Elcomsoft Nyheter

  • 15/11/2018

Elcomsoft Phone Breaker 8.40 adds the ability to extract media files, documents and other attachments from iCloud Messages. Once message sync is enabled, messages are no longer available in cloud backups. EPB 8.40 becomes the first forensic tool to obtain synced conversation histories complete with attachments.

Elcomsoft Phone Breaker 8.40 is updated to extract the complete chat histories from iCloud including attached files, media, locations and other content. Messages can be synced to iCloud by iPhone devices running iOS 11.4 and all versions of iOS 12. Once the user enables iCloud Messages, neither conversation histories nor attachments are included to iCloud backups.

Since messages are point-to-point encrypted with a key derived from the user’s passcode, accessing these messages without a passcode is impossible. Apple does not have access to messages stored in iCloud. As a result, Messages are not delivered through LE or GDPR requests.

Elcomsoft Phone Breaker is the first forensic tool on the market to access and decrypt message conversation histories from the cloud complete with attached content and media files. The user’s iCloud/Apple ID authentication credentials are required to access iCloud data, as well as the secondary authentication factor for passing the Two-Factor Authentication prompt. In addition, a passcode (iPhone/iPad) or system password (Mac) from one of the already enrolled devices is required in order to decrypt messages and attachments.

The iCloud synchronization mechanism is separate from and works in addition to iCloud system backups. Unlike iCloud backups that occur on daily basis, iMessage conversations synchronize at a faster rate. If the device has an Internet connection, conversations are updated in the cloud with little delay. This enables Elcomsoft Phone Breaker users to access messages, attached media and files sent and received by the user in near real-time manner.

Attached content can provide essential evidence during investigations. Since the majority of iMessage attachments are pictures taken with the iPhone device, analyzing EXIF data may return a large number of location points. Extracting and analyzing location data can be easily performed with the latest version of Elcomsoft Phone Viewer that has been updated to support the full content of iCloud Messages.

The update is free of charge to all customers who purchased or renewed their Elcomsoft Phone Breaker or Elcomsoft Mobile Forensic Bundle license within one year. Discounted renewal is available to customers whose maintenance plan has already expired.

Get more information on Elcomsoft Mobile Forensic Bundle:

Get more information on Elcomsoft Phone Viewer and download free trial version:

Get more information on Elcomsoft Phone Breaker and download free trial version:

Read a press release:

Read our blog post: iMessage Security, Encryption and Attachments

Read our blog post: Messages in iCloud: How to Extract Full Content Including Media Files, Locations and Documents