Posts Tagged ‘EPPB’

Geolocation data can provide a wealth of evidence to various government agencies. Law enforcement agencies use location data to help place suspects near a crime scene in a given time frame. However, the use of location is not limited to criminal or civil investigations. Emergency response services use geolocation to locate persons, taxi and delivery services use location to improve service. There are many more examples where location evidence is vital. Recently, governments have started using (or are considering using) geolocation data to help identify and isolate infected citizens. Where does the location evidence come from and how one can extract it?

The popular unc0ver jailbreak has been updated to v4, and this is quite a big deal. The newest update advertises support for the latest A12 and A13 devices running iOS 13 through 13.3. The current version of iOS is 13.3.1. None of the older versions (including iOS 13.3) are signed, but still there are a lot of A12/A12X/A13 devices floating around. Until now, file system and keychain extraction was a big problem. The newest unc0ver jailbreak makes it possible.

We’ve just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak.  Why is the checkra1n jailbreak so important for the forensic community, and what new opportunities in acquiring Apple devices does it present to forensic experts? We’ll find out what types of data are available on both AFU (after first unlock) and BFU (before first unlock) devices, discuss the possibilities of acquiring locked iPhones, and provide instructions on installing the checkra1n jailbreak. (more…)

When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and possibly will) help accessing information stored both in the physical smartphone and in the cloud. In this article we’ll list all relevant artefacts that can shed light to smartphone data. The information applies to Apple iOS devices as well as smartphones running Google Android.

We’ve got a few forensic tools for getting data off the cloud, with Apple iCloud and Google Account being the biggest two. Every once in a while, the cloud owners (Google and Apple) make changes to their protocols or authentication mechanisms, or employ additional security measures to prevent third-party access to user accounts. Every time this happens, we try to push a hotfix as soon as possible, sometimes in just a day or two. In this article, we’ll try to address our customers’ major concerns, give detailed explanations on what’s going on with cloud access, and provide our predictions on what could happen in the future.

We’ve just released the first major update to Elcomsoft Phone Viewer, our lightweight forensic tool for glancing over data extracted from mobile devices. Boosting version number to 2.0, we added quite a lot of things, making it a highly recommended update.

With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups.

This time, we are updating our bread-and-butter mobile forensic tool, Elcomsoft Phone Password Breaker, to version 3.0 (beta). This new version has many things that are new or have changed. Let’s see what’s new, and why. (more…)

It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.

It’s been a while since we released the new version of Elcomsoft Phone Password Breaker that allows downloading backups from iCloud (read the press release). Many customers all over the world are already using this new feature intensively, but we still get many questions about its benefits, examples of cases when it can be used and how to use it properly. We also noticed many ironic comments in different forums (mostly from users without any experience in using iOS devices and so have no idea what iCloud backups actually are, I guess), saying that there is nothing really new or interesting there, because anyone with Apple ID and password can access the data stored in iCloud backup anyway.