CYFOR Blog

By Dan Sutton

The introduction of Checkm8 into Cellebrite’s latest UFED software has provided game-changing capabilities in relation to the digital forensic extraction of data from iOS devices.

Apple iOS devices, such as the iPhone have become increasingly difficult to obtain data from, with access to the file system limited. However, the new Checkm8 exploit which has been around for a while has now been officially adopted and rolled out by industry leaders Cellebrite in their recent update to the UFED software. This breakthrough by the independent researcher axi0mX has been available since late 2019, however, it required the iOS device to be jailbroken. Therefore, its introduction had little impact in the forensic arena for three main reasons:

• Jailbreak-based methods are considered to be ‘less’ forensically sound
• The examiner needed a macOS workstation to apply the 3rd party checkra1n tool
• Under the time-sensitive schedule of the examiner, the multi-stage (and sometimes error-prone) process made it less appealing

Cellebrite has introduced UFED 7.28—a new UFED version that fully integrates the Checkm8 exploit, without the need for complicated jailbreaks or downloading of third-party applications.

This is good news for our digital forensic practitioners as these processes have now been encompassed into one easy, documentable process. This will, in turn, empower investigators to conduct more detailed analysis into a further range of applications, which were once unavailable due to the iOS system.

It’s also a positive outcome for our clients, as devices which were previously difficult to interrogate are now easier to process and will now speed up digital forensic investigations. Cellebrite are market leaders in mobile device extraction software and appear committed to the forensic industry. CYFOR have used their services for a number of years as we will always use the best software commercially available in order to meet our client objectives.