Elcomsoft have upadated thier mobile forensic branch by adding the ability to simultaneously install all instruments included into Elcomsoft Mobile Forensic Bundle for Windows.
The complete mobile forensic kit enables law enforcement, corporate and government customers to acquire and analyze the content of a wide range of mobile devices and cloud services. The kit allows experts to perform physical, logical and over-the-air acquisition of smartphones and tablets, break mobile backup passwords and decrypt encrypted backups, view and analyze acquired evidence
Elcomsoft Mobile Forensic Bundle includes a number of tools to acquire and analyze evidence from a number of mobile platforms:
- Extended logical acquisition of iOS devices (all models and iOS versions)
- Passcode unlock and physical acquisition of legacy iOS devices
- Unique forensically sound file system and keychain acquisition without a jailbreak
- Break passwords to iOS system backups
- Obtain iCloud backups, download photos and synced data, access iCloud passwords
- Extracting the data from Google accounts
- Windows Phone and Windows 10 Mobile support
- Windows and macOS editions
- View and analyze evidence using lightweight tool (with an ability to export the data)
Forensic analysis of Apple devices
The newest jailbreak-free low-level access to data offers forensically sound extraction (full file system and keychain) for Apple devices running all supported versions of iOS. This unique agent-based acquisition provides full file system extraction and keychain decryption without a jailbreak and literally no footprint. The complete forensic acquisition using jailbreak is also available. As a result, complete system data can be obtained, including detailed geolocation history, system and app usage data, 3rd party application data (including all secure messengers) and more
Extended logical acquisition
Simple, fast, safe and 100% compatible data acquisition that produces not just standard iTunes-style backups of information stored in the device, but also pulls media and shared files, and extracts system crash and diagnostics logs, allowing to build the timelime of device and app usage. Limited support for locked devices is available, if a trusted PC or Mac is accessible.
Extracting keychain items including those protected with ThisDeviceOnly attribute, opening investigators access to highly sensitive data such as login/password information to Web sites and other resources (and, in many cases, to Apple ID), as well as all the encryption keys, certificates, MFA tokens, and sometimes iCloud credentials allowing to perform further cloud acquisition.
Passcode recovery and physical acquisition
Unlocking encrypted legacy devices (iPhone 4, 4s, 5, 5c) protected with an unknown screen lock passcode, and performing full physical acquisition (forensically sound) of the device file system and keychain, even when the device is disabled.
Obtain iCloud backups, download photos and synced data, access iCloud passwords
Try the most comprehensive iCloud data acquisition on the market enabling forensic access to evidence stored in the cloud with and without the Apple ID password. Access cloud backups, call logs, messages, passwords (iCloud Keychain), contacts, iCloud Photo Library, iCloud files, Apple Health and Screen time, geolocation data and a lot more, including “end to end encrypted” data. In some cases, iCloud access is possible even without credentials but using just authentication tokens extracted from the trusted computer.
Break passwords to iOS system backups
Brute-force passwords protecting encrypted iOS backups with a high-end tool. GPU acceleration using AMD or NVIDIA boards helps achieve unprecedented performance, while access to users’ stored passwords enables targeted attacks with custom dictionaries.
Data acquisition from Microsoft accounts
Extract Edge browsing, search and location history, contacts and notes, Skype Conversations, Messages, Files and Metadata, files stored on Microsoft OneDrive (in many cases, including deleted ones) and application history (timeline).
Full over-the-air acquisition of Google Accounts
Google collects massive amounts of information from registered customers. The Premium bundle includes the powerful and lightweight forensic tool to extract information from the many available sources, parse and assemble the data to present information in human-readable form. Extract and analyze user’s detailed location history, search queries, Chrome passwords and browsing history, Gmail messages, contacts, photos, and a lot more.
Support for popular instant messengers: WhatsApp, Skype, Signal etc.
Extract, decrypt and view WhatsApp, Skype and Signal communication histories from a wide range of devices and cloud services. Instantly retrieve the login and password information protecting user accounts in more than 70 instant messengers for desktop.