Elcomsoft Password Recovery & Data Decryption

This class is offered in partnership with Elcomsoft, Russia’s leading password recovery, data decryption and mobile forensics service providers.

In this 5-day Password Recovery and Data Decryption for Mobile Forensics Course, students will develop an in-depth knowledge of password protection and data encryption techniques used in mobile forensics. The attendees will further master modern technologies for password recovery, mobile forensics, data extraction and decryption.

In Part 1 of this course students are led through the fundamentals of Mobile Forensics including; an overview of common platforms, operating systems, workflow, logical acquisition, physical acquisition, and cloud based acquisition.

In Part 2 students will be instructed in the fundamentals of Encryption, Data Protection, and Passwords, including; brute force, smart attacks, dictionary attacks, how to avoid lengthy attacks, and much more.

Attendees who successfully pass the class assignments will be given a certificate of completion.


Who can take this course?

This training course has been designed for digital forensic investigators, law enforcement personnel, e-discovery, and IT security specialists looking to further develop their mobile forensic skill sets to encompass password recovery and data encryption.

2.1. Encryption, Hashing & Password Protection

  • Do you need that password?
    • 40-bit PDF encryption
    • Legacy Microsoft Office formats, Rainbow Tables and Thunder Tables
    • QuickBooks, Quicken documents, MS SQL Server
    • User account passwords
  • Instant recovery or extraction
    • Obtaining cached passwords and browser forms
    • Obtaining or intercepting POP3 and IMAP passwords
    • Building a custom dictionary
  • If you have to brute force
    • Limiting the number of passwords to try
    • Increasing recovery speed with hardware acceleration

  • Password length and smart attacks
    • Estimating the time to complete the job
    • Estimating resources required to break the password in reasonable timeframe
    • Factors affecting attack speeds:
      • password length
      • password complexity
      • data format
      • hardware
  • Dictionary attacks
    • How to use mutations
  • How to avoid lengthy attacks
    • Extracting user passwords to speed up brute-force attacks
    • Password reuse: gathering the low hanging fruit
    • Using passwords from online leaks
    • The Ten Thousand Passwords list
    • The One Million Passwords list
  • Setting up attack pipeline in Elcomsoft Distributed Password Recovery


All attendees are invited to do a practical exercise on mobile forensics. Using a proper workflow for seizing and storing mobile devices to preserve evidence, and using all available acquisition steps in the right order are essential parts of the training.

Attendees will be using the skills and knowledge acquired during the training to perform acquisition of a given iPhone device. Attendees who successfully pass the assignments will be awarded a certificate.

About the Instructors

Oleg Afonin is a researcher and an expert in digital forensics. He is a frequent speaker at industry-known conferences such as CEIC, HTCIA, FT-Day, Techno Forensics and others. Oleg co-authored multiple publications on IT security and mobile forensics. With years of experience in digital forensics and security domain, Oleg led forensic training courses for law enforcement departments in multiple countries.

Vladimir Katalov is CEO, co-founder and co-owner of ElcomSoft Co.Ltd. Vladimir manages all technical research and product development in the company. He regularly presents on various events and runs security and computer forensics training both for foreign and inner (Russian) computer investigative committees and other law enforcement organizations.

Upcoming Courses