Elcomsoft Ios Forensic Toolkit Torrent
Chrystal Dueno
Elcomsoft iOS Forensic Toolkit 8.0 for Mac introduces a new forensically sound extraction workflow based on a bootloader exploit. The new checkm8-based extraction process enables the most complete extraction experience, pulling all keychain records regardless of the protection class and extracting the entire content of the file system including application sandboxes, chat sessions in secure messaging apps, and a lot of low-level system data that is never included in local or cloud backups.
The new, forensically sound workflow with 100% of the patching occurring in the device RAM enables repeatable, verifiable extractions. For 64-bit devices with unknown screen lock passwords a limited BFU (Before First Unlock) extraction is available, while USB restrictions can be completely bypassed. For 32-bit legacy devices the complete passcode unlock experience is available.
iOS Forensic Toolkit 8.0 brings a new, advanced user experience built around the command line. The use of the command line enables full control over every step of the extraction workflow, allowing experts to stay in control of every step of the process. Thanks to the command line, experts can also build their own scripts to automate their specific routines.
Elcomsoft iOS Forensic Toolkit 8.0 for Mac delivers forensically sound checkm8 extraction to 76 Apple devices ranging from the iPhone 4 to the iPhone X, a large number of iPad, iPod Touch, Apple Watch, and Apple TV models. The newly developed extraction process supports a range of major OS releases ranging from iOS 7 through iOS 15.7 in three different flavors (iOS, tvOS, watchOS) for three different architectures (arm64, armv7, armv7k).
For devices based on the armv7 and armv7k architecture full passcode unlock along with file system extraction and keychain decryption are available. For newer arm64-based devices, full file system extraction and keychain decryption are supported for devices with a known or empty passcode. Finally, the latest supported range including the iPhone 8, 8 Plus and iPhone X requires removing the passcode prior to extraction.
With this update, Elcomsoft iOS Forensic Toolkit becomes the most advanced iOS acquisition tool on the market. The toolkit now supports all possible acquisition methods including advanced logical, agent-based and checkm8-based low-level extraction.
Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, conversations carried over all instant messaging apps, including the most secure ones such as Signal, Wickr, and Telegram, as well as all application-specific data saved in the device.
The toolkit now provides jailbreak-free forensic extraction for the entire range of devices, supporting iPhone 5s through iPhone 12. This update delivers the complete, zero-gap coverage for supported iPhone devices from iOS 9 onwards, up to and including iOS 14.3 on supported devices.
The extraction process is based on the in-house acquisition agent that establishes a communication channel between the iPhone and the computer, enabling low-level access to the file system and the keychain. The extraction agent covers the entire range of iOS releases since iOS 9.0 all the way up to iOS 14.3 for all iPhone models from the iPhone 5s through the current iPhone 12 range with no gaps or exclusions.
Agent-based extraction offers numerous benefits compared to other acquisition methods. The agent does not make any changes to user data, offering the most forensically sound extraction among available acquisition methods.