Logical Acquisition of Mobile Devices
Elcomsoft Phone Breaker enables forensic access to information stored in a wide range of mobile devices. The tool delivers logical acquisition for Apple iOS devices, BlackBerry OS and BlackBerry 10 smartphones, as well as devices powered by Windows 10, Windows Phone and Windows 10 Mobile operating systems. Acquisition of local and cloud backups as well as cloud extraction of synchronized data are available.
Decrypting iOS Backups
Decrypt password-protected local backups produced by Apple iPhone, iPad and iPod Touch devices. Hardware-accelerated attacks make use of existing AMD and NVIDIA video cards to speed up the recovery.
Cloud Acquisition via Apple iCloud and Microsoft Account
Cloud acquisition is a highly effective way of retrieving up-to-date information backed up or synced by modern smartphones with their respective cloud services. Elcomsoft Phone Breaker supports the extraction of cloud backups and synced data from Apple iCloud and Microsoft Account, enabling remote acquisition of iPhone and iPad devices as well as smartphones running Windows Phone and Windows 10 Mobile.
Online backups can be acquired by forensic specialists without having the original iOS or Windows Phone device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Live ID accompanied with the corresponding password.
Accessing iCloud without Login and Password
If the user’s Apple ID and password are not available, Elcomsoft Phone Breaker can use a binary authentication token created by Apple iCloud Control Panel in order to login to iCloud and retrieve information. The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.
Acquiring iCloud Keychain
Elcomsoft Phone Breaker is the only tool on the market to access, extract and decrypt iCloud Keychain, Apple's cloud-based system for storing and syncing passwords, credit card data and other highly sensitive information across devices. As opposed to authorizing a new Apple device, Elcomsoft Phone Breaker does
not become part of the circle of trust and does not require a middleware device, thus offering truly forensic extraction of protected records.
Downloading iMessages from iCloud
iOS 11.4 adds long-awaited support for iMessages sync through iCloud. Elcomsoft Phone Breaker 8.30 becomes the first tool on the market that can extract and decrypt iMessages from iCloud. To access iMessages, the login and password to the user's Apple Account, one-time code to pass Two-Factor Authentication and a screen lock password or system password for one of the already enrolled devices is required.
FileVault 2 Decrypting
Elcomsoft Phone Breaker can extract escrow decryption keys from the user’s Apple account, and make use of those keys to decrypt macOS FileVault 2 volumes even if user account password is not known.