|
ElcomSoft iOS Forensic Toolkit可执行iPhone,iPad和iPod Touch设备的物理和逻辑采集。图像设备文件系统,提取设备机密(密码,加密密钥和受保护的数据)并解密文件系统映像,支持32位和64位iOS设备的物理采集,支持带锁定支持和钥匙串提取的逻辑采集,即使设置了备份密码,也可快速提取媒体文件和共享文件. 文件大小:118.25 MB 执行iPhone, iPad和iPod Touch设备的物理和逻辑获取。图像设备文件系统,提取设备机密(密码、加密密钥和受保护的数据),并解密文件系统图像。 -物理获取64位iOS设备通过越狱 -逻辑获取提取备份,崩溃日志,媒体和共享文件 -通过配对记录解锁iOS设备(锁定文件) -提取和解密受保护的密钥链项目 -实时文件系统获取 -自动禁用屏幕锁定平滑,不间断获取 增强了对运行苹果iOS的iPhone/iPad/iPod设备的取证访问 对存储在iPhone/iPad/iPod设备中的用户数据进行完整的取证。Elcomsoft iOS Forensic Toolkit允许图像设备的文件系统,提取设备秘密(密码、密码和加密密钥)并解密文件系统图像。对大多数信息的访问是即时提供的。请注意,有些型号需要越狱。有关详细信息,请参阅兼容设备和平台。 iOS设备的物理获取 物理获取是提取完整的应用程序数据、受保护的密钥链项、下载的消息和位置历史的唯一获取方法。与逻辑获取相比,物理获取返回更多的信息,这是由于对数据的直接低级访问。Elcomsoft iOS Forensic Toolkit支持运行iOS 7至12大部分版本的越狱64位设备(iPhone 5s及更新)。 逻辑获取与钥匙链提取 iOS Forensic Toolkit支持逻辑获取,与物理获取相比,逻辑获取更简单、更安全。逻辑获取产生存储在设备中的信息的标准itunes样式的备份。虽然逻辑获取比物理获取返回的信息少,但是专家建议在尝试更有侵略性的获取技术之前,先创建设备的逻辑备份。 逻辑获取与iOS法医工具包是唯一的获取方法,允许访问加密密钥链项目。逻辑获取应与物理获取结合使用,以提取所有可能类型的证据。 媒体和共享文件提取 iOS Forensic Toolkit提供了快速提取媒体文件的能力,如相机卷、书籍、录音和iTunes媒体库。与创建本地备份不同(创建本地备份可能需要很长时间),媒体提取可以在所有支持的设备上快速、轻松地工作。通过使用配对记录(锁定文件)可以从锁定设备中提取。 除了媒体文件,iOS Forensic Toolkit还可以提取多个应用程序存储的文件,无需越狱即可从32位和64位设备中提取关键证据。虽然不越狱获取应用程序数据是有限制的,但这项新技术允许提取Adobe Reader和Microsoft Office本地存储的文档、MiniKeePass密码数据库等等。提取需要一个未解锁的设备或一个未过期的锁定记录。如果使用了锁定记录,一些文件可能无法访问,除非锁屏密码被删除。 执行iPhone, iPad和iPod Touch设备的物理和逻辑获取。图像设备文件系统,提取设备机密(密码、加密密钥和受保护的数据),并解密文件系统图像。 所有功能和优点 - 32位和64位iOS设备的物理获取 -逻辑获取与锁定支持和钥匙链提取 -访问更多的信息,比可用的iPhone备份 ——钥匙链复苏 ——密码恢复 发布说明 兼容设备和平台: -具有越狱功能的64位iOS设备:物理获取(文件系统提取、密钥链解密) - Apple TV 4(有线连接)和Apple TV 4K(通过Xcode无线连接,仅限Mac) -苹果手表(所有代);需要第三方IBUS适配器 -没有越狱:高级逻辑获取只有 逻辑收购包括: -关于设备的扩展信息 - itunes格式备份(包括许多密钥链项) -已安装的应用程序列表 -媒体档案(即使备份有密码保护) -共享档案(即使备份有密码保护) 系统需求: - Windows Server 2016 - Windows Server 2012 - windows7(32位) - Windows 7(64位) ——Windows 8 ——Windows 8.1 - Windows 10
Languages: English | File Size: 118.25 MB
Perform physical and logical acquisition of iPhone, iPad and iPod Touch devices. Image device file system, extract device secrets (passwords, encryption keys and protected data) and decrypt the file system image.
