iOS Forensic Toolkit 7.02 simplifies macOS installations, fixes corrupted file system extraction

Elcomsoft iOS Forensic Toolkit 7.02 is a minor update making it easier to install the tool on macOS computers and introducing a new agent extraction option to fix the extraction of corrupted file systems.

Elcomsoft iOS Forensic Toolkit 7.02 is a minor update with several bugfixes and improvements.

The first improvement is a significantly simpler installation on macOS computers. Previously, while installing iOS Forensic Toolkit on a Mac, users would have to manually clean the quarantine flag (on Catalina and Big Sur), and modify a Security & Privacy setting to instruct the OS it was OK to run software from an “unidentified developer”. In this update, the tool has been packed into a single app bundle to enable convenient drag-and-drop installation by simply placing the package into the Applications folder. Once installed, the tool can be launched as any other program.

The second improvement helps extract iOS devices where a file system corruption is present. If the file system corruption occurs, the extraction may freeze when attempting to read a corrupted file. Moreover, even logical extraction would fail if the file system is damaged.

The file system corruption is commonly manifested by advertising ridiculously large file sizes (in the exabytes range). When attempting to extract such a file, the extraction process would freeze and never complete. This issue has been addressed with an option to restrict the maximum file size during agent-based low-level extraction. This new option can also be used to skip healthy yet very large files to speed-up the extraction process. The default setting is 512 GB.

In addition, we fixed a minor problem occurring when installing iOS Forensic Toolkit on legacy Windows 7 installations that are missing certain updates. Finally, we’ve added a quick reminder to install a sysdiagnose profile during the log extraction process.

Release notes:

  • macOS installation into Applications, with notarization for Catalina and later
  • Windows installation fix for some legacy Windows 7 systems without updates (missed runtimes)
  • Added a reminder to install sysdiagnose profile before log files acquisition
  • Acquisition agent can now skip files larger than a given size (512 GB by default) when the size is reported incorrectly

Vedi anche