-
The 16 Billion Passwords Panic: What Really Happened and Why It Matters (Or Doesn’t)
In June 2025, headlines shouted that 16 billion passwords had leaked. Major outlets warned that credentials for Apple, Google, and other platforms were now exposed. As expected, this triggered a wave of public anxiety and standard advice: change your passwords immediately. Upon closer examination, however, technical sources clarified the situation. This was not a new…
-
OpenCTF : Nightmare 50
Category: Web Points: 50 Description: Automated home work scoring my ass. https://shades-of-nightmare.openctf.com/nzpoixyucvkjwnerntasdfascdvasdfqwerqwe/nightmare-50/ When connecting to this website in my browser, I receive the following prompt: Welcome to Doctor Professor Wilson’s Python 101! Lesson 1: hello world Enter homework for grading: So it looks like this will execute the Python code you provide. So I test…
-
OpenCTF : SQL 10
Category: Web Points: 10 Description: https://sql-mayham.openctf.com/ziopxuoiwquyerhnszpasdyvzlkxcjlwerqwer/sql-10/ When 1 is entered it returns the following row: Enter a badge number to view that officers file:1 (1, ‘bob’, ‘simmons’, ‘none’) Performing a basic sql injection we got the same row back but no error. The server only returns 1 row Enter a badge number to view that…
-
What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks…
-
iOS Extraction Tip: Why Start with Recovery Mode?
When performing forensic tasks on Apple devices, the order in which you enter device modes can make a big difference. While DFU mode is necessary for certain extractions, especially using checkm8, going straight into DFU might not be your best option. Starting with Recovery Mode offers several advantages that make it a safer, faster approach.…
-
The Linux Edition Goes Live
Acquiring data from iOS devices can be a complex task, particularly when performing bootloader-based extractions leveraging the checkm8 exploit. Traditionally, these extractions required access to a macOS computer. However, the Linux edition of iOS Forensic Toolkit offers a practical and efficient solution for forensic investigators who may not have macOS readily available. With minimal functional…
-
Breaking into the Ecosystem: How One Weak Link Can Unlock a Secure Device
A forensic examiner receives a locked smartphone – a recent-model iPhone, encrypted and secured with an unknown passcode. No tool works, checkm8 long obsolete, USB port locked. Is this a dead end? Not quite. iPhones don’t operate in isolation. They’re part of a digital ecosystem, and ecosystems often have weak points. This article explores how…
-
iOS Forensic Toolkit Now Supports All Models of Apple Watch
We’ve released an important update to iOS Forensic Toolkit: the Toolkit expands logical acquisition to all newer models of Apple Watch starting from Apple Watch Series 6 (with a wired third-party adapter), Apple Watch Series 7 through 10, SE2, Ultra, and Ultra 2 (via a special wireless adapter). With this update, the Toolkit supports the…
-
Microsoft Goes Passwordless: Forensic Implications of Passwordless Microsoft Accounts
Microsoft has officially announced that newly created Microsoft Accounts will now be passwordless by default for “simpler, safer sign-ins”. This change extends the direction set by Windows 11, where traditional passwords have been gradually phased out in favor of more secure and user-friendly authentication methods – such as PIN codes, biometrics, and passkeys. In this…
-
Forensic Implications of BitLocker-by-Default in Windows 11 24H2
The Windows 11 24H2 update introduced a change in Microsoft’s approach to disk encryption, a shift that will have long lasting implications on digital forensics. In this release, BitLocker encryption is automatically enabled on most modern hardware when installing Windows when a Microsoft Account (MSA) is used during setup. Encryption starts seamlessly and silently in…