ElcomSoft Co. Ltd. updates iOS Forensic Toolkit, the company’s mobile forensic tool for extracting data from a range of Apple devices. Version 7.30 expands the ability to perform full file system extraction without the need to install a jailbreak, adding support for iOS 15.1.1 on all devices ranging from the iPhone 8 through iPhone 13. In addition, iOS Forensic Toolkit 8.0 beta 6 adds checkm8 acquisition support for iPhone 6s, SE, 7, 8, and iPhone X devices running iOS 15.4 and iOS 15.4.1.
“With this release we expand forensic extraction capabilities to multiple generations of iPhone devices running recent versions of iOS”, says Vladimir Katalov, ElcomSoft President and CEO. “Extracting data from the latest and toughest generations of Apple devices is becoming increasingly relevant. By carefully following the latest advances in iOS security research, we strive to deliver forensically sound solutions offering a unique opportunity to access crucial evidence including the detailed reconstruction of the user’s online and offline activities, visited locations, activities in social networks and chats in protected messengers, often including deleted records.”
File system extraction
Elcomsoft iOS Forensic Toolkit 7.30 brings low-level file system extraction support for multiple generations of Apple devices ranging all the way from the iPhone 8 and iPhone X through the iPhone 13 Pro Max. For these devices, the updated toolkit now covers the entire range of iOS releases since iOS 9.0 all the way up to iOS 15.1.1 with some exclusions (please refer to the compatibility matrix below). All 64-bit iPhone models capable of running iOS 15 are supported, including the iPhone 8/8 Plus, iPhone X, Xr, Xs, Xs Max, iPhone 11, 12, and 13 generations.
The extraction process is based on the in-house acquisition agent that establishes a communication channel between the iPhone and the computer, enabling low-level access to the file system and the keychain.
The low-level extraction approach relies on the acquisition agent, which enables low-level access to the phone’s data and extracts the complete file system image. Keychain decryption is available on some versions of iOS. Please refer to the following chart for details on the types of extraction supported on the different platforms.
Forensically sound checkm8 extraction
Elcomsoft iOS Forensic Toolkit 8.0 beta 6 bring forensically sound iPhone extraction through the bootloader-level checkm8 exploit. The new beta features forensically sound checkm8 extraction and command-line driven user interface and receives all the features from the release branch. In addition, iOS Forensic Toolkit 8.0 beta 6 adds checkm8 acquisition support for iPhone 6s, SE, 7, 8, and iPhone X devices running iOS 15.4 and iOS 15.4.1. Multiple improvements are made to the checkm8 extraction process to make it significantly more reliable compared to the previous beta.
Pricing and Availability
Elcomsoft iOS Forensic Toolkit is immediately available in Windows and Mac editions. North American pricing starts from $1,495 (local pricing may vary). Both Windows and Mac OS X versions are supplied with every order. Existing customers can upgrade at no charge or at a discount depending on their license expiration. Elcomsoft iOS Forensic Toolkit is available stand-alone and as part of Elcomsoft Mobile Forensic Bundle, which offers many additional features including cloud extraction.
About Elcomsoft iOS Forensic Toolkit
Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, the original plain-text Apple ID password, conversations carried over various instant messaging apps such as Skype or Viber, as well as all application-specific data saved in the device.
About ElcomSoft Co. Ltd.
Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certified Partner, and Intel Software Premier Elite Partner.
Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00
Please click here for contacts with Elcomsoft Co. Ltd. representative.
As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.