Elcomsoft iOS Forensic Toolkit

Apple iOSを実行しているデバイスからデータの物理的および論理的抽出を実行します。デバイスのファイルシステムを視覚化し、機密デバイス情報(パスワード、暗号化キー、および安全なデータ)を抽出し、ファイルシステムイメージを復号化します。脱獄を使用した64ビットiOSデバイス用の物理データ抽出

  • バックアップ、クラッシュログ、メディアファイル、共有ファイルの論理抽出
  • ロックダウンファイルを使用してiOSデバイスのロックを解除する
  • セキュアストレージキーチェーンからデータを抽出して復号化する
  • リアルタイムでファイルシステムのデータを収集する
  • バックアップがパスワードで保護されている場合でもメディアファイルを抽出する

サポート:脱獄の有無にかかわらず、iPhone、iPad、iPad Pro、およびiPod Touchのすべての世代。脱獄デバイスからキーチェーンのキーリングを抽出する

Full version $ 1495
購入

Forensic Access to iPhone/iPad/iPod Devices running Apple iOS

Perform the complete forensic acquisition of user data stored in iPhone/iPad/iPod devices. Elcomsoft iOS Forensic Toolkit allows imaging devices’ file systems, extracting device secrets (passcodes, passwords, and encryption keys) and accessing locked devices via lockdown records.

See Compatible Devices and Platforms for details.

Physical Acquisition of iOS Devices

Physical acquisition is the only acquisition method to extract full application data, protected keychain items, downloaded messages and location history. Physical acquisition returns more information compared to logical acquisition due to direct low-level access to data.

Elcomsoft iOS Forensic Toolkit supports jailbroken 64-bit devices (iPhone 5s and newer) running most versions of iOS 7 through 13.x. The use of a bootrom-based jailbreak enables partial file system & keychain acquisition for BFU, locked and disabled iPhone models ranging from the iPhone 5s through iPhone X (via checkra1n jailbreak). Full file system and complete keychain acquisition for unlocked devices from this device range.

Logical Acquisition

iOS Forensic Toolkit supports logical acquisition, a simpler and safer acquisition method compared to physical. Logical acquisition produces a standard iTunes-style backup of information stored in the device, pulls media and shared files and extracts system crash logs. While logical acquisition returns less information than physical, experts are recommended to create a logical backup of the device before attempting more invasive acquisition techniques.

We always recommend using logical acquisition in combination with physical for safely extracting all possible types of evidence.

Media and Shared Files

Quickly extract media files such as Camera Roll, books, voice recordings, and iTunes media library. As opposed to creating a local backup, which could be a potentially lengthy operation, media extraction works quickly on all supported devices. Extraction from locked devices is possible by using a pairing record (lockdown file).

In addition to media files, iOS Forensic Toolkit can extract stored files of multiple apps, extracting crucial evidence without a jailbreak. Extract Adobe Reader and Microsoft Office locally stored documents, MiniKeePass password database, and a lot more. The extraction requires an unlocked device or a non-expired lockdown record.

Perform physical and logical acquisition of iPhone, iPad and iPod Touch devices. Image device file system, extract device secrets (passwords, encryption keys and protected data) and decrypt the file system image.

Compatible Devices and Platforms

  • 64-bit iOS devices with jailbreak: physical acquisition (file system extraction, keychain decryption)
  • Partial file system & keychain acquisition for BFU, locked and disabled iPhone models ranging from the iPhone 5s through iPhone X
  • Apple TV 4 (cable connection) and Apple TV 4K (wireless connection through Xcode, Mac only)
  • Apple Watch (all generations); requires a third-party IBUS adapter
  • No jailbreak: advanced logical acquisition only [1]

Logical acquisition includes:

  • Extended information about the device
  • iTunes-format backup (includes many keychain items)
  • List of installed apps
  • Media files (even if the backup is password-protected)
  • Shared files (even if the backup is password-protected)

  1. Logical acquisition works even with locked devices with unknown passcode if a valid pairing record is available. 

システム要求

Windows

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows Server 2008/2016

Apple OS X

  • OS X 10.6
  • OS X 10.7
  • OS X 10.8
  • OS X 10.9
  • OS X 10.10
  • OS X 10.11
  • OS X 10.12
  • OS X 10.13
  • OS X 10.14
  • OS X 10.15

リリースノート

Elcomsoft iOS Forensic Toolkit v.5.21

20 December, 2019

  • added BFU (Before First Unlock) keychain acquisition for devices with checkra1n jailbreak
  • file system archive and keychain are named by default as device UDID plus timestamp

アンインストール手順:製品をアンインストールするには、[コントロールパネル] - [プログラムと機能]から標準手順を実行するか、Windowsの[スタート]メニューの製品フォルダから対応する[Unistall]リンクを使用してください。

システム要求

Windows

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows Server 2008/2016

Apple OS X

  • OS X 10.6
  • OS X 10.7
  • OS X 10.8
  • OS X 10.9
  • OS X 10.10
  • OS X 10.11
  • OS X 10.12
  • OS X 10.13
  • OS X 10.14
  • OS X 10.15

リリースノート

Elcomsoft iOS Forensic Toolkit v.5.21

20 December, 2019

  • added BFU (Before First Unlock) keychain acquisition for devices with checkra1n jailbreak
  • file system archive and keychain are named by default as device UDID plus timestamp

アンインストール手順:製品をアンインストールするには、[コントロールパネル] - [プログラムと機能]から標準手順を実行するか、Windowsの[スタート]メニューの製品フォルダから対応する[Unistall]リンクを使用してください。

Elcomsoft iOS Forensic Toolkitを購入

Full version
$ 1495
購入