This method is based on a standard way to back up iOS device data. It requires iTunes to be installed on the machine where Belkasoft X is running, as well as an unlocked device or a valid lockdown file.

Since an encrypted iTunes backup contains more data, Belkasoft X suggests encrypting a backup if no password is set in iTunes.

Supported iOS versions: any (including iOS 18)

Belkasoft X supports forensically sound, jailbreak-free extraction of selected iOS devices via a hard-coded, unpatchable exploit called "checkm8". Compatible devices include the range of iPhone and iPad devices powered by Apple's A7 through A11 SoCs (iPhone 5s through iPhone X and the corresponding iPad models). You can acquire a full file system copy and keychain with this method.

Supported iOS versions: 12.0 to 16 beta (16 final release and newer versions are not supported)

A locked iOS device can pose a significant challenge for your investigation because, even with sophisticated acquisition types like checkm8, you can only obtain a limited amount of data (BFU mode extraction). A specialized module of Belkasoft X—Mobile Passcode Brute-Force—addresses this issue for iPhones and iPads with specific SoCs inside.

Learn more

The agent-based method is another approach to acquiring an iPhone or an iPad without a jailbreak. The acquired image contains a full file system copy and keychain, similarly to a checkm8 or jailbroken device image.

However, unlike checkm8, agent-based acquisition works on a broader range of devices and iOS versions, including iPhone XS/XS Max, iPhone XR, iPhone 11/Pro/Pro Max, iPhone 12/Mini/Pro/Pro MAX, iPhone 13/Mini/Pro/Pro Max, iPhone 14/Plus/Pro/Pro Max, iPhone SE (2nd gen), iPad Air (3rd gen) and iPad Pro (3rd gen) and others.

Supported iOS versions: iOS 10.3.3 to 16.5.1

Learn more

Belkasoft X supports the latest jailbreaks like checkra1n, odyssey, unc0ver, and others. In some cases, jailbreaking is the only method to extract important data from a device under investigation. With Belkasoft X it is possible to acquire a full file system as well as a keychain from jailbroken iOS devices.

Supported iOS versions: Any, if a jailbreak was successfully installed

Crash logs can be used to understand the conditions under which the application was terminated and provide a trace of the execution of an application. Belkasoft X can extract iOS crash logs as a separate type of acquisition. You do not need to jailbreak your device; it is sufficient to have a passcode or a valid lockdown file of the device.

Supported iOS versions: Any

This acquisition type is based on AFC (Apple File Conduit), Apple's proprietary protocol for media file transfer from an iOS device to a host computer. This type of acquisition allows copying pictures, audio, and video files. It requires iTunes to be installed on the machine where Belkasoft X is running.

Supported iOS versions: Any

With the help of this method, Belkasoft X has the ability to capture screenshots of a device. You can take screenshots of chat threads, call lists, device settings, and other important data.

A specialized module of Belkasoft X—Mobile Passcode Brute-Force—helps to acquire data from specific Android devices without the need to unlock them. During the process, the product brute-forces device passcodes and decrypts the acquired images.

Learn more

ADB backup is a standard mechanism built into the Android operating system and available on any Android device. Belkasoft X supports the acquisition of ADB backup data from most Android-based devices.

With Belkasoft X, you can acquire both physical and logical images of an Android device where administrative rights are obtained ("rooted device"). A logical image, which is a full file system copy, is useful when your device has built-in encryption and a physical image makes no sense.

This acquisition method uses a special application ("agent") that Belkasoft X installs on a device. The agent helps transfer data from the device to Belkasoft X. The range of data depends on the chipset type.

After the acquisition, Belkasoft X automatically uninstalls the agent.

A variant of this method is acquisition through an agent copied onto the phone's SD card. In this case, there is no need to connect the phone to a computer via a cable, which can be advantageous in case of a faulty connector.

Belkasoft X provides several acquisition methods for devices powered by MediaTek chipsets. They differ in the supported chipset models and the types of images they can acquire.

The MTK dump method acquires and decrypts data from newer MTK-based devices protected with file-based and full disk encryption. If a device passcode is unknown, you can use the MTK brute-force functionality to obtain it.

Learn which MTK chipset models are supported for brute-force and dump acquisition

Agent backup MTK methods support a wide variety of MTK-based devices, including popular smartphones—such as LG, HTC, Sony Experia, and others, as well as exotic devices—Gionee, Oppo, and Umidigi.

Find out which MTK-based devices are supported

The MTK method enables you to acquire physical images of MTK-based devices using Preloader mode. It does not decrypt acquired images, so it works best for older, non-encrypted Android devices.

Belkasoft X provides support for brute-force and acquisition of data from devices powered by Kirin 970 and 980. Decryption keys are also acquired, which enables the product to deal with file-based encryption on a device.

A variety of Kirin devices are supported, including popular Huawei and Honor smartphones.

Find out how to brute-force and acquire a Kirin device

Find out which devices can be brute-forced

Belkasoft X also allows you to acquire and decrypt data from devices running on Unisoc (formerly Spreadtrum) chipsets and protected with file-based encryption. If a device passcode is unknown, you can use the brute-force functionality to obtain it.

Learn which Unisoc chipset models are supported for brute-force and acquisition

The method also supports the acquisition of about 90 older phone models, not protected with file-based encryption, including various models of Archos, ARK, BLU, Intex, Micromax, and others.

Find out which Spreadtrum-based devices are supported

Belkasoft X allows you to acquire a physical image from a vast amount of different mobile device models running on Qualcomm Snapdragon SoC. This method is based on the emergency download mode (EDL).

The list of supported devices includes more than 250 smartphone models, including various models of Samsung, Xiaomi, Meizu, ZTE, Vivo, and others.

Find out which Qualcomm-based devices are supported

This method uses the ADB backup mechanism to copy application data. To accomplish this, it replaces the current application packages on a device, which do not back up their data through ADB, with their older versions where data backups are allowed. Upon the acquisition completion, Belkasoft X restores the original versions of applications even if the acquisition was completed incorrectly.

Belkasoft X supports the APK downgrade acquisition method for multiple applications, including Facebook Messenger, Instagram, KakaoTalk, Opera, Signal, Skype, Telegram, Twitter, Viber, WeChat, WhatsApp, Zello, and others.

This method works on Android 12 and 13 devices that do not have the Android 2024-03-01 security patch. It provides access to the application folders on a device and enables you to copy data from them.

This acquisition method uses Media Transfer Protocol / Picture Transfer Protocol and allows the copying of pictures, audio, and video files from a device to a computer.

This acquisition method is a combination of several methods powered by ADB into a single task. It runs an ADB backup creation, agent-based acquisition, and copying data from a SIM card.

This method in Belkasoft X provides the mechanism to capture screenshots of various applications installed on a device. You can take screenshots of chats, emails, call lists, and more. It can also run fully automated screen capturing of data in WhatsApp, Signal, and Telegram. Handy options allow you to set the maximum number of frames to capture, which helps when working with large volumes of chat or call data. You can also specify directions for the scrolling, whether up or down.