23 April, 2020

Cloud Forensics: Extracting Evidence from Apple and Google Accounts

In this webinar, you'll learn about cloud acquisition of Apple and Google accounts, what data can be extracted from the cloud during a forensic investigation and how. Тoday, cloud acquisition in most cases returns overwhelmingly more data than other data acquisition methods. Apple and Google accounts store media files like photos, videos, screenshots in iCloud Photo Library or Google Photos, passwords in iCloud Keychain, location data in Apple Map or Google Maps, various documents in iCloud Drive or Google Drive, mails and messages and a lot more. Dedicated forensic tools help investigators, examiners and security officers perform cloud forensics with ease and expertise.

Video

5 March, 2020

Data acquisition from iOS devices. New approaches and possibilities.

Extracting evidence from a seized iPhone: Using the latest exploits and innovative methods. Collecting data from latest iOS devices without jailbreaking them is possible. The new approach uses an extraction agent that installs onto iOS device. Compared with the traditional mobile forensic method using jailbreak, the use of agent allows us to perform the full file system extraction and decrypt the keychain without the risks and footprint associated with third-party jailbreaks. Details in the presentation.

PDF

29 January, 2020

Health and Activity Evidence

Fitbit and other health trackers: obtaining important evidence you probably did not think about. Find out how smartphones and trackers collect and store health data, and how to obtain health information.

PDF

1 December, 2019

Breaking Health Clouds

The amount of data collected by health trackers is amazing: from step count and heart rate to running and walking distances with exact timestamps and lots of geolocation data. Some of it goes directly to Apple Health and then to Apple iCloud, while other manufacturers (Samsung or FitBit) keep data in their own clouds. Something goes to Google Fit. Apart from privacy issues, think of how much data can serve as essential evidence during investigations.

PDF

13 November, 2019

Software and Technologies: Password Cracking and Encrypted Data Access, Mobile Forensics, Cloud Forensics

Our digital forensic solutions enable experts to gain access to password-protected, locked and encrypted information contained in a range of mobile devices and cloud services, stored in crypto containers or encrypted archives. The company’s parented hardware-accelerated products can break passwords protecting files in a variety of formats, including encryption used in BitLocker, FileVault 2, PGP Disk and TrueCrypt successors' containers.

PDF

6 November, 2019

The iPhone's Forensic Workflow: The Steps to Access Critical Evidence

Latest version of Apple’s mobile operating system actively resist forensic efforts by disabling the less secure biometric identification (Touch ID or Face ID) and blocking USB connectivity after a short period of time. Many of these restrictions can be effectively bypassed with proper timing and the right technique.

PDF

13 June, 2019

Accessing Apple and Google cloud accounts to get real-time evidence: from passwords to conversations, from locations to documents.

Smartphones become more secure with every new model and software update. At the same time, users learn more about security and protect their devices at the highest possible level, so even traditional logical acquisition is often not possible. Cloud acquisition comes to the rescue – in many cases you can get even more than from the device itself.

PDF

22 May, 2019

Forensic Implications of iPhone Jailbreaking

In this presentation we address USB restricted mode, talk about using existing pairing records to extract locked devices, and discuss physical acquisition via jailbreaking.

PDF

4 May, 2019

Forensic Analysis of Crypto-Containers. TrueCrypt, VeraCrypt, PGP disk, Bitlocker, FileVault

Using crypto containers is a very popular method to protect critical and private data on personal computers. In this presentation we talk about types of crypto containers, encryption algorithms, weaknesses and vulnerabilities. Elcomsoft provides a set of tools to get data from different encrypted containers. Instantly, in some cases.

PDF

26 April, 2019

Apple Watch Forensics: is it ever possible, and what is the profit?

What kind of data can be extracted from Apple Watch? There are basically three main methods of extracting the acquisition of the data from the mobile devices: physical, logical, and cloud. But for the Apple Watch, there are actually some differences. There are basically three main methods of extracting the acquisition of the data from the mobile devices: physical, logical, and cloud. But for the Apple Watch, there are actually some differences.

PDF