The discovery of the checkm8 exploit on Apple devices (4S – X and several iPads) by axi0mX opened a door to access most haven’t seen in almost a decade. We can now extract a Full file system extraction from iOS devices affected by this exploit. The best news for us in forensics: It cannot be patched as it’s an exploit that lives on the chips inside of these iOS devices. At the time of this update, statistics show that 85% of devices currently in use fall into the realm of being susceptible to the checkm8 exploit. Now, all we needed was a jailbreak.

Enter checkra1n, the first public jailbreak that utilizes the checkm8 exploit. Cellebrite was the first to implement the capability into their tools. You can leverage UFED to obtain a Full file system extraction via checkm8 without manually jailbreaking the device. This method is deemed safer than manually using checkra1n because the exploit and jailbreak run in RAM and do not permanently change the file system. Since the release of checkm8 in UFED, many other vendors have implemented similar methods. More on checkm8 and checkra1n will be covered in section 3.