Twelve years ago, we introduced an innovative way of accessing iPhone user data, retrieving iPhone backups straight from Apple iCloud. As our iCloud extraction technology celebrates its twelfth anniversary, it’s a fitting moment to reflect on the reactions it has provoked within the IT community. Let us commemorate the birth of the cloud extraction technology, recap the initial reactions from the forensic community, and talk about where this technology stands today.
Acquiring data from locked, broken, or inaccessible devices poses significant challenges. However, there are ways to retrieve valuable information from such devices by obtaining the data from iCloud, including old data that has been deleted with no chance of recovery. In this article, we will explore the classic acquisition methods available for iOS devices and focus on the crucial role of Apple iCloud in forensic investigations.
Apple offers by far the most sophisticated solution for backing up, restoring, transferring and synchronizing data across devices belonging to the company’s ecosystem. Apple iCloud can store cloud backups and media files, synchronize essential information between Apple devices, and keep highly sensitive information such as Health and authentication credentials securely synchronized. In this article we’ll explain what kinds of data are stored in iCloud and what you need to access them.
Apple ecosystem includes a comprehensive backup ecosystem that includes both local and cloud backups, and data synchronization with end-to-end encryption for some categories. Today we’ll discuss the iCloud backups, particularly targeting issues that are not covered in the official documentation.
Speaking of mobile devices, especially Apple’s, “logical acquisition” is probably the most misused term. Are you sure you know what it is and how to properly use it, especially if you are working in mobile forensics? Let us shed some light on it.
Cloud backups are an invaluable source of information whether you download them from the user’s iCloud account or obtain directly from Apple. But why some iCloud backups miss essential bits and pieces of information such as text messages, particularly iMessages? The answer is “end-to-end encryption”, and there’s more to it than just backups.
Over the last several years, the use of smart wearables continued to grow despite slowing sales. Among the many models, the Apple Watch Series 3 occupies a special spot. Introduced back in 2017, this model is still available new, occupying the niche of the most affordable wearable device in the Apple ecosystem. All that makes the Series 3 one of the most common Apple Watch models. The latest update to iOS Forensic Toolkit enables low-level extraction of the Apple Watch 3 using the checkm8 exploit.
Is surveillance a good or a bad thing? The answer depends on whom you ask. From the point of view of the law enforcement, the strictly regulated ability to use real-time surveillance is an essential part of many investigations. In this article we’ll cover a very unorthodox aspect of real-time surveillance: iCloud.
iOS security model offers very are few possibilities to recover anything unless you have a backup, either local or one from the cloud. There are also tricks allowing to recover some bits and pieces even if you don’t. In this article we’ll talk about what you can and what you cannot recover in modern iOS devices.
To perform an iCloud extraction, a valid password is generally required, followed by solving the two-factor authentication challenge. If the user’s iPhone is everything that you have, the iCloud password may not be available. By using a trusted device, one can gain unrestricted access to everything that is stored in the user’s iCloud account. This article gives a comprehensive walkthrough on this alternative authentication method.