The recently announced semi-tethered Yalu jailbreak was tested with Elcomsoft iOS Forensic Toolkit 2.20 and found to be sufficient for physical acquisition. The new jailbreak supports a limited set of devices; at this time, 64-bit iOS devices except iPhone7, iPad Air 2 and iPad Mini 4 are supported. The jailbreak supports iOS 10.0.0 through 10.2; iOS 10.2.1 is excluded.

When used with the new jailbreak, Elcomsoft iOS Forensic Toolkit 2.20 can capture the complete file system of the iOS 10.x device. Compared to logical acquisition, this method adds access to browser cache and temporary files, downloaded mail, extended location history, and data that belongs to apps that explicitly disable backups. Researchers may be able to access information from Apple Pay and apps that made their appearance in iOS 10 such as Apple Home.

Get more information on Elcomsoft iOS Forensic Toolkit:
https://www.elcomsoft.com/eift.html

Read our blog post “iOS 10 Physical Acquisition with Yalu Jailbreak”:
https://blog.elcomsoft.com/2017/01/ios-10-physical-acquisition-with-yalu-jailbreak/