Extracting user data from cloud of a MS personal account. Elcomsoft Phone Breaker has an intuitive and esay going interface. 2FA passed at the first attempt. EPR returns SMS, Calls, Skype, Notes, Web/History, Contacts, OneDrive/Vault, even Locations.

PS: I'm going to repeat this test a few more times. I didn't notice if it is previously shown the number of files or the volume of OneDrive/Vault before starting the acquistion. My bad. I chose not to collect OneDrive/Vault at first. 🏆

#DFIR #PericiaDigital #PeríciaForense

Daniel Avilla has just released a beta version of Signal-Forensics... "it is a tool to extract and decrypt the Signal App database" of the acquired phones.

https://github.com/AvillaDaniel/Signal-Forensics

#DFIR #DigitalForesnics #PericiaDigital #PericiaForense