Clik here to view.
iOS Acquisition Reloaded
The new build of iOS Forensic Toolkit is out. This time around, most of the changes are “internal” and do not add much functionality, but there is a lot going on behind the scenes. In this article, we...
View ArticleClik here to view.
Working Around the iPhone USB Restricted Mode
The USB restricted mode was introduced in iOS 11.4.1, improved in iOS 12 and further strengthened in iOS 13. The USB restrictions are a real headache for iPhone investigators. We’ve discovered a simple...
View ArticleClik here to view.
Full File System Extraction for iOS 13.3.1, 13.4 and 13.4.1
Elcomsoft iOS Forensic Toolkit 6.0 is out, adding direct, forensically sound extraction for Apple devices running some of the latest versions of iOS including iOS 13.3.1, 13.4 and 13.4.1. Supported...
View ArticleClik here to view.
Full File System and Keychain Acquisition with unc0ver jailbreak: iOS 13.1 to...
The unc0ver v5 jailbreak has been available for a while now. It supports the newest versions of iOS up to and including iOS 13.5, and this is fantastic news for DFIR community, as it allows extracting...
View ArticleClik here to view.
checkra1n & unc0ver: How Would You Like to Jailbreak Today?
Extracting the fullest amount of information from the iPhone, which includes a file system image and decrypted keychain records, often requires installing a jailbreak. Even though forensically sound...
View ArticleClik here to view.
Researching Confide Messenger Encryption
iPhone users have access to literally hundreds of instant messaging apps. These apps range all the way from the built-in iMessage app to the highly secure Signal messengers, with all stops in between....
View ArticleClik here to view.
Jailbreaking Apple TV 4K
Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user’s Apple account with full iCloud access, the Apple TV synchronizes a lot of data....
View ArticleClik here to view.
Significant Locations, iOS 14 and iCloud
Location data is one of the most sensitive pieces of personal information. In today’s world, aggregated location data is as sensitive and as valuable as the user’s passwords. Once this data is...
View ArticleClik here to view.
checkra1n, USB Restrictions and Breaking Into Locked iPhones
The checkra1n jailbreak is fantastic. Not only does it work with the latest versions of iOS the other jailbreaks aren’t even available for, but it also allows performing partial data extraction from...
View ArticleClik here to view.
The Four Ways to Deal with iPhone Backup Passwords
We have published multiple articles on iPhone backup passwords already, covering the different aspects of the backup protection. In this publication, we have collected the most important information...
View ArticleClik here to view.
Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options...
The keychain is one of the hallmarks of the Apple ecosystem. Containing a plethora of sensitive information, the keychain is one of the best guarded parts of the walled garden. At the same time, the...
View ArticleClik here to view.
iOS Extraction Without a Jailbreak: Full iOS 9 Support, Simplified File...
We updated iOS Forensic Toolkit to bring two notable improvements. The first one is the new acquisition option for jailbreak-free extractions. The new extraction mode helps experts save time and disk...
View ArticleClik here to view.
Behind the iPhone 5 and 5c Passcode Cracking
Smartphones are used for everything from placing calls and taking photos to navigating, tracking health and making payments. Smartphones contain massive amounts of sensitive information which becomes...
View ArticleClik here to view.
Setting Up Restricted Internet Connection for iPhone Extraction
Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular,...
View ArticleClik here to view.
Extracting iPhone File System and Keychain Without an Apple Developer Account
Last year, we have developed an innovative way to extract iPhone data without a jailbreak. The method’s numerous advantages were outweighed with a major drawback: an Apple ID enrolled in the paid...
View ArticleClik here to view.
Apple Mobile Devices Cheat Sheet
When investigating iOS devices, you may have seen references to the SoC generation. Security researchers and developers of various iOS jailbreaks and exploits often list a few iPhone models followed by...
View ArticleClik here to view.
iOS Extraction Without a Jailbreak: Finally, Zero-Gap Coverage for iOS 9...
We have plugged the last gap in the range of iOS builds supported on the iPhone 5s and 6. The full file system extraction and keychain decryption is now possible on these devices regardless of the...
View ArticleClik here to view.
The Forensic View of iMessage Security
Apple iMessage is an important communication channel and an essential part of forensic acquisition efforts. iMessage chats are reasonably secure. Your ability to extract iMessages as well as the...
View ArticleClik here to view.
Protecting iMessage Communications
How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular...
View ArticleClik here to view.
iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System...
It’s been a week since Apple has released iOS 14.2 as well as iOS 12.4.9 for older devices. Just a few days later, the developers updated the checkra1n jailbreak with support for new devices and iOS...
View Article