The release of unc0ver and Electra jailbreaks enables Elcomsoft iOS Forensic Toolkit to support physical acquisition for iOS 11.4 and 11.4.1 devices. At this time, Elcomsoft iOS Forensic Toolkit supports file system extraction via jailbreak for the entire range of iOS 11 devices. No update is required for users of iOS Forensic Toolkit 4.11. Users of earlier versions of iOS Forensic Toolkit are advised to update to the latest release.
Elcomsoft iOS Forensic Toolkit is now able to extract information from the entire range of Apple devices running any version of iOS 11 including the latest iOS 11.4 and 11.4.1 releases. This has been made possible with the release of unc0ver and Electra jailbreaks supporting the last two versions of iOS 11. In addition to iOS devices, the Toolkit offers all possible acquisition options for extracting and decrypting data from devices running the latest versions of iOS, WatchOS and TvOS, including the latest generations of Apple hardware. A compatible jailbreak is required to perform physical acquisition.
Elcomsoft iOS Forensic Toolkit supports all possible options for extracting and decrypting data from both jailbroken and non-jailbroken 64-bit devices, including the last generations of Apple hardware and software. Without a jailbreak, experts can perform logical extraction through iOS system backups as well as app data and media file extraction. If a jailbreak can be installed, experts can image the file system of 64-bit iPhones and iPads, extract crash logs and decrypt the keychain.
Physical acquisition offers numerous benefits compared to all other acquisition options by enabling access to protected parts of the file system and extracting data that is not synced with iCloud or included in local backups. In particular, physical acquisition is the only method for decrypting keychain items targeting the highest protection class. File system extraction gains full access to application sandboxes and all system areas. Downloaded email messages, chat databases and secrets from two-factor authentication apps, system logs and low-level location data are just a few things that are exclusively available with file system extraction.
Read out latest blog article to get more information on jailbreaking and file system acquisition.