This is a standard way to back up iOS device data. It requires iTunes to be installed on the machine where Belkasoft X is running, as well as an unlocked device or a valid lockdown file.

Since an encrypted iTunes backup contains more data, Belkasoft X suggests encrypting a backup if no password is set in iTunes.

Supported iOS versions: any (including iOS 17)

Belkasoft X supports forensically sound, jailbreak-free extraction of selected iOS devices via a hard-coded, unpatchable exploit called 'checkm8'. Compatible devices include the range of iPhone and iPad devices powered by Apple's A7 through A11 SoC (iPhone 5s through iPhone X and corresponding iPad models). Full file system and keychain can be acquired using this method.

Supported iOS versions: 12.0 to 16 beta (16 final release and newer versions are not supported)

A locked iOS device can pose a significant challenge for your investigation because, even with sophisticated acquisition types like checkm8, you will only obtain a limited amount of data (BFU mode extraction). A specialized module of Belkasoft X, known as the Mobile Passcode Brute-Force module, addresses this issue for iPhones and iPads with specific SoCs inside.

Learn more

The agent-based method is another approach to acquiring an iPhone or an iPad without jailbreak. The acquired image contains a full file system copy and keychain, similarly to checkm8 or jailbroken device image.

However, unlike checkm8, it works on a broader range of devices and iOS versions, including iPhone XS/XS Max, iPhone XR, iPhone 11/Pro/Pro Max, iPhone 12/Mini/Pro/Pro MAX, iPhone 13/Mini/Pro/Pro Max, iPhone 14/Plus/Pro/Pro Max, iPhone SE (2nd gen), iPad Air (3rd gen) and iPad Pro (3rd gen) and others.

Supported iOS versions: iOS 10.3.3 to 16.5.1 (refer to a specialized page for more precise information).

Belkasoft X supports the latest jailbreaks like checkra1n, odyssey, unc0ver, and others. In some cases, jailbreaking is the only method to extract important data from a device under investigation. With Belkasoft X it is possible to acquire a full file system as well as a keychain from jailbroken iOS devices.

Supported iOS versions: Any, if a jailbreak was successfully installed

Crash logs can be used to understand the conditions under which the application was terminated and provide a trace of the execution of an application. Belkasoft X can extract iOS crash logs as a separate type of acquisition. You do not need to jailbreak your device; it is sufficient to have a passcode or a valid lockdown file of the device.

Supported iOS versions: Any

This acquisition type is based on AFC (Apple File Conduit), Apple's proprietary protocol for media file transfer from an iOS device to a host computer. This type of acquisition allows copying pictures, audio, and video files. It requires iTunes to be installed on the machine where Belkasoft X is running.

Supported iOS versions: Any

With the help of this method, Belkasoft X has the ability to capture screenshots of a device. You can take screenshots of chat threads, call lists, device settings, and other important data.

A specialized module of Belkasoft X, called the Mobile Passcode Brute-Force module, can assist in the acquisition of specific Android devices without the need to unlock them.

Learn more

A standard ADB backup is built into the Android operating system and available on any Android device. Belkasoft X supports this kind of acquisition for a vast majority of Android-based devices.

With Belkasoft X you can acquire both physical and logical images of an Android device where administrative rights are obtained ('rooted device'). A logical image, which is a full file system copy, is useful when your device has built-in encryption and a physical image makes no sense.

This acquisition method uses a special application ('agent'), installed by Belkasoft X on a device. The agent helps transfer data from the device to Belkasoft X. The range of data depends on a chipset vendor.

Upon the acquisition, the agent will be automatically uninstalled by Belkasoft X.

A variant of this method is acquisition through an agent copied onto the phone's SD card. In this case, there is no need to connect the phone to a computer via a cable, which can be advantageous in case of a faulty connector.

Belkasoft X has specific support for acquisition from devices powered by MediaTek. A number of acquisition methods are supported, and each of them has its own requirements and range of acquired data (logical file system image, physical dump, particular types of applications).

The wide variety of MTK-based devices and MTK chipsets are supported, including popular smartphones—such as LG, HTC, Sony Experia, and others, as well as exotic devices—Gionee, Oppo, and Umidigi.

Find out which MTK-based devices are supported

Belkasoft X has specific support for brute-force and acquisition from devices powered by Kirin 970 and 980. Decryption keys are also acquired, what enables the product to deal with FBE (File Based Encryption) on a device.

The variety of Kirin devices are supported, including popular Huawei and Honor smartphones.

Find out how to brute-force and acquire a Kirin device

Find out which devices can be brute-forced

Belkasoft X allows you to acquire a physical image from a vast amount of different mobile device models running on Qualcomm Snapdragon SoC. This method is based on an emergency download mode (EDL).

The list of supported devices includes more than 250 smartphone models, including various models of Samsung, Xiaomi, Meizu, ZTE, Vivo, and others.

Find out which Qualcomm-based devices are supported

Belkasoft X also allows you to acquire a physical image of a vast amount of different mobile device models running on a Spreadtrum chipset.

The method supports almost 90 phone models, including various models of Archos, ARK, BLU, Intex, Micromax, and others.

Find out which Spreadtrum-based devices are supported

This method allows a user to install an older version of an application to a device, which allows for the extraction of data from applications that have removed the possibility of backing up their data into the standard ADB backup. Upon the acquisition completion, the original versions of applications will be restored, even if the acquisition was completed incorrectly.

Belkasoft X supports the downgrade of multiple applications including Facebook Messenger, Instagram, KakaoTalk, Opera, Signal, Skype, Telegram, Twitter, Viber, WeChat, WhatsApp, Zello, and others.

This acquisition method uses Media Transfer Protocol / Picture Transfer Protocol and allows the copying of pictures, audio, and video files from a device to a computer.

This acquisition method is a combination of several methods powered by ADB into a single task. It runs an ADB backup creation, agent-based acquisition, and copying data from a SIM card.

With the help of this method, Belkasoft X has the ability to capture screenshots of various popular applications installed on a device. You can take screenshots of chat threads and call lists. Handy options allow you to set the maximum number of pages to capture, which helps when working with large volumes of chat or call data. You can also specify directions for the scrolling, whether up or down.