Why Mobile Forensic Specialists Need a Developer Account with Apple
In our recent article iPhone Acquisition Without a Jailbreak I mentioned that agent-based extraction requires the use of an Apple ID that has been registered in Apple’s Developer Program. Participation is not free and comes with a number of limitations. Why do you need to become a “developer”, what are the limitations, and is there a workaround? Read along to find out.
👉 https://blog.elcomsoft.com/2020/03/why-mobile-forensic-specialists-need-a-developer-account-with-apple/
by Oleg Afonin
#dfir #iOS13 #iphone #mobileforensics #iOS #keychain #jailbreak #EIFT #dataextraction #ElcomsoftAgent #apple
In our recent article iPhone Acquisition Without a Jailbreak I mentioned that agent-based extraction requires the use of an Apple ID that has been registered in Apple’s Developer Program. Participation is not free and comes with a number of limitations. Why do you need to become a “developer”, what are the limitations, and is there a workaround? Read along to find out.
👉 https://blog.elcomsoft.com/2020/03/why-mobile-forensic-specialists-need-a-developer-account-with-apple/
by Oleg Afonin
#dfir #iOS13 #iphone #mobileforensics #iOS #keychain #jailbreak #EIFT #dataextraction #ElcomsoftAgent #apple
iOS Forensic Toolkit 5.40: jailbreak-free extraction for iOS 11-13.3
Elcomsoft iOS Forensic Toolkit 5.40 offers direct, forensically sound extraction for Apple devices running all versions of iOS from iOS 11 through iOS 13.3. Agent-based acquisition provides full file system extraction and keychain decryption without a jailbreak and literally no footprint.
👉 https://www.elcomsoft.com/news/736.html
#dfir #iOS13 #iphone #mobileforensics #iOS #keychain #jailbreak #EIFT #dataextraction #ElcomsoftAgent #apple
Elcomsoft iOS Forensic Toolkit 5.40 offers direct, forensically sound extraction for Apple devices running all versions of iOS from iOS 11 through iOS 13.3. Agent-based acquisition provides full file system extraction and keychain decryption without a jailbreak and literally no footprint.
👉 https://www.elcomsoft.com/news/736.html
#dfir #iOS13 #iphone #mobileforensics #iOS #keychain #jailbreak #EIFT #dataextraction #ElcomsoftAgent #apple
iOS acquisition methods compared: logical, full file system and iCloud
The iPhone is one of the most popular smartphone device. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more or less efforts. Some of these acquisition methods are based on undocumented exploits and public jailbreaks, while some other methods utilize published APIs to access information. In this article, we’ll compare the types and amounts of data one can extract from the same 256-GB iPhone 11 Pro Max using three different acquisition methods: advanced logical, full file system and iCloud extraction.
👉 https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
by Vladimir Katalov
#iOS #security #iphone #macOS #macbook #applewatch #ipad #smartphone #icloud #keychain #dataextraction #dataaccess #apple
The iPhone is one of the most popular smartphone device. Thanks to its huge popularity, the iPhone gets a lot of attention from the forensic community. Multiple acquisition methods exist, allowing forensic users to obtain more or less information with more or less efforts. Some of these acquisition methods are based on undocumented exploits and public jailbreaks, while some other methods utilize published APIs to access information. In this article, we’ll compare the types and amounts of data one can extract from the same 256-GB iPhone 11 Pro Max using three different acquisition methods: advanced logical, full file system and iCloud extraction.
👉 https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
by Vladimir Katalov
#iOS #security #iphone #macOS #macbook #applewatch #ipad #smartphone #icloud #keychain #dataextraction #dataaccess #apple
Apple vs. Law Enforcement – iOS 4 through 13.5
Today’s smartphones are a forensic goldmine. Your smartphone learns and knows about your daily life more than everything and everyone else. It tracks your location and counts your footsteps, AI’s your pictures and takes care of your payments. With that much data concentrated in a single device, it is reasonable to expect the highest level of protection. In this article, we’ll review the timeline of Apple’s measures to protect their users’ data and the countermeasures used by the law enforcement. This time no cloud, just pure device forensics.
👉 https://blog.elcomsoft.com/2020/05/apple-vs-law-enforcement-ios-4-through-13-5/
#ios #iphone #apple #encryption #protection #itsecurity #cybersecurity #mobileforensics #dfir #mobilesecurity
Today’s smartphones are a forensic goldmine. Your smartphone learns and knows about your daily life more than everything and everyone else. It tracks your location and counts your footsteps, AI’s your pictures and takes care of your payments. With that much data concentrated in a single device, it is reasonable to expect the highest level of protection. In this article, we’ll review the timeline of Apple’s measures to protect their users’ data and the countermeasures used by the law enforcement. This time no cloud, just pure device forensics.
