Logical Acquisition of iPhone, iPad and iPod Touch Devices
Elcomsoft Phone Breaker enables forensic access to information stored in a wide range of Apple devices running all versions of iOS. The tool can brute-force passwords and decrypt iOS backups using GPU acceleration, decrypt and analyze passwords stored in iOS Keychain. The tool can download iCloud backups and synchronized data, and access protected data such as iCloud Keychain, iCloud Messages and Health.
Cloud Acquisition via Apple iCloud and Microsoft Account
Cloud acquisition is a highly effective way of retrieving up-to-date information backed up or synced by modern smartphones with their respective cloud services. Elcomsoft Phone Breaker supports the extraction of cloud backups and synced data from Apple iCloud and Microsoft Account, enabling remote acquisition of iPhone and iPad devices as well as smartphones running Windows Phone and Windows 10 Mobile.
Online backups can be acquired by forensic specialists without having the original iOS or Windows Phone device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Live ID accompanied with the corresponding password.
Access iCloud without Login and Password 
If the user’s Apple ID and password are not available, Elcomsoft Phone Breaker can use a binary authentication token created by Apple iCloud Control Panel in order to login to iCloud and retrieve information. The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.
Acquire iCloud Keychain
Elcomsoft Phone Breaker is the only tool on the market to access, extract and decrypt iCloud Keychain, Apple's cloud-based system for storing and syncing passwords, credit card data and other highly sensitive information across devices. As opposed to authorizing a new Apple device, Elcomsoft Phone Breaker does
not become part of the circle of trust and does not require a middleware device, thus offering truly forensic extraction of protected records.
Download Health and Messages from iCloud
Apple supports Health and Messages sync through iCloud. Elcomsoft Phone Breaker is the first tool on the market to extract and decrypt messages from iCloud complete with attachments, extract and decrypt Health data. To access Health and Messages, the login and password to the user's Apple Account, one-time code to pass Two-Factor Authentication and a screen lock password or system password for one of the already enrolled devices are required.
Decrypt FileVault 2
Elcomsoft Phone Breaker can extract escrow decryption keys from the user’s Apple account, and make use of those keys to decrypt macOS FileVault 2 volumes even if user account password is not known.
Note: At this time, Elcomsoft Phone Breaker can only decrypt HFS+ volumes.
When downloading iCloud backups created with iOS 11.2 from accounts with Two-Factor Authentication, a temporary account lock is possible. The user will be required to reset their iCloud password.