iOS Forensics using Elcomsoft iOS Forensic Toolkit

Go to product page: https://www.elcomsoft.com/eift.html
Purchase EIFT: https://www.elcomsoft.com/purchase/
Perform the complete forensic analysis of encrypted user data stored in iPhone and iPad devices running any version of iOS. Elcomsoft iOS Forensic Toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and de-crypting the file system dump.
Features and Benefits:
• Physical acquisition (32-bit devices): acquire complete, bit-precise device images
• Physical acquisition (64-bit devices): extract more information compared to logical or cloud acqui-sition
• Extract information from locked devices (limitations apply)
• Decrypt keychain items such as stored passwords (32-bit devices only)
• Supports iOS versions up to to 9.0.2
• Passcode is not required (for legacy devices up to iPhone 4)
• Simple 4-digit passcodes recovered in 10-40 minutes
• Mac and Windows versions available

Providing near-instant forensic access to encrypted information stored in the latest iPhone and iPad devices, Elcomsoft iOS Forensic Toolkit enables access to protected file system dumps extracted from supported Apple devices even if the original device passcode is unknown. At this time, physical acquisition support is only available for legacy hardware (iPhone 4 and older) and jailbroken 32-bit devices (iPhone 4S through 5C). A proprietary physical acquisition for 64-bit devices is fully compatible with jailbroken iPhones and iPads equipped with 64-bit SoC, return-ing the complete file system of the device (as opposed to bit-precise image extracted with the 32-bit process).

*Access More Information than Available in iPhone Backups*
ElcomSoft already offers the ability to access information stored in iPhone/iPad/iPod devices by decrypting data backups made with Apple iTunes. The new toolkit offers access to much more information compared to what’s available in those backups, including access to passwords and usernames, email messages, geolocation data, application-specific data and more.

Huge amounts of highly sensitive information stored in users’ smartphones can be accessed. Historical geolocation data, viewed Google maps and routes, Web browsing history and call logs, pictures, email and SMS messages, usernames, passwords, and nearly everything typed on the iPhone is being cached by the device and can be accessed with the new toolkit.

*Real-Time Access to Encrypted Information*
With encryption keys handily available, access to most information is provided in real-time. A typical acquisition of an iPhone device takes from 20 to 40 minutes (depending on model and memory size); more time is required to process 64-Gb versions of Apple iPad. The list of excep-tions is short, and includes user’s passcode, which can be brute-forced or recovered with a dic-tionary attack.

Print Friendly

Leave a Reply