Enhanced Forensic Access to iPhone/iPad/iPod Devices running iOS 4

ElcomSoft Co. Ltd. offers the complete toolkit for performing forensic analysis of encrypted user data stored in certain iPhone/iPad/iPod devices running iOS 4.x. The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time.

The toolkit includes Elcomsoft Phone Password Breaker, the tool to decrypt images of devices’ file systems, as well as several additional tools: to extract/dump the encrypted file system out of the device in raw form; to get the encryption keys; to break the passcode. The extraction tool can be replaced with any product that is capable of producing ‘raw’ (dd-style) images out of the device.

Restricted Use

ElcomSoft restricts the availability of the toolkit to select government entries such as law enforcement and forensic organizations and intelligence agencies; also, the toolkit is a subject to special license agreement. Contact us for more details.

Access More Information than Available in iPhone Backups

ElcomSoft already offers the ability to access information stored in iPhone/iPad/iPod devices by decrypting data backups made with Apple iTunes. The new toolkit offers access to much more information compared to what’s available in those backups, including access to passwords and usernames, email messages, and deleted SMS and mail files.

Huge amounts of highly sensitive information stored in users’ smartphones can be accessed. Historical geolocation data, viewed Google maps and routes, Web browsing history and call logs, pictures, email and SMS messages, including deleted ones, usernames, passwords, and nearly everything typed on the iPhone is being cached by the device and can be accessed with the new toolkit.

Real-Time Access to Encrypted Information

Unlike previously employed methods relying on lengthy dictionary attacks or brute force password recovery, the new toolkit can extract most encryption keys out of the physical device. With encryption keys handily available, access to most information is provided in real-time. The list of exceptions is short, and includes user’s passcode, which can be recovered in a very reasonable time; or recovery is not needed at all, if you have an access to the computer the device has been synced with (and so escrow keys). More information is available in our blog:

• ElcomSoft Breaks iPhone Encryption, Offers Forensic Access to File System Dumps
• Extracting the File System from iPhone/iPad/iPod Touch Devices

Device Compatibility

Protected file system dumps can be extracted from iPhone devices equipped with on-board hardware encryption and running iOS 4.x. Supported devices include iPhone 3GS and iPhone 4 (both GSM and CDMA models), first-gen iPad, and latest releases of iPod Touch (3rd and 4th generation).