ElcomSoft updates iOS Forensic Toolkit, the mobile forensic tool for extracting data from an iPhone. Version 7.30 extends the ability to perform a full file system extraction without installing a jailbreak.
ElcomSoft offers support for iOS 15.1.1 on all devices, from iPhone 8 to iPhone 13. In addition, iOS Forensic Toolkit 8.0, still in beta 6, offers support for checkm8 detection on iPhone 6s, SE, 7, 8 and 15.4 iPhone X devices running iOS 15.4.1 and iOS XNUMX.
Extraction also from newer iPhones
"With this release, we are extending forensic extraction capabilities to multiple generations of iPhones running the latest versions of iOS," says Vladimir Katalov, President and CEO of ElcomSoft. “The extraction of data from the latest and most complex generations of Apple devices is becoming increasingly important. By carefully monitoring the latest advances in iOS security research, we strive to deliver forensically sound solutions that offer a unique way to access crucial evidence, including detailed reconstruction of the online and offline activities of the user being visited Locations, social media activity and chats in protected messengers, often including deleted records.”
Low-level file system extraction
Elcomsoft iOS Forensic Toolkit 7.30 adds support for low-level file system extraction for multiple generations from the iPhone 8 and iPhone X up to the iPhone 13 Pro Max. For these devices, the updated toolkit now covers the full range of iOS versions since iOS 9.0 up to iOS 15.1.1 with some exceptions (see compatibility matrix at https://www.elcomsoft.com/wallpapers/eift_20220429_infograph.png ). All 64-bit iPhone models capable of running iOS 15 are supported , including iPhone 8/8 Plus, iPhone X, Xr, Xs, Xs Max, iPhone 11, 12 and 13 generations.
The extraction process is based on the in-house acquisition agent, which establishes a communication channel between the iPhone and the computer and allows low-level access to the file system and keychain. It allows a complete extraction of the file system image. Keychain decryption is also available on some versions of iOS.
Forensically sound checkm8 extraction
Elcomsoft iOS Forensic Toolkit 8.0 Beta 6 provides forensically sound iPhone extraction through the bootloader-level checkm8 exploit. A command line driven user interface preserves all features from the release branch. Additionally, iOS Forensic Toolkit 8.0 Beta 6 adds support for checkm8 acquisition for iPhone 6s, SE, 7, 8 and iPhone X devices running iOS 15.4 and iOS 15.4.1. Several improvements have been made to the checkm8 extraction process to make it significantly more reliable compared to the previous beta version.
More at Elcomsoft.de
About ElcomSoft
The software development company ElcomSoft Co. Ltd. was founded in 1990 by Alexander Katalov and has been in his possession ever since. The Moscow-based company specializes in proactive password security software for businesses and private users and sells its products worldwide. ElcomSoft aims to provide users with easy-to-use password recovery solutions to access their data. The software company also provides administrators with security solutions with which they can locate and eliminate unsafe identifiers in company networks under Windows or rescue EFS-encrypted files.