Recently Cellebrite, one of the leading companies in mobile device forensics, released an exciting update to their mobile phone collection solution UFED Physical Analyzer. The new method, referred to as “checkra1n” leverages a recently discovered vulnerability known as “checkm8”. An interesting aspect of the vulnerability being exploited is that it is not an easily patched software bug but instead built right into the hardware of many recent iPhone and iPad models. Using the new checkra1n extraction allows an examiner to extract the full file system from compatible devices.
Cellebrite UFED Physical Analyzer has long been able to extract most of this data from iPhones and iPads so if you are simply interested in common data like the contact list, text messages or pictures and videos, this may not really bring much new to the table. However, if you are interested in some less common cellphone data, it is important to know that in many cases this new extraction method allows an examiner to copy additional device location data, battery statistics, and more application specific data.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology