Your opinion on Elcomsoft iOS Forensic Toolkit
Has anyone tried or is currently using Elcomsoft iOS Forensic Toolkit ?
I would like some feedback on the product before we consider buying. Their products page is not crystal clear on what it can or (most importantly) can't do.
It says it can perform Physical Acquisition of 64-bits iDevices and decode downloaded emails and a bunch of other stuff. However it kinda seems too good to be true.
Does EIFT applies the jailbreak to the iDevice or do we have to apply it ourselves before using EIFT?
On that page http//www.forensicfocus.com/News/article/sid=2710/, it states that "The 64-bit acquisition process can extract but cannot decrypt the keychain." Is it only the keychain that cannot be decrypted or is it the entire dump? How about emails?
We are currently using Cellebrite for iOS extractions. If EIFT does all it says, this could be a game changer for us, as it could allow us to retreive emails from newer devices.
I cannot speak to the phone tool's use for extracting iOS data, but I have been a long time customer of Elcomsoft's Phone Breaker Forensic (cloud collection) and Phone Viewer tools.
It appears that there is a never ending cat and mouse game going on between consumer device makers (Apple/Google/Sony/Microsoft/Etc.) and forensic software companies/organizations in terms of identifying and plugging security holes.
The reason I have remained a multi-year customer of Elcomsoft is that they continue to develop their tools to be able to collect iOS data irrespective of Apple's attempts to plug all security holes; this tells me that Elcomsoft has expert knowledge of the current state of iOS security and how to identify new iOS security holes and subsequent methods to reliably exploit them (in order for their software to work as advertised).
I would expect in the coming years Elcomsoft will combine their collection and review tools into one application, following in the footsteps of BlackBag's BlackLight (the first to combine mobile and workstation collection and analysis tools I believe) and Magnet Forensics (Axiom now integrates Magnet Acquire with Internet Evidence Finder and EnCase-type analysis tools).
I would predict other currently independent software players in the market to partner up with each other in order to create similarly competitive all in one tools.
The CEO of Elcomsoft is very responsive and I am sure would provide a test license for you. If you do test the phone imaging tool, please let us know your results.
Well I don't have much experience with phones as I hate them in general, but I do have experience with Elcomsoft. I've been testing their tools for years. Mostly EDPR and EWSA (password recovery tools for WPA handshakes and other type of hashes), but i've also checked out iOS forensic toolkit and Phone Breaker.
I can't tell you much from head as it was 1-2 years ago, however I've made video tutorials on both.
iOS forensic toolkit
Hope those videos are helpful. They been updating the tools since I made those videos tho, but I don't know what's new, haven't checked back.
What I can tell you for sure, is that Elcomsoft tools are one of the best ones I've ever used. They make things very simple to use.
EDPR (Elcomsoft Distributed Password Recovery) is the best password "cracking" software i've ever come across with, i've tried lots ..and I mean LOTS of other softwares. I've tried things like Hashcat, pyrit, passwords pro ..etc ..etc, but EDPR takes the cake. It has support for CPU + GPU, very easy to setup and use.
Also they have great support, if you have any doubts, just contact them and ask. They will explain what it can and can't do, so you can make up your mind before purchasing.