![]() ![]() ProtonMail claims to encrypt all emails with asymmetric open source PGP scheme. We provide a Python Notebook containing all the code to extract, decrypt and export ProtonMail messages. Full filesystem and Keychain dump are mandatory to decrypt messages and thus a checkm8 vulnerable device or access to specialized tools such as Cellebrite or GrayKey. TL DR: ProtonMail local storage is as good as the device protection and the user additional protections optionally enforced. So let’s dive into its iOS mobile app we recently had to process in a drug smuggling context. Commercial or other open source tools such as Cellebrite or Axiom are currently not recovering data from ProtonMail. As forensic examiners, we need to extract data, especially encrypted ones, to help discover the truth. ProtonMail is a full PGP end-to-end encrypted email provider who is claiming privacy, anonymity and security. ProtonMail : forensic decryption of iOS App
0 Comments
Leave a Reply. |