Elcomsoft Phone Breaker is not just about Apple iCloud data. It can also download the data from other cloud services including Microsoft accounts. In this new version, we have added support for even more types of data, including Windows 10 Timeline, Account Activity (logins to the account), OneDrive files, recent OneDrive files history, and files from Microsoft Personal Vault. Learn about these data types and how they can help advance your investigation.
Windows Timeline
Windows Timeline is a feature that first appeared in the Windows 10 April 2018 Update. The feature enhances Task View, enabling a glance into the past by displaying the user’s historical activities. The Timeline contains timestamped information about the user’s launched applications, searches, documents, and Web browsing history. Along with Windows jumplists, the feature is little known and rarely disabled, giving a valuable insight into the history of system’s usage.
If the user signs into their Microsoft account, Windows synchronizes the Timeline across devices. This is where we extract it from: Elcomsoft Phone Breaker 9.70 downloads the data, and Elcomsoft Phone Viewer 5.30 displays its content in a convenient layout.
By analyzing the Timeline data, experts can access to timestamped information about the app usage and Web page visits.
In addition to the Timeline, the tool extracts Account Activities detailing the user’s sign-ins to their Microsoft account.
OneDrive and Personal Vault
OneDrive needs no introduction, but the Personal Vault feature is still relatively unknown. According to Microsoft, “Personal Vault is a protected area in OneDrive that you can only access with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. Your locked files in Personal Vault have an extra layer of security, keeping them more secured in the event that someone gains access to your account or your device.”
When accessing Personal Vault, one would typically need to pass through all authentication steps: the login and password, and the second authentication step. For most tools, that would mean either no Vault extraction at all or a second, duplicate authentication effort. The newest update to Elcomsoft Phone Breaker can extract files from the user’s Personal Vault without the need to perform an additional (double) authentication.
Extracting OneDrive, Personal Vault and Timeline data with Elcomsoft Phone Breaker is straightforward.
To analyze, follow these steps.
Now supporting the widest range of data in multiple cloud services, Elcomsoft Phone Breaker becomes truly indispensable for cloud analysis. The updates are free of charge to existing users with currently valid licenses.
The complete mobile forensic kit enables law enforcement, corporate and government customers to perform physical, logical and over-the-air acquisition of smartphones and tablets, break mobile backup passwords and decrypt encrypted backups, view and analyze information stored in mobile devices. Bundle consists of all currently available mobile forensic tools offering the best value on the market.
Elcomsoft Mobile Forensic Bundle official web page & downloads »
Gain full access to information stored in FileVault 2 containers, iOS, Apple iCloud, Windows Phone and BlackBerry 10 devices! Download device backups from Apple iCloud, Microsoft OneDrive and BlackBerry 10 servers. Use Apple ID and password or extract binary authentication tokens from computers, hard drives and forensic disk images to download iCloud data without a password. Decrypt iOS backups with GPU-accelerated password recovery.
Elcomsoft Phone Viewer is a fast, lightweight forensic viewer for quickly accessing information extracted from mobile backups. Supporting a variety of platforms and data formats, the tool can display information extracted from local and cloud iOS backups and Microsoft Accounts. Password-protected iTunes backups can be automatically decrypted and analyzed without using third-party tools.