20 February, 2020

Elcomsoft Delivers Forensically Sound iPhone Extraction without a Jailbreak

ElcomSoft Co. Ltd. updates Elcomsoft iOS Forensic Toolkit, the company’s mobile forensic tool for extracting data from a range of Apple devices. Version 5.30 adds the ability to perform full file system extraction with keychain decryption without the need to install a jailbreak. The new acquisition method works for all Apple devices ranging from the iPhone 5s all the way up to the iPhone Xr, Xs and Xs Max running iOS 11 and 12 (except iOS 12.3, 12.3.1 and 12.4.1).

About Jailbreak-Free File System Extraction

Elcomsoft iOS Forensic Toolkit 5.30 expands the range of extraction methods available for Apple iPhone and iPad devices. Previous versions of iOS Forensic Toolkit offered users the choice of advanced logical extraction and full file system extraction with keychain decryption; the latter only available on jailbroken devices. The jailbreak is required to enable low-level access to the file system and the keychain, which allows extracting significantly more evidence compared to advanced logical acquisition based on iOS backups.

Forensic customers and law enforcement agencies may or may not be able to install a jailbreak on devices being analyzed due to the perceived risks associated with jailbreaking. ElcomSoft serves those customers with an updated version of iOS Forensic Toolkit, which introduces the third extraction method based on direct access to the file system.

The new method departs from using third-party jailbreaks, utilizing ElcomSoft’s in-house development to directly access the data in compatible iOS devices. The extraction agent installed into the iPhone or iPad device communicates with the expert’s computer, delivering robust performance and extremely high extraction speed topping 1 GB of data per minute. Agent-based extraction is safe to use as it neither modifies the system partition nor remounts the file system. Both the file system image and all keychain records are extracted and decrypted.

The new agent-based extraction method delivers solid performance and results in forensically sound extraction with automatic on-the-fly hashing of information being extracted. The agent can be removed from the device after the extraction is complete with a single command.

Supported Devices

In order to make use of the extraction agent, the Apple device being analyzed must be running iOS 11 through 12.4 with the exception of iOS 12.3, 12.3.1 and 12.4.1. ElcomSoft is working to expand the range of supported versions of iOS and improve compatibility with the latest Apple devices. A valid Apple ID enrolled in Apple’s Developer Program is required to sign the extraction agent.

Pricing and Availability

Elcomsoft iOS Forensic Toolkit 5.30 is immediately available in Windows and Mac editions. North American pricing starts from $1,499 (local pricing may vary). Both Windows and Mac OS X versions are supplied with every order. Existing customers can upgrade at no charge or at a discount depending on their license expiration. Elcomsoft iOS Forensic Toolkit is available stand-alone and as part of Elcomsoft Mobile Forensic Bundle, which offers many additional features including cloud extraction.

About Elcomsoft iOS Forensic Toolkit

Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS. By performing physical acquisition of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, the original plain-text Apple ID password, conversations carried over various instant messaging apps such as Skype or Viber, as well as all application-specific data saved in the device.

iOS Forensic Toolkit is the only tool on the market to offer physical acquisition for Apple devices equipped with 64-bit SoC (subject to jailbreak availability). Physical acquisition for 64-bit devices returns significantly more information compared to logical and over-the-air approaches.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner, and Intel Software Premier Elite Partner.

For more information about Elcomsoft iOS Forensic Toolkit visit https://www.elcomsoft.com/eift.html

Contatti

Elcomsoft s.r.o.

Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00

Modulo di feedback coi rappresentati ufficiali di Elcomsoft.

As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.