all types of two-factor authentication are equally secure.
Let’s talk about the most commonly used type of two-factor authentication: the one based on text messages (SMS) delivered to a trusted phone number.
👉 https://blog.elcomsoft.com/2020/06/apple-two-factor-authentication-sms-vs-trusted-devices/
#2fa #itsecurity #cybersecurity #authentication #clouds #mobilesecurity #smartphone
Demystifying iOS Data Security
Today, James Duffy, a security researcher and developer, is our guest in Elcomsoft Blog.
“Recently I’ve been sent over a few questions from members of the community, such as “Why can’t we decrypt the data from a disabled iPhone over SSH if we know the passcode?” and “I tried to SCP a file from the device to the Mac, but getting permission errors”. Today I’m going to answer these questions in a Q&A format for you all so hopefully we can shed some light on how this works! The article is aimed to be accessible for everybody, including beginners and non-technical users. Without further ado…”
👉 https://blog.elcomsoft.com/2020/06/demystifying-ios-data-security/
#ios #iphone #mobilesecurity #mobileforensics #cybersec #smartphone #encryption
Today, James Duffy, a security researcher and developer, is our guest in Elcomsoft Blog.
“Recently I’ve been sent over a few questions from members of the community, such as “Why can’t we decrypt the data from a disabled iPhone over SSH if we know the passcode?” and “I tried to SCP a file from the device to the Mac, but getting permission errors”. Today I’m going to answer these questions in a Q&A format for you all so hopefully we can shed some light on how this works! The article is aimed to be accessible for everybody, including beginners and non-technical users. Without further ado…”
👉 https://blog.elcomsoft.com/2020/06/demystifying-ios-data-security/
#ios #iphone #mobilesecurity #mobileforensics #cybersec #smartphone #encryption
Downloading iOS 13 and iOS 14 iCloud Backups
The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.
👉https://blog.elcomsoft.com/2020/07/downloading-ios-13-and-ios-14-icloud-backups/
#iOS14 #iOS13 #iphone #smartphone #icloud #dataetraction #cloudsecurity #mobileforensics
The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.
👉https://blog.elcomsoft.com/2020/07/downloading-ios-13-and-ios-14-icloud-backups/
#iOS14 #iOS13 #iphone #smartphone #icloud #dataetraction #cloudsecurity #mobileforensics