Notizie da Elcomsoft


  • 07/06/2018

Elcomsoft Phone Viewer receives a major update, adding the ability to process and view TAR files produced in the course of physical acquisition with Elcomsoft iOS Forensic Toolkit. In addition, EPV 3.70 adds support for aggregated location data.

Elcomsoft Phone Viewer 3.70 is a major update over all previous versions of the tool. In this update, we’ve added support for the TAR images that are saved as the result of physical acquisition performed with Elcomsoft iOS Forensic Toolkit and other forensic tools such as GrayKey. In addition to viewing TAR images, Elcomsoft Phone Viewer 3.70 adds an aggregated view for location data extracted from multiple sources.

Viewing iOS Forensic Toolkit TAR Files

Since the introduction of the iPhone 5s, Apple’s first 64-bit iPhone, physical acquisition has never been the same. For all iPhone and iPad devices equipped with Apple’s 64-bit processors, physical acquisition is exclusively available via file system imaging. The imaging is performed on the device itself in order to bypass full-disk encryption. Regardless of the tool performing physical acquisition, the result of these efforts is always a TAR archive containing an image of the device’s file system. Elcomsoft iOS Forensic Toolkit produces TAR files as the result of the “T” (Tarball) command.

Up until now, most tools available for analysing information inside these TAR images were integral parts of fully-featured forensic toolkits. Your options would be limited to either time-consuming and labour-intensive manual analysis requiring a high level of expertise, or a highly sophisticated and complex forensic suite, with nothing in between. Elcomsoft Phone Viewer 3.70 offers the lightweight and convenient third option, enabling fast and easy analysis of evidence found in the results of physical acquisition.

Aggregated Location Data

Elcomsoft Phone Viewer 3.70 brings location analysis to a whole new level, adding a new aggregated view to help experts analyse the user’s location history based on evidence extracted from multiple sources. The current release extracts and aggregates location information from all of the following sources:

  • Frequent/significant locations
  • Locations cache (3G/LTE/Wi-Fi connections)
  • Apple Maps
  • Google Maps
  • EXIF in media files
  • Calendar events
  • The UBER app

By accessing location data gathered from such a wide range of sources, experts are no longer limited to evidence collected from just the location logs. Some sources are only available with physical extraction (TAR files), and some data may be limited when analyzing backups. The number of supported sources of location data will be growing in future releases of Elcomsoft Phone Viewer.

Get more information on Elcomsoft Mobile Forensic Bundle:
https://www.elcomsoft.it/emfb.html

Get more information on Elcomsoft Phone Viewer and download free trial version:
https://www.elcomsoft.it/epv.html

Read a press release:
https://www.elcomsoft.it/PR/epv_180607_en.pdf

Read our blog post: The iOS File System: TAR and Aggregated Locations Analysis