- Physical acquisition for 64-bit iOS devices via jailbreak
- Logical acquisition extracts backups, crash logs, media and shared files
- Unlocks iOS devices with pairing records (lockdown files)
- Extracts and decrypts protected keychain items
- Real-time file system acquisition
- Automatically disables screen lock for smooth, uninterrupted acquisition Enhanced Forensic Access to iPhone/iPad/iPod Devices running Apple iOS
Perform the complete forensic acquisition of user data stored in iPhone/iPad/iPod devices. Elcomsoft iOS Forensic Toolkit allows imaging devices’ file systems, extracting device secrets (passcodes, passwords, and encryption keys) and decrypting the file system image. Access to most information is provided instantly. Please note that some models require jailbreaking. See Compatible Devices and Platforms for details. Physical Acquisition of iOS Devices
Physical acquisition is the only acquisition method to extract full application data, protected keychain items, downloaded messages and location history. Physical acquisition returns more information compared to logical acquisition due to direct low-level access to data. Elcomsoft iOS Forensic Toolkit supports jailbroken 64-bit devices (iPhone 5s and newer) running most versions of iOS 7 through 12. Logical Acquisition with Keychain Extraction
iOS Forensic Toolkit supports logical acquisition, a simpler and safer acquisition method compared to physical. Logical acquisition produces a standard iTunes-style backup of information stored in the device. While logical acquisition returns less information than physical, experts are recommended to create a logical backup of the device before attempting more invasive acquisition techniques. Logical acquisition with iOS Forensic Toolkit is the only acquisition methods allowing access to encrypted keychain items. Logical acquisition should be used in combination with physical for extracting all possible types of evidence. Media and Shared Files Extraction
iOS Forensic Toolkit offers the ability to quickly extract media files such as Camera Roll, books, voice recordings, and iTunes media library. As opposed to creating a local backup, which could be a potentially lengthy operation, media extraction works quickly and easily on all supported devices. Extraction from locked devices is possible by using a pairing record (lockdown file). In addition to media files, iOS Forensic Toolkit can extract stored files of multiple apps, extracting crucial evidence from 32-bit and 64-bit devices without a jailbreak. While access to app data without a jailbreak is limited, this new technique allows extracting Adobe Reader and Microsoft Office locally stored documents, MiniKeePass password database, and a lot more. The extraction requires an unlocked device or a non-expired lockdown record. If a lockdown record is used, some files may not be accessible unless the lock screen passcode is removed. Perform physical and logical acquisition of iPhone, iPad and iPod Touch devices. Image device file system, extract device secrets (passwords, encryption keys and protected data) and decrypt the file system image. All Features and Benefits
- Physical Acquisition for 32-bit and 64-bit iOS Devices
- Logical Acquisition with Lockdown Support and Keychain Extraction
- Access More Information than Available in iPhone Backups
- Keychain Recovery
- Passcode Recovery
Release NotesCompatible Devices and Platforms:
- 64-bit iOS devices with jailbreak: physical acquisition (file system extraction, keychain decryption)
- Apple TV 4 (cable connection) and Apple TV 4K (wireless connection through Xcode, Mac only)
- Apple Watch (all generations); requires a third-party IBUS adapter
- No jailbreak: advanced logical acquisition only Logical acquisition includes:
- Extended information about the device
- iTunes-format backup (includes many keychain items)
- List of installed apps
- Media files (even if the backup is password-protected)
- Shared files (even if the backup is password-protected) System Requirements:
- Windows Server 2016
- Windows Server 2012
- Windows 7 (32 bit)
- Windows 7 (64 bit)
- Windows 8
- Windows 8.1
- Windows 10 Homepage
Download 百度网盘
Download 百度网盘
| 
发表于 2020-6-11 18:19:02
