Elcomsoft Extracts iPhone Calls, Contacts, Calendars and Web Browsing Activities

ElcomSoft Co. Ltd. updates Elcomsoft Phone Breaker, the company’s mobile acquisition tool. Version 6.30 gains the ability to extract information about the user’s recent Web browsing activities, notes and calendars from the cloud. In contrast with cloud backups, this information along with call logs and contacts is available with little or no delay, enabling near real-time access to essential user activity data. This can be essential for the law enforcement and forensic experts who may need urgent access to the most recent data that has not become part of a cloud backup.

This is not backups”, says Vladimir Katalov, ElcomSoft CEO. “Cloud backups are daily at best. We offer access to information such as Web browsing just minutes after the activity occurs.

Information such as call logs, contacts, notes, calendars as well as Web browsing activities including Safari history and open tabs can be synced with Apple servers. Unlike iCloud backups that may or may not be created on daily basis, synced information is pushed to Apple servers just minutes after the corresponding activity has taken place. Once uploaded, synced data can be retained for months with is no option for the end user to clear the data or disable the syncing.

Elcomsoft Phone Viewer is also updated to support viewing additional information extracted from Apple cloud servers. Synced call logs and contacts can be viewed right next to call logs and contacts extracted from system backups.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

A month ago, Elcomsoft Phone Breaker 6.20 was released, offering the ability to download iPhone call logs and contacts that were synced with iCloud. Version 6.30 extends the ability to extract synced data from Apple cloud servers, adding the ability to obtain notes, calendars and Web browsing activities. In particular, the new release downloads Safari currently open tabs and browsing history just minutes after the user visits a Web site.

The user’s Apple ID and password or iCloud authentication token are required to extract data from the cloud. By using authentication tokens, forensic specialists can bypass two-factor authentication checks.

Information Synced with iCloud

Certain types of data are synced across iOS devices using Apple’s servers. As an example, iPhones send information about phone and FaceTime calls to the cloud just minutes after the call arrives. Notes, calendars and contacts are constantly synced as well. One of the most interesting parts in this cloud sync is browsing history. iOS devices automatically sync Safari browsing activities with the cloud, saving information about open tabs and general browsing history. Unlike iCloud backups, these types of data are pushed to iCloud on a regular basis throughout the day, often just minutes after the user clicks on a Web link.

Information is uploaded to Apple servers automatically if iCloud Drive is enabled on a given iPhone. Since iOS delivers a number of services via iCloud Drive, disabling it would greatly affect its usability.

About Elcomsoft Phone Breaker

Elcomsoft Phone Breaker is an all-in-one mobile acquisition tool to extract information from a wide range of sources. Supporting offline and cloud backups created by Apple, BlackBerry and Windows mobile devices, the tool can extract and decrypt user data including cached passwords and synced authentication credentials to a wide range of resources from local backups. Cloud extraction with or without a password makes it possible to decrypt FileVault 2 containers without lengthy attacks and pull communication histories and retrieve photos that’ve been deleted by the user a long time ago.

Pricing and Availability

Elcomsoft Phone Breaker 6.30 is available immediately for both Windows and Mac OS X. Home, Professional and Forensic editions are available. iCloud recovery is only available in Professional and Forensic editions, while password-free iCloud access as well as the ability to download arbitrary information from iCloud and iCloud Drive are only available in the Forensic edition. Elcomsoft Phone Breaker Pro is available to North American customers for $199. The Forensic edition enabling over-the-air acquisition of iCloud data and support for binary authentication tokens is available for $799. The Home edition is available for $79. Local pricing may vary.

System Requirements

Elcomsoft Phone Breaker 6.30 supports Windows Vista, Windows 7, 8, 8.1, and Windows 10 as well as Windows 2003, 2008 and 2012 Server. The Mac version supports Mac OS X 10.7 and newer. Elcomsoft Phone Breaker operates without Apple iTunes or BlackBerry Link being installed.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co. Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft is a Microsoft Partner (Gold Application Development), Intel Premier Elite Partner and member of NVIDIA’s CUDA/GPU Computing Registered Developer Program.

For more information visit https://www.elcomsoft.com/eppb.html

Leave a Comment

Latest Articles