In this article, we will discuss how to access the hidden port of the first-generation HomePod and extract its file system image. Note that this process requires disassembly, voids the HomePod warranty, and requires specific tools, including a custom 3D-printable USB adapter, a set of screws, and a breakout cable. Therefore, this method is not recommended for casual users and should only be used by professionals who have a thorough understanding of the process.

Discover the benefits of agent-based data extraction from iOS devices. Learn about the purpose and development of the extraction agent, when it can be used, and best practices. Get a comprehensive understanding of the cutting-edge approach for iOS data extraction.

On January 23, 2023, Apple have released a bunch of system updates that target the different device architectures. iOS 16.3 is available for many recent devices, while older models were updated to iOS 12.5.7, iOS 15.7.3 and iPadOS 15.7.3 respectively. While Elcomsoft iOS Forensic Toolkit supported these versions of the system from the get go, today we are rolling out an update that irons out minor inconveniences when imaging such devices.

What does “forensically sound extraction” mean? The classic definition of forensically sound extraction means both repeatable and verifiable results. However, there is more to it. We believe that forensically sound extractions should not only be verifiable and repeatable, but verifiable in a safe, error-proof manner, so we tweaked our product to deliver just that.

Apple is known for a very long time they support their devices. On January 23, 2023, alongside with iOS 16.3 the company rolled out security patches to older devices, releasing iOS 12.5.7, iOS 15.7.3 and iPadOS 15.7.3. iOS 12 was the last major version of iOS supported on Apple A7, A8, and A8X devices, which includes the iPhone 5s and iPhone 6 and 6 Plus generations along with several iPad models. We tested low-level extraction with these security-patched builds, and made several discoveries.

The updated iOS Forensic Toolkit 8.11 brings keychain decryption support to devices running iOS/iPadOS versions up to and including the 15.5 by using the extraction agent. The tool supports recent models that can run iOS 15 , which includes devices based on the Apple A12 through A15 Bionic, as well as Apple Silicon based devices built on the M1 SoC.

Just before the turn of the year, we’ve made an important update to Elcomsoft iOS Forensic Toolkit, a low-level iOS file system extraction and keychain decryption tool. The update brings checkm8 support to iOS, iPadOS and tvOS 16.2 devices, and enables agent-based low-level extraction of iOS 15.5. We’ve also fixed what’s been long broken: the ability to sideload the extraction agent from Windows PCs, yet the two updates are delivered in different branches. Sounds confusing? We’re here to solve it for you.

The new year is fast approaching, and of course we are curious to know what it has in store for us in the field of computer, mobile, and cloud forensics. But before 2022 is over, we invite you to take a moment to reflect on what 2022 has been like for us. More research, development and updates remained our top priority, as it has been in all previous years. We have continued with constant improvement to our solutions by launching new features and expanding product capabilities. We’ve also got a chance to attend some conferences to meet with you in person and share our expertise. So, here’s our take on the results of 2022.

Several generations of Apple TV devices have a bootloader vulnerability that can be exploited with checkm8 to extract information from the device. The vulnerability exists in the Apple TV 3 (2012 and 2013), Apple TV HD (formerly Apple TV 4) 2015 and 2021, and Apple TV 4K (2017). Newer generations of Apple TV do not have the vulnerability. This guide lists the tools and steps required to fully extract a compatible Apple TV device.

checkm8 is the only extraction method available for the Apple Watch S3 allowing full access to essential evidence stored in the device. In this guide, we will talk about connecting the Apple Watch S3 to the computer, placing the watch into DFU mode, applying the checkm8 exploit and extracting the file system from the device with iOS Forensic Toolkit 8.0.