ElcomSoft iOS Forensic Toolkit extracts data from Apple devices without a jailbreak

ElcomSoft updates iOS Forensic Toolkit, the company’s mobile forensic tool for extracting data from a range of Apple devices.

Version 7.0 expands the ability to perform full file system extraction without the need to install a jailbreak, adding support for recent versions of iOS including iOS 14 through 14.3 on all devices including the current iPhone 12 range.

The toolkit now provides jailbreak-free forensic extraction for the entire range of devices, supporting iPhone 5s through iPhone 12.

This update delivers the complete, zero-gap coverage for supported iPhone devices from iOS 9 onwards, up to and including iOS 14.3 on supported devices.

“In this release, we deliver forensic extraction capabilities for the current generation of iPhone devices running recent versions of iOS,” says Vladimir Katalov, ElcomSoft President and CEO.

“Extracting data from the latest and toughest generations of Apple devices is becoming increasingly relevant.

“By carefully following the latest advances in iOS security researches, we strive to deliver forensically sound solutions offering a unique opportunity to access crucial evidence including the detailed reconstruction of the user’s online and offline activities, visited locations, activities in social networks and chats in protected messengers, often including deleted records.”

Forensic analysis of iOS devices

Elcomsoft iOS Forensic Toolkit 7.0 brings low-level extraction support for the latest generation of Apple devices based on A14 Bionic.

This includes the entire range of iPhone 12 models running all versions of iOS 14 from the original iOS 14.0 all the way through iOS 14.3.

During the extraction, iOS Forensic Toolkit images the iPhone file system and pulls and decrypts the keychain, which in turn stores the user’s passwords, certificates, authentication tokens and keys.

The extraction process is based on the in-house acquisition agent that establishes a communication channel between the iPhone and the computer, enabling low-level access to the file system and the keychain.

The extraction agent covers the entire range of iOS releases since iOS 9.0 all the way up to iOS 14.3 for all iPhone models from the iPhone 5s through the current iPhone 12 range with no gaps or exclusions.

Agent-based extraction offers numerous benefits compared to other acquisition method. The agent does not make any changes to user data, offering the most forensically sound extraction among available acquisition methods.

Using an Apple ID registered in Apple’s Developer Program is strongly recommended for installing the agent as it alleviates the need to open Internet access on the device.