Apple Watch S0 forensics: cracking the passcode, full physical acquisition #dfir.

We previously tested disk imaging speeds using high-performance storage devices. But raw speed is only part of the equation. In this article, we explore the key reasons why both speed and accuracy can fall short during disk imaging. #dfir.

Can AI help with password cracking? The idea sounds promising: use LLMs to produce rules and templates for guessing highly probable password variants, prioritizing the most likely ones first. But in practice, things aren’t so straightforward. #dfir.

Apple’s unified logging system offers a wealth of information for forensic investigators analyzing iOS, iPadOS, watchOS, tvOS devices. This article explores the content, availability, and forensic value of these logs #dfir.

The 16 Billion Passwords Panic: What Really Happened and Why It Matters (Or Doesn’t) #dfir.

Apple Ecosystem: Overlooked Devices.#dfir.

If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to HDD drives

Why Every Digital Forensics Lab Needs a Good USB Hub #dfir.

With minimal functional differences between Mac, Windows & Linux editions, the new, bootable Live Linux version of iOS Forensic Toolkit allows for seamless bootloader-level extractions, booting from an external device and utilizing all the necessary tools

A forensic examiner receives a locked smartphone – a recent-model iPhone, encrypted and secured with an unknown passcode. No tool works, checkm8 long obsolete, USB port locked. Is this a dead end? Not quite. iPhones don’t operate in isolation. #dfir.

In Elcomsoft iOS Forensic Toolkit 8.70, we introduce a critical improvement: you can now sideload and launch the extraction agent completely offline using any Apple Developer account – regardless of when it was created.

We’ve released an important update to iOS Forensic Toolkit: the Toolkit now supports logical extraction from Apple Watch Series 7 through 10, SE2, Ultra, and Ultra 2 (via a special wireless adapter). #dfir.

Microsoft Goes Passwordless: Forensic Implications of Passwordless Microsoft Accounts #dfir.

NVIDIA GeForce RTX 5090 Power Connectors Melting Again

Apple Disables Advanced Data Protection for iCloud in UK #dfir.

The Evolution of iOS Passcode Security

Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units. #dfir #passwords.

When Speed Matters: Imaging Fast NVMe Drives #dfir // thanks to @OSForensics.

Outlook Forensic Toolbox Helps Access Deleted Messages #dfir.

When Speed Matters: Optimizing Disk Imaging #dfir // Many thanks to @OSForensics !.