21 June, 2022

ElcomSoft Brings Forensically Sound checkm8 Extraction to iPad, iPod Touch and Apple TV

ElcomSoft Co. Ltd. rolls out an update to iOS Forensic Toolkit for Mac, the company’s mobile forensic tool for extracting data from a range of Apple devices. The new release adds the ability to perform forensically sound, repeatable and verifiable file system extractions of numerous iPad, iPod Touch, and Apple TV models.

Elcomsoft iOS Forensic Toolkit for Mac now delivers forensically sound extraction for the entire range of Apple devices that have the bootloader vulnerability exploitable with checkm8. The list of newly added iPad models includes the full-size iPad 5, 6, and 7, the iPad Mini 2, 3, and 4, the iPad Air 1 and 2, and the iPad Pro 1 and 2 (9.7” and 12.9” models respectively). In addition, iPod Touch 6 and 7 and Apple TV 4 and 4K are also supported.

Background

Checkm8 is applicable to all devices with bootloader vulnerability, yet there are technical differences when it comes to implementing the exploit on the various devices. This update targets non-iPhone devices, spending efforts to support the many iPads equipped with the corresponding SoCs.

Service life of an iPad is several times as long as an iPhone of the same generation. Extended service life aside, iPads are the true workhorses that are actively used as corporate devices and BYOD. iPads are made for business and creative tasks, which results in a lot of highly valuable potential evidence that can now be extracted. Learn more in the article checkm8 Extraction: the iPads, iPods, and TVs.

Forensically Sound Extraction

With Elcomsoft iOS Forensic Toolkit, ElcomSoft introduces a forensically sound extraction solution offering verifiable and repeatable results on subsequent extractions. The new method extracts everything from the device down to the last bit, including app sandboxes and encrypted app data, secret chats, some deleted records, and much more.

When using iOS Forensic Toolkit on a supported device, the checksum of the first extracted image will match the checksums of subsequent extractions provided that the device never rebooted and is stored in the powered-off state between extractions.

The new extraction method is the cleanest yet. ElcomSoft’s implementation of bootloader-based exploit is derived directly from the source. All the work is performed completely in the RAM, and the operating system installed on the device is left untouched and is not used during the boot process.

It is difficult to underestimate the importance of checkm8 for mobile forensic specialists. With this update, Elcomsoft iOS Forensic Toolkit becomes the most advanced iOS acquisition tool on the market, and the only truly forensically sound one delivering repeatable results after subsequent extractions. Our solution is the only one on the market supporting forensically sound checkm8 extraction for all Apple devices with the bootloader vulnerability, including all compatible iPhone, iPad, and iPod Touch models, as well as the Apple TV and Apple Watch devices.

About Elcomsoft iOS Forensic Toolkit

Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, the original plain-text Apple ID password, conversations carried over various instant messaging apps such as Skype or Viber, as well as all application-specific data saved in the device.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner, and Intel Software Premier Elite Partner.

Contacts

Elcomsoft s.r.o.

Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00

Formulaire pour la réaction des représentats officiels de la compagnie Elcomsoft.

As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.