The fifth beta of iOS Forensic Toolkit 8 for Mac introduces forensically sound, checkm8-based extraction of Apple Watch Series 3. How to connect the watch to the computer, what data is available and how to apply the exploit? Check out this comprehensive guide!

Last month, we released the tool and published the guide on forensically sound extraction of the iPhone 7 generation of devices. Today, we have added support for the iPhone 8, 8 Plus, and iPhone X, making iOS Forensic Toolkit the first and only forensically sound iPhone extraction tool delivering repeatable and verifiable results for all 64-bit iPhone devices that can be exploited with checkm8. While the previous publication talks about the details on acquiring the iPhone 7, there are some things different when it comes to the last generation of checkm8-supported devices.

In order to use the checkm8-based acquisition, the device must be placed into DFU (Device Firmware Update) mode first, and this is the trickiest part of the process. There is no software way to enter DFU, so you have to do it manually. This article describes how to do it properly for the iPhone 8, iPhone 8 Plus and iPhone X that are now supported by Elcomsoft iOS Forensic Toolkit.

Last month we introduced forensically sound low-level extraction for a range of iPhone devices. Based on the renowned checkm8 exploit, our solution supported devices ranging from the iPhone 5s through 6s/6s Plus/SE. Today, we are extending the range of supported devices, adding checkm8 extraction of the iPhone 7 and 7 Plus.

Installing the checkm8 exploit to perform forensically sound extractions with iOS Forensic Toolkit can be tricky, which is in part due to certain hardware peculiarities.  If you watch our blog, you might have already read the article on checkm8, checkra1n and USB hubs. We have some good news: we managed to fix some of the issues with or without the use of a USB hub.

Half a year ago, we started a closed beta-testing of a revolutionary new build of iOS Forensic Toolkit. Using the checkm8 exploit, the first beta delivered forensically sound file system extraction for a large number of Apple devices. Today, we are rolling out the new, significantly improved second beta of the tool that delivers repeatable, forensically sound extractions based on the checkm8 exploit.

The second beta of iOS Forensic Toolkit 8.0 has arrived, offering repeatable, verifiable extraction for a limited range of iOS devices. The new release introduces a brand-new user interface, which differs significantly from the selection-driven console we’ve been using for the past several years. This article describes the new workflow for performing forensically sound extractions with iOS Forensic Toolkit 8.0 beta2.

If you ever used the checkra1n jailbreak or the checkm8 acquisition method available in some mobile forensic products like iOS Forensic Toolkit, you know that the trickiest parts of the process are the first two: entering DFU, and using the exploit itself. Even if you have the right cables and enough experience, sometimes you may still bump into a weird issue or two. The device may not enter DFU whatever you do, or the exploit fails. How can you increase your success rate?

Switching the iPhone into DFU mode is frequently required during the investigation, especially for older devices that are susceptible to checkm8 exploit. However, switching to DFU requires a sequence of key presses on the device with precise timings. If the device is damaged and one or more keys are not working correctly, entering DFU may be difficult or impossible. In this guide, we offer an alternative.

Back in 2019, independent researcher axi0mX has developed a ground-breaking exploit. Targeting a vulnerability in the bootloader of several generations of iOS devices, checkm8 made it possible to obtain BootROM code execution and perform forensic analysis on a long list of devices running a wide range of iOS versions. In this article, we’ll talk about the forensic use of checkm8 with iOS Forensic Toolkit.