Elcomsoft iOS Forensic Toolkit 8.13 adds forensically sound checkm8 extraction support for first-generation HomePod devices, and brings multiple improvements to the handling of legacy iPhone models.
Elcomsoft iOS Forensic Toolkit 8.13 brings low-level file system extraction and keychain decryption support to first-generation Apple HomePod devices. The HomePod is now fully supported with the forensically sound checkm8 extraction process regardless of the version of iOS installed on the device. In addition, the new build brings iOS 4 through 6 support to legacy Apple devices, and implements minor improvements to older devices support.
Accessing information stored in the first-generation HomePod requires a specific set of tools and steps, including partial disassembly and the use of a custom 3D-printable USB adapter. By following the outlined steps and using iOS Forensic Toolkit 8.13, it is possible to extract the keychain and file system image from the HomePod. It is important to note that the amount of data that can be accessed from the HomePod may be limited compared to other Apple devices. Nonetheless, this extraction method can be useful in forensic investigations and shed light on the potential evidence that can be obtained from HomePod devices.
More information in our blog: Pwning the HomePod and HomePod extraction.
iOS Forensic Toolkit is the only solution on the market supporting checkm8 extraction of first-generation HomePod and other IoT devices such as the Apple TV and Apple Watch. The HomePod cannot be protected with a passcode, making it a valuable source of accessible evidence.
checkm8-based extraction is the cleanest, safest, and most technologically advanced extraction method available for a range of Apple devices with a vulnerable bootloader. Compared to other acquisition methods, our implementation of checkm8 is the only true forensically sound solution that delivers repeatable and verifiable extractions. Compared to logical acquisition, low-level extraction delivers significantly more information and decrypts the entire content of the keychain including encryption keys and authentication tokens.
Elcomsoft iOS Forensic Toolkit 8.13 release notes: