Don’t Be a Louvre: How Weak Passwords and Unpatched Software Encourage Breaches 文章揭示了卢浮宫失窃案中因使用默认密码和过时系统导致的安全漏洞，并通过多个案例说明弱密码和未更新软件带来的严重风险。文章强调需加强多因素认证、及时更新系统并避免使用默认密码，并指出多国已通过立法要求设备制造商提供更安全的认证方式。... 2025-11-10 13:19:40 | 阅读: 17 | 收藏 | ElcomSoft blog - blog.elcomsoft.com passwords security attackers software

Exploring iPadOS, tvOS and audioOS 17 and 18 Devices: File System and Keychain Extraction read file error: read notes: is a directory... 2025-11-6 08:59:46 | 阅读: 10 | 收藏 | ElcomSoft blog - blog.elcomsoft.com checkm8 keychain bootrom eift hardware

All USB Cables Are Equal, But Some Are More Equal Than Others 文章讨论了通过 USB-C 到 USB-A 线缆进行磁盘成像时的速度问题。由于市场上大多数线缆无法在所有情况下达到全速，影响因素包括连接方式、适配器芯片组、协议类型及 USB-C 接口方向。测试显示不同线缆表现差异显著，推荐几款优质线缆，并建议避免使用 USB 集线器以确保最佳性能。... 2025-10-17 07:49:18 | 阅读: 16 | 收藏 | ElcomSoft blog - blog.elcomsoft.com cable gbit cables speeds imaging

Effective Disk Imaging: Ports, Hubs, and Power read file error: read notes: is a directory... 2025-10-14 11:10:39 | 阅读: 92 | 收藏 | ElcomSoft blog - blog.elcomsoft.com nvme adapter cables imaging gbit

Extracting Apple Unified Logs iOS Forensic Toolkit最新版本支持直接从iPhone或iPad提取Apple Unified Logs，提供长达数周甚至数年的系统活动记录，相比手动生成的sysdiagnose日志更具取证价值。... 2025-10-13 07:59:18 | 阅读: 131 | 收藏 | ElcomSoft blog - blog.elcomsoft.com logarchive unified devicelogs analysis sysdiagnose

Cheat Sheet: Perfect Acquisition (32-bit) read file error: read notes: is a directory... 2025-10-13 07:57:37 | 阅读: 134 | 收藏 | ElcomSoft blog - blog.elcomsoft.com dmg eift passcode bfu fstool

Evidence Preservation: Why iPhone Data Can Expire iPhone在扣押后重新检查时可能丢失部分数据，原因是设备启动和解锁后系统后台任务会清理旧记录。受影响的数据包括删除的照片、iMessage消息、Safari历史记录等。这些数据通常保留约30天，但具体时间可能因iOS版本和设备状态而异。为保存这些易失性数据，建议尽快进行提取，并避免频繁启动设备。... 2025-10-9 11:11:44 | 阅读: 8 | 收藏 | ElcomSoft blog - blog.elcomsoft.com retention preserve sysdiagnose artifacts backup

AI in Digital Forensics: a Tool, not an Oracle read file error: read notes: is a directory... 2025-10-3 07:38:49 | 阅读: 10 | 收藏 | ElcomSoft blog - blog.elcomsoft.com examiner machine judgment slang

Breaking into Password Managers: from Bitwarden to Zoho Vault read file error: read notes: is a directory... 2025-9-30 07:59:32 | 阅读: 28 | 收藏 | ElcomSoft blog - blog.elcomsoft.com passwords userprofile windows bitwarden enpass

iPhone 17: the End of PWM Flickering? iPhone 17系列采用OLED面板，因PWM技术导致低光下频闪问题。苹果新增DC调光选项（“显示脉冲平滑”），可减少频闪但影响颜色准确性。该功能与“减少白点”互斥，并可能引发鬼影现象。... 2025-9-29 09:28:28 | 阅读: 11 | 收藏 | ElcomSoft blog - blog.elcomsoft.com brightness pwm flickering dimming pulse

