ElcomSoft comes out with a major update of the mobile forensic extraction tool Elcomsoft iOS Forensic Toolkit to extract selected iPhone and iPad models. checkm8-based extraction process enables the most complete extraction, extracting all keychain records regardless of protection class and the entire file system content.
The new version 8.0 offers repeatable, verifiable and forensically sound checkm8 extraction for a wide range of Apple devices and features an updated command line driven user interface. Additionally, full passcode unlocking is now available for select older Apple devices. A Mac edition of the tool is currently available, with Linux and Windows editions coming soon.
Passcode unlock for older Apple device
Elcomsoft iOS Forensic Toolkit version 8 (Image: Elcomsoft).
Elcomsoft iOS Forensic Toolkit 8.0 for Mac introduces a new forensically sound extraction workflow based on a bootloader exploit. The new checkm8-based extraction process enables the most complete extraction, extracting all keychain records regardless of protection class and the entire content of the file system. This includes application sandboxes, chat sessions in secure messaging apps, and much low-level system data that is never included in local or cloud backups.
The new extraction method is the cleanest yet as no changes were made to the device memory. The extraction process, which was developed from scratch, is unique. All process steps run completely in the volatile memory of the device. The operating system installed on the device and the data partition remain untouched and the originally installed operating system does not start during the boot process.
Apple system remains untouched during extraction
ElcomSoft's checkm8-based solution supports multiple iOS generations compatible with supported hardware up to and including iOS 15.7 with limited support for iOS 16. In addition, the extraction process supports all compatible tvOS and watchOS installed on supported Apple Watch and Apple TV models.
The new, forensically-sound workflow, where 100% of patching occurs in device memory, enables repeatable, verifiable extractions. Limited BFU (Before First Unlock) extraction is available for 64-bit devices with unknown lock screen passwords, while USB restrictions can be completely bypassed. Full passcode unlocking is now available for older 32-bit devices.
iPhone, iPad, Apple Watch and TV models can be read out
Elcomsoft iOS Forensic Toolkit 8.0 for Mac provides forensically sound checkm8 extraction for 76 Apple devices from iPhone 4 to iPhone X, a large number of iPad, iPod Touch, Apple Watch and Apple TV models. The newly developed extraction process supports a number of important operating system versions from iOS 7 to iOS 15.7 in three different variants (iOS, tvOS, watchOS) for three different architectures (arm64, armv7, armv7k).
Full passcode unlock along with file system extraction and keychain decryption is available for devices based on armv7 and armv7k architecture. For newer arm64-based devices, full file system extraction and keychain decryption are supported for devices with a known or blank passcode.
More at Elcomsoft.com
About Elcomsoft The software development house ElcomSoft Co. Ltd. was founded in 1990 by Alexander Katalov and has been owned by him ever since. The Moscow-based company specializes in proactive password security software for companies and private users and sells its products worldwide. ElcomSoft aims to give users access to their data with easy-to-use password recovery solutions.