ElcomSoft Co. Ltd. releases Elcomsoft iOS Forensic Toolkit 8.0, a major update to the company’s mobile forensic extraction tool for Apple devices. The new release delivers repeatable, verifiable, and truly forensically sound checkm8 extraction for a wide range of Apple devices and features a refreshed command-line driven user interface. In addition, the complete passcode unlock is available for select legacy Apple devices.
At this time, a Mac edition of the tool is released, with Linux and Windows editions coming soon.
Advanced checkm8-based extraction process
Elcomsoft iOS Forensic Toolkit 8.0 for Mac introduces a new forensically sound extraction workflow based on a bootloader exploit. The new checkm8-based extraction process enables the most complete extraction experience, pulling all keychain records regardless of the protection class and extracting the entire content of the file system including application sandboxes, chat sessions in secure messaging apps, and a lot of low-level system data that is never included in local or cloud backups.
The new extraction method is the cleanest yet, with no changes made to the device storage. The newly developed extraction process is developed from the ground up, with all steps of the process performed completely in the device’s volatile memory. The operating system installed on the device and the data partition are untouched, and the originally installed OS is not started during the boot process.
ElcomSoft’s checkm8-based solution supports several generations of iOS compatible with supported hardware up to and including iOS 15.7 with limited iOS 16 support. In addition, the extraction process supports all compatible tvOS and watchOS installed on supported Apple Watch and Apple TV models.
The new, forensically sound workflow with 100% of the patching occurring in the device RAM enables repeatable, verifiable extractions. For 64-bit devices with unknown screen lock passwords a limited BFU (Before First Unlock) extraction is available, while USB restrictions can be completely bypassed. For 32-bit legacy devices the complete passcode unlock experience is available.
New user experience
iOS Forensic Toolkit 8.0 brings a new, advanced user experience built around the command line. The use of the command line enables full control over every step of the extraction workflow, allowing experts to stay in control of every step of the process. Thanks to the command line, experts can also build their own scripts to automate their specific routines.
Elcomsoft iOS Forensic Toolkit 8.0 for Mac delivers forensically sound checkm8 extraction to 76 Apple devices ranging from the iPhone 4 to the iPhone X, a large number of iPad, iPod Touch, Apple Watch, and Apple TV models. The newly developed extraction process supports a range of major OS releases ranging from iOS 7 through iOS 15.7 in three different flavors (iOS, tvOS, watchOS) for three different architectures (arm64, armv7, armv7k).
For devices based on the armv7 and armv7k architecture full passcode unlock along with file system extraction and keychain decryption are available. For newer arm64-based devices, full file system extraction and keychain decryption are supported for devices with a known or empty passcode. Finally, the latest supported range including the iPhone 8, 8 Plus and iPhone X requires removing the passcode prior to extraction.
With this update, Elcomsoft iOS Forensic Toolkit becomes the most advanced iOS acquisition tool on the market. The toolkit now supports all possible acquisition methods including advanced logical, agent-based and checkm8-based low-level extraction.
About Elcomsoft iOS Forensic Toolkit
Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, conversations carried over all instant messaging apps, including the most secure ones such as Signal, Wickr, and Telegram, as well as all application-specific data saved in the device.
About ElcomSoft Co. Ltd.
Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certified Partner, and Intel Software Premier Elite Partner. For more information about Elcomsoft iOS Forensic Toolkit visit https://www.elcomsoft.com/eift.html
Praha 5, Zličín,
Czech Republic, PSČ 155 21
Formularz opinii z oficjalnymi przedstawicielami Elcomsoft.