Sharpen your skills with free expert-built resources.

Our free guides and e-books are created by investigators for investigators. Dive into mobile forensics, database artifacts, backup analysis, and more.

Free guides & e-books

free guide
Tablet showing cover of free forensic guide on GPT disk partitioning with coffee cup

Forensic Guide to GPT Partitioning

Understand what your tools miss. This three-part forensic guide takes you deep into GPT-partitioned disks, showing you how to manually interpret the Protective MBR, GPT Header, and Partition Entry Array.

You’ll learn to:
• Identify and explain GPT structures in hex
• Recover partitions manually — even when tools fail
• Understand CRCs, disk layouts, and backup headers
• Validate findings and explain them clearly in court or reports
• Get CTF-ready with practical walkthroughs

Based on real forensic workflows and written for hands-on professionals, this guide helps you move from surface-level analysis to deep technical insight. Ideal for digital forensic investigators, lab analysts, and anyone working with modern storage.

Download the Guide
free guide
Forensic guide on decrypting locked Apple Notes displayed on iPad with MacBook and Apple Pencil

Decrypt Locked Apple Notes on iOS 16.x. Step-by-Step Workflow.

This guide provides a practical walkthrough for forensic analysts dealing with encrypted Apple Notes in iOS 16.x. It focuses on identifying and decrypting locked notes stored in the NoteStore.sqlite database extracted from iOS backups.

You'll learn how to:
• Locate locked note entries and retrieve associated metadata from the ZICCLOUDSYNCINGOBJECT table • Extract the password hash from the database and use Hashcat (mode 16200) to crack the passcode • Reconstruct the AES key using CyberChef or a Python script
• Decrypt and decompress note content using AES-GCM, including protobuf parsing for clean output The process relies on publicly available tools and is tailored to help investigators verify note integrity or recover protected content as part of broader mobile forensic work. This guide is especially helpful if you’re working with app data, encrypted SQLite files, or need to validate tool output manually.

Download the Guide
stay updated

Stay in the loop. Sign up for our monthly newsletter.

Be the first to hear about new training opportunities, free tools, case-based blog posts, and practical insights. Our monthly newsletter is built to help you learn faster, solve cases smarter, and keep up in a field that never stands still.

Fill in your email to sign up.

Excellence in Digital Forensics Training and Consulting
Instagram Twitter Youtube
Useful Pages
Services
Copyright © 2025 elusivedata.io, All rights reserved.