![]() ![]() In addition to passwords, the keychain stores crucial keys required to unlock protected chat histories from messaging applications like Signal. Investigators can now access crucial evidence in the latest Apple devices running relatively recent versions of iOS, including the contents of apps’ sandboxes, system data, and important online account passwords, shedding light on users’ digital activities. Now, with full file system extraction and keychain decryption support for the same range of devices, we expanded OS version support all the way up to iOS 16.5 for devices based on Apple A11 Bionic and newer chips, up to and including the M1 and M2. Previously, our tool could extract the full file system image and decrypt the keychain from supported devices running iOS releases up to and including iOS 16.4 for some devices, the latest supported version of iOS was even older. We have already established ourselves as pioneers in checkm8 extractions, extended support to various Apple devices, and introduced low-level extraction support for Apple M1 and M2 chip-based iPad models. The low-level extraction agent is what sets iOS Forensic Toolkit apart. By employing agent-based extraction, investigators can retrieve the maximum amount of data, making it a valuable source of forensic evidence. Although agent extraction may not be considered completely “forensically sound” like the acquisition method based on the bootloader exploit, it stands as the sole available technique for the latest Apple devices equipped with A12-A16 Bionic and M1/M2 SoC, and even remains the only working extraction technique for A11 devices (iPhone 8/8 Plus/iPhone X) running iOS 16, for which bootloader-based methods fail. “Consent extraction” is a term meaning that it can only be used when the device passcode is known or not set. ![]() IntroductionĪgent-based extraction is an advanced “consent extraction” method used to obtain the complete file system and keychain data from modern iOS and iPadOS devices, namely iPhones and iPads. This achievement represents a breakthrough, as the delay between Apple’s iOS updates and our forensic software release has significantly reduced. In a recent update, we expanded the capabilities of the low-level extraction agent to support full file system extraction and keychain decryption on Apple’s newest devices running iOS 16.5. Its cutting-edge features and unmatched capabilities have made it the go-to software for investigating iOS devices. When it comes to iOS data acquisition, Elcomsoft iOS Forensic Toolkit is the top choice for forensic experts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |