iOS Forensic Toolkit 2.30 is updated to support the new “Home Depot” jailbreak, enabling full physical acquisition of 32-bit iPhones and iPads running iOS 9.1-9.3.4. This will enable ElcomSoft’s law enforcement and forensic customers to go through the backlog of legacy devices, taking care of evidence that might be available in these previously inaccessible devices.

The recently announced semi-tethered Home Depot jailbreak now supports iOS 9.1 through 9.3.4 on 32-bit devices such as Apple iPhone 4s, 5, 5c and 32-bit iPads and iPod Touch devices. Elcomsoft iOS Forensic Toolkit 2.30 adds support for the new jailbreak, enabling full physical acquisition of 32-bit devices running iOS 9.1 through 9.3.4.

When used with the new jailbreak, Elcomsoft iOS Forensic Toolkit 2.30 can capture and decrypt the complete data partition of the iOS 9.x device. Full keychain decryption is available, enabling unrestricted access to the most secure data. Finally, unrestricted access to sandboxed app data allows experts extracting full conversation histories from some of the most secure messengers such as WhatsApp, Telegram, Signal, Skype and Facebook Messenger. Compared to logical acquisition, this method adds access to browser cache and temporary files, downloaded mail, extended location history, and data that belongs to apps that explicitly disable backups.

Physical acquisition of 32-bit devices requires installing the Home Depot jailbreak. Experts will gain acess to all of the following data:

• The complete, decrypted image of the iPhone data partition
• Access to sandboxed app data
• Access to conversation histories carried over in some of the most secure messaging apps including Facebook, WhatsApp, Skype, Signal and Telegram
• Full location history
• All system logs, temporary files and write-ahead logs (WAL)
• Downloaded emails
• All keychain data including items protected with the highest security class
• Access to all cached passwords including Apple ID password, if available