Posts Tagged ‘Elcomsoft Phone Breaker’

We have published multiple articles on iPhone backup passwords already, covering the different aspects of the backup protection. In this publication, we have collected the most important information about the things you can do under different circumstances, some software recommendations, and some other practical tips and tricks, in a brief and simple form.

The long-awaited update for Elcomsoft Phone Breaker has arrived. The update brought back the ability to download iCloud backups, which was sorely broken since recent server-side changes introduced by Apple. We are also excited to become the first forensic company to offer support for iCloud backups saved by iOS 14 beta devices, all while supporting the full spectrum of two-factor authentication methods. We are proud to provide the most comprehensive forensic support of Apple iCloud with unmatched performance, accelerating forensic investigations and providing access to critical evidence stored in the cloud.

Location data is one of the most sensitive pieces of personal information. In today’s world, aggregated location data is as sensitive and as valuable as the user’s passwords. Once this data is transmitted to the OS manufacturer’s cloud service or any of the third-party vendors, the user has the right to know exactly what information is collected; who, when, and how has access to it. In today’s article, we will talk about one of the iOS lesser known features called “Significant locations”.

Apple iCloud contains massive amounts of data, which may become highly valuable evidence. The oldest and most frequently mentioned are iCloud backups, which ElcomSoft were the first to extract back in 2012. A lot has changed since then. Today, iCloud backups account for a very minor part of the evidence available in iCloud. Learn what types of data are stored in iCloud, how Apple protects the data with end-to-end encryption, and how to access that valuable evidence with the updated Elcomsoft Phone Breaker.

Extracting the fullest amount of information from the iPhone, which includes a file system image and decrypted keychain records, often requires installing a jailbreak. Even though forensically sound acquisition methods that work without jailbreaking do exist, they may not be available depending on the tools you use. A particular combination of iOS hardware and software may also render those tools ineffective, requiring a fallback to jailbreak. Today, the two most popular and most reliable jailbreaks are checkra1n and unc0ver. How do they fare against each other, and when would you want to use each?

The new build of iOS Forensic Toolkit is out. This time around, most of the changes are “internal” and do not add much functionality, but there is a lot going on behind the scenes. In this article, we will describe in details what is new and important, and how it’s going to affect you. We’ll share some tips on how to use the software in the most effective way, making sure that you extract all the data from iOS devices in the most forensically sound possible.

Instant messaging apps have become the de-facto standard of real-time, text-based communications. The acquisition of instant messaging chats and communication histories can be extremely important for an investigation. In this article, we compare the five top instant messaging apps for iOS in the context of their forensic analysis.

The iPhone is one of the most popular smartphone devices. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more or less efforts. Some of these acquisition methods are based on undocumented exploits and public jailbreaks, while some other methods utilize published APIs to access information. In this article, we’ll compare the types and amounts of data one can extract from the same 256-GB iPhone 11 Pro Max using three different acquisition methods: advanced logical, full file system and iCloud extraction.

Geolocation data can provide a wealth of evidence to various government agencies. Law enforcement agencies use location data to help place suspects near a crime scene in a given time frame. However, the use of location is not limited to criminal or civil investigations. Emergency response services use geolocation to locate persons, taxi and delivery services use location to improve service. There are many more examples where location evidence is vital. Recently, governments have started using (or are considering using) geolocation data to help identify and isolate infected citizens. Where does the location evidence come from and how one can extract it?

The popular unc0ver jailbreak has been updated to v4, and this is quite a big deal. The newest update advertises support for the latest A12 and A13 devices running iOS 13 through 13.3. The current version of iOS is 13.3.1. None of the older versions (including iOS 13.3) are signed, but still there are a lot of A12/A12X/A13 devices floating around. Until now, file system and keychain extraction was a big problem. The newest unc0ver jailbreak makes it possible.