In recent weeks, Elcomsoft has released a large number of major updates to their entire range of mobile forensic tools. They enhanced physical acquisition of 64-bit iPhones, bypassing Secure Enclave protection to decrypt the keychain, and built a tool for viewing the TAR files you’d get as a result of physical acquisition. They can now download Messages from iCloud, and pull files from Google Drive (even without a password). They also added support for WhatsApp Business, the Android app for small business use.

iOS Forensic Toolkit 4.0

• Decrypts iOS keychain including items protected with ThisDeviceOnly attribute thanks to Secure Enclave bypass
• Drops support for legacy iOS devices, focusing on 64-bit hardware (iPhone 5s through iPhone X). Users who need support for older devices can request the legacy build (EIFT 3.0)
• Pulls crash logs, allowing to discover uninstalled apps that were previously used
• Streamlined user interface with clear distinction between physical acquisition (jailbreak) and logical acquisition (with or without a jailbreak)
• New iOS Forensic Toolkit 4.0 is immediately available in Mac edition, the updated Windows edition will be released promptly

Elcomsoft Phone Viewer 3.70

• Opens TAR files produced with iOS Forensic Toolkit
• Extracts location information from multiple sources (TAR, backups, EXIF) and builds a timeline

Elcomsoft Phone Breaker 8.30

• Pulls iMessages from iCloud (synced by iOS 10.4 and newer)
• Much faster extraction of massive amounts of files from iCloud Drive

Elcomsoft Cloud Explorer 2.10

• Passwordless authentication into Google Account using existing authentication tokens
• Extracts files from Google Drive (with passwordless authentication support)

Elcomsoft Explorer for WhatsApp 2.40

• Adds support for WhatsApp Business (physical and cloud extraction)