Elcomsoft Phone Breaker 8.40 adds the ability to extract media files, documents and other attachments from iCloud Messages. Once message sync is enabled, messages are no longer available in cloud backups. EPB 8.40 becomes the first forensic tool to obtain synced conversation histories complete with attachments.
Elcomsoft Phone Breaker 8.40 is updated to extract the complete chat histories from iCloud including attached files, media, locations and other content. Messages can be synced to iCloud by iPhone devices running iOS 11.4 and all versions of iOS 12. Once the user enables iCloud Messages, neither conversation histories nor attachments are included to iCloud backups.
Since messages are point-to-point encrypted with a key derived from the user’s passcode, accessing these messages without a passcode is impossible. Apple does not have access to messages stored in iCloud. As a result, Messages are not delivered through LE or GDPR requests.
Elcomsoft Phone Breaker is the first forensic tool on the market to access and decrypt message conversation histories from the cloud complete with attached content and media files. The user’s iCloud/Apple ID authentication credentials are required to access iCloud data, as well as the secondary authentication factor for passing the Two-Factor Authentication prompt. In addition, a passcode (iPhone/iPad) or system password (Mac) from one of the already enrolled devices is required in order to decrypt messages and attachments.
The iCloud synchronization mechanism is separate from and works in addition to iCloud system backups. Unlike iCloud backups that occur on daily basis, iMessage conversations synchronize at a faster rate. If the device has an Internet connection, conversations are updated in the cloud with little delay. This enables Elcomsoft Phone Breaker users to access messages, attached media and files sent and received by the user in near real-time manner.
Attached content can provide essential evidence during investigations. Since the majority of iMessage attachments are pictures taken with the iPhone device, analyzing EXIF data may return a large number of location points. Extracting and analyzing location data can be easily performed with the latest version of Elcomsoft Phone Viewer that has been updated to support the full content of iCloud Messages.
The update is free of charge to all customers who purchased or renewed their Elcomsoft Phone Breaker or Elcomsoft Mobile Forensic Bundle license within one year. Discounted renewal is available to customers whose maintenance plan has already expired.
新闻Elcomsoft Decrypts Non-Text Content of iCloud Messages, Accesses Attached Photos, Media and Other Files（英文）
阅读全文阅读«iMessage Security, Encryption and Attachments»文章; 在我们的博客中（英文）