iOS Forensic Toolkit 8.0 is officially released! Delivering forensically sound checkm8 extraction and a new command-line driven user experience, the new release becomes the most sophisticated mobile forensic tool we’ve released to date.

DFU (Device Firmware Update) is a special service mode available in many Apple devices for recovering corrupted devices by uploading a clean copy of the firmware. Forensic specialists use DFU during checkm8 extractions (Elcomsoft iOS Forensic Toolkit). Unlike Recovery, which serves a similar purpose, DFU operates on a lower level and is undocumented. Surprisingly, there might be more than one DFU mode, one being more reliable than the others when it comes to forensic extractions. The method described in this article works for the iPhone 8, 8 Plus and iPhone X.

iOS Forensic Toolkit 7.60 brings gapless low-level extraction support for several iOS versions from iOS 15.2 up to and including iOS 15.3.1, adding full file system extraction support for Apple devices based on Apple A11-A15 and M1 chips.

Elcomsoft iOS Forensic Toolkit supports checkm8 extraction from all compatible devices ranging from the iPhone 4s and all the way through the iPhone X (as well as the corresponding iPad, iPod Touch, Apple Watch and Apple TV models). The new update removes an important obstacle to the acquisition of the iPhone 7 and iPhone 7 Plus devices running recent versions of iOS.

Mobile forensics is not limited to phones and tablets. Many types of other gadgets, including IoT devices, contain tons of valuable data. Such devices include smart watches, media players, routers, smart home devices, and so on. In this article, we will cover the extraction of an Apple TV 4K, one of the most popular digital media players.

Keychain is an essential part of iOS and macOS that securely stores the most critical data: passwords of all kinds, encryption keys, certificates, credit card numbers, and more. Extracting and decrypting the keychain, when possible, is a must in mobile forensics. We seriously improved this part in the latest build of iOS Forensic Toolkit.

We often write about full file system acquisition, yet we rarely explain what it is, when you can do it, and which methods you can use. We decided to clarify low-level extraction of Apple mobile devices (iPhones and iPads, and some other IoT devices such as Apple TVs and Apple Watches).

The ninth beta of iOS Forensic Toolkit 8.0 for Mac introduces forensically sound, checkm8-based extraction of sixteen iPad, iPod Touch and Apple TV models. The low-level extraction solution is now available for all iPad and all iPod Touch models susceptible to the checkm8 exploit.

iOS Forensic Toolkit 7.40 brings gapless low-level extraction support for several iOS versions up to and including iOS 15.1 (15.1.1 on some devices), adding compatibility with previously unsupported versions of iOS 14.

The seventh beta of iOS Forensic Toolkit 8.0 for Mac introduces passcode unlock and forensically sound checkm8 extraction of iPhone 4s, iPad 2 and 3. The new solution employs a Raspberry Pi Pico board to apply the exploit. Learn how to configure and use the Pico microcontroller for extracting an iPhone 4s!