👉 https://blog.elcomsoft.com/2020/05/apple-vs-law-enforcement-ios-4-through-13-5/
#ios #iphone #apple #encryption #protection #itsecurity #cybersecurity #mobileforensics #dfir #mobilesecurity
Apple vs. Law Enforcement: poker face?
“We shouldn’t ask our customers to make a tradeoff between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.” Guess who said that? The answer is at the end of the article. In the meantime, we keep talking of iPhone and iOS security, following up the Apple vs. Law Enforcement – iOS 4 through 13.5 article. This time we are about to discuss some other aspects of iOS security.
The Exploits
I think you know about the renewed Apple Security Bounty program. Participants can earn up to $100,000 for a new lock screen bypass, and up to $250,000 for user data extraction.
👉 https://blog.elcomsoft.com/2020/05/apple-vs-law-enforcement-poker-face/
#mobileforensics #apple #lawenforcement #encryption #privacy #exploits #grayshift #cellebrite
“We shouldn’t ask our customers to make a tradeoff between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.” Guess who said that? The answer is at the end of the article. In the meantime, we keep talking of iPhone and iOS security, following up the Apple vs. Law Enforcement – iOS 4 through 13.5 article. This time we are about to discuss some other aspects of iOS security.
The Exploits
I think you know about the renewed Apple Security Bounty program. Participants can earn up to $100,000 for a new lock screen bypass, and up to $250,000 for user data extraction.
👉 https://blog.elcomsoft.com/2020/05/apple-vs-law-enforcement-poker-face/
#mobileforensics #apple #lawenforcement #encryption #privacy #exploits #grayshift #cellebrite
End-to-End Encryption in Apple iCloud, Google and Microsoft Accounts
The proliferation of always connected, increasingly smart devices had led to a dramatic increase in the amount of highly sensitive information stored in manufacturers’ cloud accounts. Apple, Google, and Microsoft are the three major cloud providers who also develop their own hardware and OS ecosystems. In this report, we’ll see how these companies protect their users’ highly sensitive information compared to each other.
👉 https://blog.elcomsoft.com/2021/01/end-to-end-encryption-in-apple-icloud-google-and-microsoft-accounts/
#e2ee #icloud #google #microsoftaccount #apple #cloudsecurity #datasecurity
The proliferation of always connected, increasingly smart devices had led to a dramatic increase in the amount of highly sensitive information stored in manufacturers’ cloud accounts. Apple, Google, and Microsoft are the three major cloud providers who also develop their own hardware and OS ecosystems. In this report, we’ll see how these companies protect their users’ highly sensitive information compared to each other.
👉 https://blog.elcomsoft.com/2021/01/end-to-end-encryption-in-apple-icloud-google-and-microsoft-accounts/
#e2ee #icloud #google #microsoftaccount #apple #cloudsecurity #datasecurity
How to Put an iOS Device with Broken Buttons in DFU Mode
Switching the iPhone into DFU mode is frequently required during the investigation, especially for older devices that are susceptible to checkm8 exploit. For newer devices that are locked with an unknown passcode or disabled one can still learn something about the device through DFU (in particular, the bootloader version, which points to the version of iOS installed on the device). However, switching to DFU requires a sequence of key presses on the device with precise timings. If the device is damaged and one or more keys are not working correctly, entering DFU may be difficult or impossible. In this guide, we offer an alternative.
👉 https://blog.elcomsoft.com/2021/09/how-to-put-an-ios-device-with-broken-buttons-in-dfu-mode/
#apple #dfir #iphone
Switching the iPhone into DFU mode is frequently required during the investigation, especially for older devices that are susceptible to checkm8 exploit. For newer devices that are locked with an unknown passcode or disabled one can still learn something about the device through DFU (in particular, the bootloader version, which points to the version of iOS installed on the device). However, switching to DFU requires a sequence of key presses on the device with precise timings. If the device is damaged and one or more keys are not working correctly, entering DFU may be difficult or impossible. In this guide, we offer an alternative.