Apple Face ID: Security Implications and Potential Vulnerabilities read file error: read notes: is a directory... 2025-9-23 16:47:46 | 阅读: 14 | 收藏 | ElcomSoft blog - blog.elcomsoft.com implication liveness faces biometric

Analyzing the Windows SRUM Database Windows系统中隐藏的SRUM数据库（System Resource Usage Monitor）记录了过去30天的应用使用和网络活动信息，是取证调查的重要数据源。该数据库位于%WinDir%\System32\sru\SRUDB.dat中，采用ESE格式存储。它详细记录了应用启动时间、网络连接详情（包括IP地址和端口）等信息，并可通过专用工具如srum-dump或Elcomsoft System Recovery提取分析。... 2025-8-15 07:59:34 | 阅读: 21 | 收藏 | ElcomSoft blog - blog.elcomsoft.com srum database windows network

Perfect Acquisition Part 5: Perfect APFS Acquisition read file error: read notes: is a directory... 2025-7-21 11:56:52 | 阅读: 10 | 收藏 | ElcomSoft blog - blog.elcomsoft.com apfs acquisition eift passcode s0

Issues Affecting Forensic Disk Imaging read file error: read notes: is a directory... 2025-7-10 12:33:6 | 阅读: 12 | 收藏 | ElcomSoft blog - blog.elcomsoft.com imaging drives hardware matters blockers

AI-Driven Password Recovery: Myth or Reality? 人工智能在密码破解中的应用虽有潜力，但受限于数据质量、缺乏个性化和文化差异等因素，在实际应用中效果不佳。未来需结合用户特定信息进行深度定制化开发。... 2025-7-8 09:38:43 | 阅读: 18 | 收藏 | ElcomSoft blog - blog.elcomsoft.com passwords trained rates llms encryption

Installing and Troubleshooting the Extraction Agent (2025) 本文介绍了iOS Forensic Toolkit提取代理的功能、安装步骤及故障排除方法。提取代理是一款轻量级iOS应用，通过利用已知漏洞提升权限并访问文件系统和密钥链。文章整合了最新的安装指南，并提供了常见问题解决方案及注意事项。... 2025-7-2 14:26:31 | 阅读: 21 | 收藏 | ElcomSoft blog - blog.elcomsoft.com developer sideloading keychain eift

Extracting and Analyzing Apple Unified Logs read file error: read notes: is a directory... 2025-6-27 12:15:39 | 阅读: 21 | 收藏 | ElcomSoft blog - blog.elcomsoft.com unified sysdiagnose artifacts ileapp adapter

The 16 Billion Passwords Panic: What Really Happened and Why It Matters (Or Doesn’t) read file error: read notes: is a directory... 2025-6-23 18:34:47 | 阅读: 16 | 收藏 | ElcomSoft blog - blog.elcomsoft.com passwords dates mutation wordlists habits

Apple Ecosystem: Overlooked Devices 苹果生态系统中的设备（如Apple Watch、Apple TV、HomePod和iPod Touch）可能存储有价值的数据（如活动日志、Wi-Fi密码、照片等），但提取难度因设备和型号而异。部分设备支持低级访问（如checkm8漏洞），而 newer设备仅限逻辑提取或无法访问。是否值得分析取决于数据对调查的价值。... 2025-6-18 14:35:11 | 阅读: 9 | 收藏 | ElcomSoft blog - blog.elcomsoft.com checkm8 passcode keychain passwords synced

What TRIM, DRAT, and DZAT Really Mean for SSD Forensics 文章探讨了TRIM命令对SSD数据恢复的影响。TRIM由操作系统发出，通知SSD释放不再使用的存储块。现代SSD通常支持DRAT或DZAT模式，在TRIM后返回一致的结果（如零），这使数据难以通过常规方法恢复。法证专家需了解SSD行为及TRIM模式以确保数据完整性。... 2025-6-2 12:55:0 | 阅读: 21 | 收藏 | ElcomSoft blog - blog.elcomsoft.com trim ssds raid dzat sdx