iXAM® vs the Jailbreakers...

It does not jailbreak the device - its that simple!

iXAM® is a new forensic imaging tool that is capable of extracting an exact copy of the user or system memory on Apple iPhone™ and iPod Touch™, without "jailbreaking" the device.

These devices have traditionally presented many challenges to forensic examiners, owing to the manner in which the manufacturer of the devices enforces limitations upon the user. Typically the end-user is not able to access any part of the memory other than the media folders, and is prevented from installing unauthorized software.

This means that the most common forensic tools (either forensic imaging via the USB mass storage interface or installing a device agent to extract and transmit data to a forensic workstation) are not possible on a stock, unmodified device.

Jailbreaking – the ‘traditional’ method

Most ‘forensic imaging’ tools for iPhone™ / iPod Touch™ devices rely on a process commonly known as ‘jail breaking’. This process exploits flaws in the manufacturer’s firmware in order to allow unauthorized software to be executed on the device. This software then, in turn, modifies the operating system to enable a wide range of additional features, including:

Execution of unauthorized third-party applications
Bypassing the handset network lock (‘unlocking’)
Full read/write access to the entire memory of the device.

Many of these additional features are neither required, nor desirable from the point of view of the forensic practitioner. Moreover, the techniques available for jailbreaking an iPhone or iPod Touch™ require changes both to the operating software and the device firmware.

Risks altering data which must be preserved for reasons of forensic integrity
Leads to behavioral changes in the device which cannot be reversed
Requires a complete system restore.

As a result, many investigators and agencies are concluding that solutions based on jail breaking are not a forensically sound method of extraction for these devices.