👉 https://blog.elcomsoft.com/2021/09/how-to-put-an-ios-device-with-broken-buttons-in-dfu-mode/
#apple #dfir #iphone
checkm8 Extraction: the iPads, iPods, and TVs
The ninth beta of iOS Forensic Toolkit 8.0 for Mac introduces forensically sound, checkm8-based extraction of sixteen iPad, iPod Touch and Apple TV models. The low-level extraction solution is now available for all iPad and all iPod Touch models susceptible to the checkm8 exploit.
checkm8 is applicable to all devices with bootloader vulnerability, yet there are technical differences when it comes to implementing the exploit on the various devices. In this update we are targeting non-iPhone devices, spending efforts to support the many iPads equipped with the corresponding SoCs. While other vendors have been offering their own implementations of checkm8 extraction for quite a while, we found their solutions to lack in device/iOS version coverage and miss the “forensically sound” mark.
👉 https://blog.elcomsoft.com/2022/06/checkm8-extraction-the-ipads-ipods-and-tvs/
#ipad #ios #apple #dfir #eift #checkm8 #mobileforensics
The ninth beta of iOS Forensic Toolkit 8.0 for Mac introduces forensically sound, checkm8-based extraction of sixteen iPad, iPod Touch and Apple TV models. The low-level extraction solution is now available for all iPad and all iPod Touch models susceptible to the checkm8 exploit.
checkm8 is applicable to all devices with bootloader vulnerability, yet there are technical differences when it comes to implementing the exploit on the various devices. In this update we are targeting non-iPhone devices, spending efforts to support the many iPads equipped with the corresponding SoCs. While other vendors have been offering their own implementations of checkm8 extraction for quite a while, we found their solutions to lack in device/iOS version coverage and miss the “forensically sound” mark.
👉 https://blog.elcomsoft.com/2022/06/checkm8-extraction-the-ipads-ipods-and-tvs/
#ipad #ios #apple #dfir #eift #checkm8 #mobileforensics
Elcomsoft iOS Forensic Toolkit 7.50 closes the gap in keychain extraction
Elcomsoft iOS Forensic Toolkit 7.50 extends agent-based keychain extraction support all the way up to iOS 15.1.1 on all supported devices. The new release fills the remaining gaps in iOS 14 support, adding agent-based keychain extraction for iOS 14.5 – 14.8.1 and iOS 15.0 – 15.1.1 devices.
👉 https://www.elcomsoft.com/news/816.html
#ios #apple #iphone #agent #mobileforensics #dfir
Elcomsoft iOS Forensic Toolkit 7.50 extends agent-based keychain extraction support all the way up to iOS 15.1.1 on all supported devices. The new release fills the remaining gaps in iOS 14 support, adding agent-based keychain extraction for iOS 14.5 – 14.8.1 and iOS 15.0 – 15.1.1 devices.
👉 https://www.elcomsoft.com/news/816.html
#ios #apple #iphone #agent #mobileforensics #dfir
Keychain: the Gold Mine of Apple Mobile Devices
Keychain is an essential part of iOS and macOS that securely stores the most critical data: passwords of all kinds, encryption keys, certificates, credit card numbers, and more. Extracting and decrypting the keychain, when possible, is a must in mobile forensics. We seriously improved this part in the latest build of iOS Forensic Toolkit.
👉 https://blog.elcomsoft.com/2022/07/keychain-the-gold-mine-of-apple-mobile-devices/
#ios #apple #dfir #mobileforensics #keychain #agent
Keychain is an essential part of iOS and macOS that securely stores the most critical data: passwords of all kinds, encryption keys, certificates, credit card numbers, and more. Extracting and decrypting the keychain, when possible, is a must in mobile forensics. We seriously improved this part in the latest build of iOS Forensic Toolkit.
👉 https://blog.elcomsoft.com/2022/07/keychain-the-gold-mine-of-apple-mobile-devices/
#ios #apple #dfir #mobileforensics #keychain #agent
Low-Level Extraction of iOS 15.2-15.3.1
iOS Forensic Toolkit 7.60 brings gapless low-level extraction support for several iOS versions from iOS 15.2 up to and including iOS 15.3.1, adding full file system extraction support for Apple devices based on Apple A11-A15 and M1 chips.
Read more in our blog 👉 https://blog.elcomsoft.com/2022/08/low-level-extraction-of-ios-15-2-15-3-1/
#eift #ios #apple #dfir #mobileforensics
iOS Forensic Toolkit 7.60 brings gapless low-level extraction support for several iOS versions from iOS 15.2 up to and including iOS 15.3.1, adding full file system extraction support for Apple devices based on Apple A11-A15 and M1 chips.
