(LiveHacking.Com) – ElcomSoft has released a major update of its iOS Forensic Toolkit, an all-in-one toolkit for iOS acquisition on both Windows and Mac.
ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4.
According to the Elcomsoft blog, the decryption capability is unique and allows investigators to obtain a fully usable image of the device’s file system with the contents of each and every file decrypted and available for analysis.
New Features at a Glance:
- The ability to decrypt contents of the device keychain
- The ability to perform logical acquisition of the device
- Logging of all operations performed within Toolkit
- Support for iPhone 3G
- Support for iOS 3.x on compatible devices
- Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)
The new version of iOS Forensic Toolkit has the ability to extract and decrypt keychain data from iOS devices running iOS 3.x and 4.x. The keychain is a system-wide storage for users’ data to store sensitive information in protected mode.
Another new feature in this version is the audit trail capability. Unique log file will be created by the toolkit to keep the tracks of the activities and help the investigators for the integrity of their investigation.
More technical information is available at ElcomSoft Blog.