While the iPhone is Apple’s bread and butter product, is not the only device produced by the company. We’ve got the Mac (in desktop and laptop variations), the complete range of tablets (the iPad line, which is arguably the best tablet range on the market), the music device (HomePod), the wearable (Apple Watch), and the Apple TV. In today’s article, we are going to cover data extraction from Apple TV and Apple Watch. They do contain tons of valuable data, and are often the only source of evidence.

In our previous blog post we have described how we broke the encryption in iOS devices. One important thing was left out of that article for the sake of readability, and that is how we actually acquire the image of the file system of the device. Indeed, in order to decrypt the file system, we need to extract it from the device first.

ElcomSoft researchers were able to decrypt iPhone’s encrypted file system images made under iOS 4. While at first this may sound as a minor achievement, ElcomSoft is in fact the world’s first company to do this. It’s also worth noting that we will be releasing the product implementing this functionality for the exclusive use of law enforcement, forensic and intelligence agencies. We have a number of good reasons for doing it this way. But first, let’s have a look at perspective.