Read more in our blog 👉 https://blog.elcomsoft.com/2022/08/low-level-extraction-of-ios-15-2-15-3-1/
#eift #ios #apple #dfir #mobileforensics
Elcomsoft iOS Forensic Toolkit 8.0 brings forensically sound bootloader-based extraction for select iPhone & iPad models
Elcomsoft iOS Forensic Toolkit 8.0 is a major release bringing support for repeatable, verifiable, and truly forensically sound bootloader-level extraction of 76 Apple devices ranging from the ancient iPhone 4 all the way up to the iPhone X, a large number of iPad, iPod Touch, Apple Watch, and Apple TV models, and featuring a refreshed, command-line driven user interface.
👉 https://www.elcomsoft.com/news/822.html
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16
Elcomsoft iOS Forensic Toolkit 8.0 is a major release bringing support for repeatable, verifiable, and truly forensically sound bootloader-level extraction of 76 Apple devices ranging from the ancient iPhone 4 all the way up to the iPhone X, a large number of iPad, iPod Touch, Apple Watch, and Apple TV models, and featuring a refreshed, command-line driven user interface.
👉 https://www.elcomsoft.com/news/822.html
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16
iOS 16: Extracting the File System and Keychain from A11 Devices
Bootloader-based acquisition is the only 100% forensically sound data extraction method for Apple devices. It is the only way to acquire the full set of data from those devices that run iOS 16, albeit with a huge caveat that makes the whole thing more of a brain exercise than a practical forensic tool. Let’s review the iOS 16 compatibility in iOS Forensic Toolkit and go through the whole process step by step.
👉 https://blog.elcomsoft.com/2022/09/ios-16-extracting-the-file-system-and-keychain-from-a11-devices/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #keychain
Bootloader-based acquisition is the only 100% forensically sound data extraction method for Apple devices. It is the only way to acquire the full set of data from those devices that run iOS 16, albeit with a huge caveat that makes the whole thing more of a brain exercise than a practical forensic tool. Let’s review the iOS 16 compatibility in iOS Forensic Toolkit and go through the whole process step by step.
👉 https://blog.elcomsoft.com/2022/09/ios-16-extracting-the-file-system-and-keychain-from-a11-devices/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #keychain
iOS Forensic Toolkit 8.0 Now Official: Bootloader-Level Extraction for 76 Devices
iOS Forensic Toolkit 8.0 is officially released! Delivering forensically sound checkm8 extraction and a new command-line driven user experience, the new release becomes the most sophisticated mobile forensic tool we’ve released to date.
👉🏻 https://blog.elcomsoft.com/2022/09/ios-forensic-toolkit-8-0-now-official-bootloader-level-extraction-for-76-devices/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #keychain
iOS Forensic Toolkit 8.0 is officially released! Delivering forensically sound checkm8 extraction and a new command-line driven user experience, the new release becomes the most sophisticated mobile forensic tool we’ve released to date.
👉🏻 https://blog.elcomsoft.com/2022/09/ios-forensic-toolkit-8-0-now-official-bootloader-level-extraction-for-76-devices/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #keychain
iOS 16: SEP Hardening, New Security Measures and Their Forensic Implications
iOS 16 brings many changes to mobile forensics. Users receive additional tools to control the sharing and protection of their personal information, while forensic experts will face tighter security measures. In this review, we’ll talk about the things in iOS 16 that are likely to affect the forensic workflow.
👉🏻 https://blog.elcomsoft.com/2022/09/ios-16-sep-hardening-new-security-measures-and-their-forensic-implications/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #checkm8
iOS 16 brings many changes to mobile forensics. Users receive additional tools to control the sharing and protection of their personal information, while forensic experts will face tighter security measures. In this review, we’ll talk about the things in iOS 16 that are likely to affect the forensic workflow.
👉🏻 https://blog.elcomsoft.com/2022/09/ios-16-sep-hardening-new-security-measures-and-their-forensic-implications/
#eift8 #toolkit #apple #iphone #mobileforensic #dfir #ios16 #checkm8
Forensically Sound checkm8 Extraction: Repeatable, Verifiable and Safe
What does “forensically sound extraction” mean? The classic definition of forensically sound extraction means both repeatable and verifiable results. However, there is more to it. We believe that forensically sound extractions should not only be verifiable and repeatable, but verifiable in a safe, error-proof manner, so we tweaked our product to deliver just that.
🧑💻 https://blog.elcomsoft.com/2023/02/forensically-sound-checkm8-extraction-repeatable-verifiable-and-safe/
#Apple #checkm8 #iOS #EIFT #dfir #mobileforensics
What does “forensically sound extraction” mean? The classic definition of forensically sound extraction means both repeatable and verifiable results. However, there is more to it. We believe that forensically sound extractions should not only be verifiable and repeatable, but verifiable in a safe, error-proof manner, so we tweaked our product to deliver just that.
