Elcomsoft Phone Breaker 9.0 is a major update, adding the ability to extract Apple Health data synced by iOS devices in the user’s iCloud account.
Health data can serve as essential evidence during investigations. At very least, the data includes step count, running and walking distances with exact timestamps the user was walking or running. Significantly more evidence is available if the user wears a HealthKit compliant device such as the Apple Watch or a third-party fitness tracker. A multitude of third-party apps may contribute to Health data significantly. Finally, any Health Records including information received in the form of CDA documents are extracted.
Elcomsoft Phone Breaker is the first forensic tool on the market to access and decrypt Health data from the cloud. The user’s iCloud/Apple ID authentication credentials are required to access iCloud data, as well as the secondary authentication factor for passing the Two-Factor Authentication prompt. More data is extracted if the user’s lock screen passcode is known.
While Apple Health information is not available in iCloud backups, the extraction mechanism used by Elcomsoft Phone Breaker does not rely on cloud backups. Health information is frequently synced with iCloud with little or no delay. This synchronization mechanism is separate from and works in addition to iCloud system backups. If the device has an Internet connection, including mobile Internet, synchronized data are updated in the cloud with little delay. This enables Elcomsoft Phone Breaker users to access Health data in near real-time manner.
Elcomsoft Phone Viewer is also updated with the ability to parse and analyze Health data extracted by Elcomsoft Phone Breaker.
The update is free of charge to all customers who purchased or renewed their Elcomsoft Phone Breaker (Forensic edition) or Elcomsoft Mobile Forensic Bundle license within one year. Discounted renewal is available to customers whose maintenance plan has already expired.
About Elcomsoft Phone Breaker
Elcomsoft Phone Breaker is an all-in-one mobile acquisition tool to extract information from a wide range of sources. Supporting offline and cloud backups created by Apple, BlackBerry and Windows mobile devices, the tool can extract and decrypt user data including cached passwords and synced authentication credentials to a wide range of resources from local backups. Cloud extraction with or without a password makes it possible to pull communication histories, searches and browsing habits, and retrieve photos that have been deleted by the user a long time ago. The tool offers the most advanced support for Apple iCloud, decrypting many types of data that Apple itself will not return when serving Law Enforcement and GDPR pullout requests. This includes users’ passwords stored in iCloud Keychain, iCloud Messages and attachments.
Elcomsoft Phone Breaker supports Windows 7, 8, 8.1, and Windows 10 as well as Windows 2008, 2012 and 2016 Server. The Mac version supports Mac OS X 10.7 and newer. Elcomsoft Phone Breaker operates without Apple iTunes or BlackBerry Link being installed. In order to access iCloud Keychain, Windows users must have iCloud for Windows installed, while Mac users must run macOS 10.11 or newer.