±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 33043
New Yesterday: 8 Visitors: 149

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Your opinion on Elcomsoft iOS Forensic Toolkit

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Your opinion on Elcomsoft iOS Forensic Toolkit

Post Posted: Thu Jul 13, 2017 1:02 pm

Has anyone tried or is currently using Elcomsoft iOS Forensic Toolkit ?

I would like some feedback on the product before we consider buying. Their products page is not crystal clear on what it can or (most importantly) can't do.

It says it can perform Physical Acquisition of 64-bits iDevices and decode downloaded emails and a bunch of other stuff. However it kinda seems too good to be true.

Does EIFT applies the jailbreak to the iDevice or do we have to apply it ourselves before using EIFT?

On that page www.forensicfocus.com/...sid=2710/, it states that "The 64-bit acquisition process can extract but cannot decrypt the keychain." Is it only the keychain that cannot be decrypted or is it the entire dump? How about emails?

We are currently using Cellebrite for iOS extractions. If EIFT does all it says, this could be a game changer for us, as it could allow us to retreive emails from newer devices.

PM  

ThePM
Senior Member
 
 
  

Re: Your opinion on Elcomsoft iOS Forensic Toolkit

Post Posted: Fri Jul 14, 2017 4:43 pm

PM,

I cannot speak to the phone tool's use for extracting iOS data, but I have been a long time customer of Elcomsoft's Phone Breaker Forensic (cloud collection) and Phone Viewer tools.

It appears that there is a never ending cat and mouse game going on between consumer device makers (Apple/Google/Sony/Microsoft/Etc.) and forensic software companies/organizations in terms of identifying and plugging security holes.

The reason I have remained a multi-year customer of Elcomsoft is that they continue to develop their tools to be able to collect iOS data irrespective of Apple's attempts to plug all security holes; this tells me that Elcomsoft has expert knowledge of the current state of iOS security and how to identify new iOS security holes and subsequent methods to reliably exploit them (in order for their software to work as advertised).

I would expect in the coming years Elcomsoft will combine their collection and review tools into one application, following in the footsteps of BlackBag's BlackLight (the first to combine mobile and workstation collection and analysis tools I believe) and Magnet Forensics (Axiom now integrates Magnet Acquire with Internet Evidence Finder and EnCase-type analysis tools).

I would predict other currently independent software players in the market to partner up with each other in order to create similarly competitive all in one tools.

The CEO of Elcomsoft is very responsive and I am sure would provide a test license for you. If you do test the phone imaging tool, please let us know your results.  

UnallocatedClusters
Senior Member
 
 
  

Re: Your opinion on Elcomsoft iOS Forensic Toolkit

Post Posted: Tue Nov 14, 2017 10:11 am

Well I don't have much experience with phones as I hate them in general, but I do have experience with Elcomsoft. I've been testing their tools for years. Mostly EDPR and EWSA (password recovery tools for WPA handshakes and other type of hashes), but i've also checked out iOS forensic toolkit and Phone Breaker.

I can't tell you much from head as it was 1-2 years ago, however I've made video tutorials on both.

iOS forensic toolkit
www.youtube.com/watch?v=gzgoX3tt1fc

phone breaker
www.youtube.com/watch?v=Fewq-qFMEu8

Hope those videos are helpful. They been updating the tools since I made those videos tho, but I don't know what's new, haven't checked back.

What I can tell you for sure, is that Elcomsoft tools are one of the best ones I've ever used. They make things very simple to use.

EDPR (Elcomsoft Distributed Password Recovery) is the best password "cracking" software i've ever come across with, i've tried lots ..and I mean LOTS of other softwares. I've tried things like Hashcat, pyrit, passwords pro ..etc ..etc, but EDPR takes the cake. It has support for CPU + GPU, very easy to setup and use.

Also they have great support, if you have any doubts, just contact them and ask. They will explain what it can and can't do, so you can make up your mind before purchasing.  

Sethioz
Newbie
 
 

Page 1 of 1