#Apple #checkm8 #iOS #EIFT #dfir #mobileforensics
Please open Telegram to view this post
VIEW IN TELEGRAM
Right Method, Wrong Order
In today’s digital age, extracting data from mobile devices is an essential aspect of forensic investigations. However, it must be done carefully and correctly to ensure the highest possible level of accuracy and reliability. To accomplish this, the appropriate extraction methods should be used in the right order, considering all available options for a given device running a specific version of the operating system. So what is the best order of extraction methods when acquiring an iPhone? Read along to find out.
🧑💻 https://blog.elcomsoft.com/2023/02/right-method-wrong-order/
#apple #ios #checkm8 #EIFT #EPB #EPV #mobileforensics #dfir
In today’s digital age, extracting data from mobile devices is an essential aspect of forensic investigations. However, it must be done carefully and correctly to ensure the highest possible level of accuracy and reliability. To accomplish this, the appropriate extraction methods should be used in the right order, considering all available options for a given device running a specific version of the operating system. So what is the best order of extraction methods when acquiring an iPhone? Read along to find out.
#apple #ios #checkm8 #EIFT #EPB #EPV #mobileforensics #dfir
Please open Telegram to view this post
VIEW IN TELEGRAM
Elcomsoft iOS Forensic Toolkit 8.50 expands capabilities for Linux users and legacy devices
Elcomsoft iOS Forensic Toolkit 8.50 is now available for Linux users in the all-new Linux edition. This new update implements logical acquisition, as well as agent-based and bootloader-based low-level extraction methods in a single tool for common Linux distros. In addition, the update brings low-level extraction for Apple Watch S0, S1, and S2 and improves bootloader level extractions for all supported devices.
👉🏻 https://www.elcomsoft.com/news/846.html
#linux #applewatch #apple #EIFT #dfir
Elcomsoft iOS Forensic Toolkit 8.50 is now available for Linux users in the all-new Linux edition. This new update implements logical acquisition, as well as agent-based and bootloader-based low-level extraction methods in a single tool for common Linux distros. In addition, the update brings low-level extraction for Apple Watch S0, S1, and S2 and improves bootloader level extractions for all supported devices.
👉🏻 https://www.elcomsoft.com/news/846.html
#linux #applewatch #apple #EIFT #dfir
Forensic Insights into Apple Watch Data Extraction
The latest update to the iOS Forensic Toolkit has expanded data extraction support for older models of Apple Watch, introducing low-level extraction capabilities for Apple Watch Series 0, Series 1, and Series 2. In a landscape where new devices are released on a yearly schedule, we stand committed to a balanced approach. While it’s easy for many to dismiss older devices, we recognize their significance as they frequently reappear in the labs of forensic experts. It is important to emphasize that, unlike many, we cater to the needs of experts who have to deal with legacy devices. This enhancement enables macOS and Linux users to delve deeper into these watches, retrieving crucial information such as passwords and complete file systems.
👉🏻 https://blog.elcomsoft.com/2023/11/forensic-insights-into-apple-watch-data-extraction/
#applewatch #apple #EIFT #watchOS #dfir
The latest update to the iOS Forensic Toolkit has expanded data extraction support for older models of Apple Watch, introducing low-level extraction capabilities for Apple Watch Series 0, Series 1, and Series 2. In a landscape where new devices are released on a yearly schedule, we stand committed to a balanced approach. While it’s easy for many to dismiss older devices, we recognize their significance as they frequently reappear in the labs of forensic experts. It is important to emphasize that, unlike many, we cater to the needs of experts who have to deal with legacy devices. This enhancement enables macOS and Linux users to delve deeper into these watches, retrieving crucial information such as passwords and complete file systems.
👉🏻 https://blog.elcomsoft.com/2023/11/forensic-insights-into-apple-watch-data-extraction/
#applewatch #apple #EIFT #watchOS #dfir
Changes to U.S. iOS App Store Policies Allow External Purchase Links
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple will continue to collect a commission ranging from 12 to 27 percent on content purchased through this avenue, providing only a 3 percentage points commission cut compared to purchases made through the official Apple App Store.
👉🏻 https://blog.elcomsoft.com/2024/01/changes-to-u-s-ios-app-store-policies-allow-external-purchase-links/
#AppStore #Apple #news #iOS
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple will continue to collect a commission ranging from 12 to 27 percent on content purchased through this avenue, providing only a 3 percentage points commission cut compared to purchases made through the official Apple App Store.
👉🏻 https://blog.elcomsoft.com/2024/01/changes-to-u-s-ios-app-store-policies-allow-external-purchase-links/
#AppStore #Apple #news #iOS