ElcomSoft Co. Ltd. updates iOS Forensic Toolkit, the company’s mobile forensic tool for extracting data from a range of Apple devices. Version 4.10 adds support for the latest range of iPhone devices, gaining the ability to perform logical acquisition of iPhone Xs, Xs Max and iPhone Xr. The advanced logical acquisition process obtains information available through iOS backup service, and additionally extracts extended device information, media files (photos and videos) regardless of backup password, as well as crash logs and shared files. In addition, the tool can now utilize the iPhones’ DFU and Recovery modes to access device information, offering a limited bypass of the USB Restricted Mode for affected devices.
Logical Acquisition of Apple iPhone Xs, Xs Max and iPhone Xr
In this release, iOS Forensic Toolkit adds support for Apple’s 2018 range of iPhone devices. The new build gains the ability to perform logical extraction of the iPhone Xs, Xs Max, and iPhone Xr.
ElcomSoft’s advanced logical acquisition process obtains significantly more information than available in iTunes local backups. While the tool does extract information available through the iOS backup service, it additionally extracts extended device information, media files (photos and videos) regardless of whether or not a backup password is set, and pulls shared files and system crash logs. All this makes iOS Forensic Toolkit the go-to tool for mobile forensic specialists who need to extract evidence from last-generation Apple devices.
Support for DFU and Recovery Modes
Experts involved with iOS forensics are aware of DFU and Recovery modes available in Apple devices. The original purpose of DFU and Recovery modes is recovering iOS devices from various issues if the device becomes unusable, does not boot or has a problem installing an update.
Both DFU and Recovery modes load prior to iOS. For this reason, these modes are not affected by USB restrictions, allowing experts successfully connecting devices even if USB Restricted Mode has been engaged. Either mode allows for two-way communication between the device and the computer, returning a limited amount of information about the device.
iOS Forensic Toolkit 4.10 adds support for devices booted in the DFU or Recovery mode, accessing all available information about the connected device. The following information can be extracted through the Recovery mode: device model and model number, unique chip identifier (ECID), device serial number and IMEI. The DFU mode only returns device model and model number as well as unique chip identifier (ECID). More information about DFU and Recovery modes at https://blog.elcomsoft.com/2018/10/everything-about-ios-dfu-and-recovery-modes/
Pricing and Availability
Elcomsoft iOS Forensic Toolkit 4.10 is immediately available in Windows and Mac editions. North American pricing starts from $1,499 (local pricing may vary). Both Windows and Mac OS X versions are supplied with every order. Existing customers can upgrade at no charge or at a discount depending on their license expiration. Elcomsoft iOS Forensic Toolkit is available stand-alone and as part of Elcomsoft Mobile Forensic Bundle, which offers many additional features including cloud extraction.
Windows and macOS versions of Elcomsoft iOS Forensic Toolkit are available. Physical acquisition support for the various iOS devices varies depending on lock state, jailbreak state and the version of iOS installed; for some versions of iOS logical acquisition is the only available method. iOS Forensic Toolkit supports all devices running iOS 7 through iOS 12.1.
About Elcomsoft iOS Forensic Toolkit
Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS. By performing physical acquisition of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, the original plain-text Apple ID password, conversations carried over various instant messaging apps such as Skype or Viber, as well as all application-specific data saved in the device.
iOS Forensic Toolkit is the only tool on the market to offer physical acquisition for Apple devices equipped with 64-bit SoC (subject to jailbreak availability). Physical acquisition for 64-bit devices returns significantly more information compared to logical and over-the-air approaches.
About ElcomSoft Co. Ltd.
Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner (Gold competency), and Intel Software Premier Elite Partner.
For more information about Elcomsoft iOS Forensic Toolkit visit https://www.elcomsoft.com/eift.html