Forensic analysis of Apple devices

The newest jailbreak-free low-level access to data offers forensically sound extraction (full file system and keychain) for Apple devices running all supported versions of iOS. This unique agent-based acquisition provides full file system extraction and keychain decryption without a jailbreak and literally no footprint. The complete forensic acquisition using jailbreak is also available. As a result, complete system data can be obtained, including detailed geolocation history, system and app usage data, 3rd party application data (including all secure messengers) and more

Extended logical acquisition

Simple, fast, safe and 100% compatible data acquisition that produces not just standard iTunes-style backups of information stored in the device, but also pulls media and shared files, and extracts system crash and diagnostics logs, allowing to build the timelime of device and app usage. Limited support for locked devices is available, if a trusted PC or Mac is accessible.

Keychain access

Extracting keychain items including those protected with ThisDeviceOnly attribute, opening investigators access to highly sensitive data such as login/password information to Web sites and other resources (and, in many cases, to Apple ID), as well as all the encryption keys, certificates, MFA tokens, and sometimes iCloud credentials allowing to perform further cloud acquisition.

Passcode recovery and physical acquisition

Unlocking encrypted legacy devices (iPhone 4, 4s, 5, 5c) protected with an unknown screen lock passcode, and performing full physical acquisition (forensically sound) of the device file system and keychain, even when the device is disabled.

Obtain iCloud backups, download photos and synced data, access iCloud passwords

Try the most comprehensive iCloud data acquisition on the market enabling forensic access to evidence stored in the cloud with and without the Apple ID password. Access cloud backups, call logs, messages, passwords (iCloud Keychain), contacts, iCloud Photo Library, iCloud files, Apple Health and Screen time, geolocation data and a lot more, including “end to end encrypted” data. In some cases, iCloud access is possible even without credentials but using just authentication tokens extracted from the trusted computer.

Break passwords to iOS system backups

Brute-force passwords protecting encrypted iOS backups with a high-end tool. GPU acceleration using AMD or NVIDIA boards helps achieve unprecedented performance, while access to users’ stored passwords enables targeted attacks with custom dictionaries.

Data acquisition from Microsoft accounts

Extract Edge browsing, search and location history, contacts and notes, Skype Conversations, Messages, Files and Metadata, files stored on Microsoft OneDrive (in many cases, including deleted ones) and application history (timeline).

Full over-the-air acquisition of Google Accounts

Google collects massive amounts of information from registered customers. The Premium bundle includes the powerful and lightweight forensic tool to extract information from the many available sources, parse and assemble the data to present information in human-readable form. Extract and analyze user’s detailed location history, search queries, Chrome passwords and browsing history, Gmail messages, contacts, photos, and a lot more.

Support for popular instant messengers: WhatsApp, Skype, Signal etc.

Extract, decrypt and view WhatsApp, Skype and Signal communication histories from a wide range of devices and cloud services. Instantly retrieve the login and password information protecting user accounts in more than 70 instant messengers for desktop.