Mobile forensic products troubleshooting
Posted by Andrey Malyshev, Last modified by Andrey Malyshev on 12 October 2020 05:18 PM
|
|
Contents Troubleshooting Elcomsoft Phone Breaker Issues when reverting to an older version Issues accessing the default iTunes backup folder Issues running Elcomsoft Apple Token Extractor Troubleshooting Elcomsoft Phone Viewer Issues accessing the default iTunes backups folder Troubleshooting Elcomsoft Cloud eXplorer Troubleshooting Elcomsoft eXplorer for WhatsApp
Troubleshooting Elcomsoft Phone BreakerIf you experience unexpected behavior when using Elcomsoft Phone Breaker, we may be able to help you resolve the issue if we can determine the root cause of the problem. To help us find what causes the problem, we will ask you to provide us the logs. LoggingElcomsoft Phone Breaker saves the general logs in the following locations:
NOTE: In macOS, the folder containing the log file is hidden. Press Shift + Command + G (or Shift + Win + G) and enter the path to the folder to open it. More often than not, the general log will be all that we need to troubleshoot the problem. However, if the problem occurs while EPB is attacking a password, we may ask you to send an additional log file that stores events related to the password recovery process. Such events are logged in the RecoveryProcess file. The log is stored in the following location:
If you are experiencing a problem using Elcomsoft Phone Breaker, please submit your log files at http://support.elcomsoft.com/ In certain configurations, the log from the previous session might be saved as EPB_<version and revision number>.bak. If this is the case, please attach both the *.log and the *.bak files when reporting an issue. Setting the logging levelThe amount of logged information is defined by the logging level you can specify in the EPB Settings > General. The default setting is usually enough to identify an issue. However, in some cases, our support team may ask you to temporarily increase the log level and reproduce the problem. You can increase the log level by modifying the corresponding setting in Settings > General. After reproducing the problem and submitting the log file, please return the log level to its default setting to avoid excessive growth of the log file.
Issues when reverting to an older versionIf you have been using the latest version of Elcomsoft Phone Breaker, but then decided to switch back to an older one, the following message will be displayed: "The EPB version installed on your computer is outdated. Please get the latest version". This happens because older versions of EPB do not support the newer version of the Credentials.db file. To continue using EPB, either install the latest version or delete the Credentials.db file from the following location:
Issues downloading iCloud Keychain data Sometimes when downloading iCloud Keychain data, you might face one of the following issues on the Apple side:
To fix these issues, sign out of iCloud Keychain on the iOS/macOS device being investigated, sign in again, and then reboot the device to synchronize it with iCloud Keychain.
Issues accessing the default iTunes backup folderOn macOS 10.14 or higher, if you try to access the default iTunes backup folder, you might be displayed the following message: "EPB has no access to the default iTunes backups folder. Please grant the Full Disk Access permission to EPB. For details, see Troubleshooting in Help." This happens because macOS protects iTunes backups to ensure rogue apps cannot access the users’ personal data. To grant the Full Disk Access permission to EPB, do the following:
Issues running Elcomsoft Apple Token ExtractorWhen launching the atex.dmg file for the first time, the following window will appear:
To launch atex.dmg, do the following:
Credentials databaseCredentials in EPB are stored in the following locations:
Troubleshooting Elcomsoft Phone ViewerIf you experience unexpected behavior when using Elcomsoft Phone Viewer, we may be able to help you resolve the issue if we can determine the root cause of the problem. To help us find what causes the problem, we will ask you to provide us the logs. LoggingElcomsoft Phone Viewer logs events into the EVP.log file, which is located at:
If you are experiencing a problem using Elcomsoft Phone Viewer, please create a ticket in our online support system (see Contacting us for details), providing us with the log file mentioned above. The amount of logged information is defined by the logging level. The default Medium setting is usually enough to identify an issue. However, in some cases, our support team may ask you to temporarily increase the log level and reproduce the problem. You can increase the log level by modifying the corresponding setting in the Settings.ini file as instructed below. After reproducing the problem and submitting the log file, please return the log level to its default setting to avoid excessive growth of the log file. To change the level of logging (if requested), please do the following:
0 - No logging is performed
Cache databaseThe Wi-Fi location data and locations for other media except for camera roll are saved to the cache database: <system_disk>:\ProgramData\Elcomsoft\Elcomsoft Phone Viewer\epv_cache.db
Issues accessing the default iTunes backups folderOn macOS 10.14 or higher, if you try to access the default iTunes backup folder, you might be displayed the following message: "EPV has no access to the default iTunes backups folder. Please grant the Full Disk Access permission to EPV. For details, see Troubleshooting in Help." This happens because macOS protects iTunes backups to ensure rogue apps cannot access the users’ personal data. To grant the Full Disk Access permission to EPV, do the following:
Troubleshooting Elcomsoft Cloud eXplorerThe system information about Elcomsoft Cloud eXplorer operation is logged into ECX.log file that is located at:
If you are experiencing any problems with Elcomsoft Cloud eXplorer, please create a ticket in our online support system (see Contacting us for details), providing us with the log file mentioned above. The amount of information that is written to the ECX.log file is defined by the level of logging. The higher the level, the more detailed information is written to the log file, but it may affect the program and overall system performance. By default, a medium level of logging is set. To change the level of logging (if requested), please do the following:
0 - No logging is performed
Troubleshooting Elcomsoft eXplorer for WhatsAppt If you experience unexpected behavior when using Elcomsoft eXplorer for WhatsApp, we may be able to help you resolve the issue if we can determine the root cause of the problem. To help us find what causes the problem, we will ask you to provide us the logs. The logs are stored in the EXWA.log file located at:
If you are experiencing a problem with Elcomsoft eXplorer for WhatsApp, please create a ticket in our online support system (see Contacting us for details), providing us with the log file mentioned above. The amount of logged information is defined by the logging level. The default setting is usually enough to identify an issue. However, in some cases, our support team may ask you to temporarily increase the log level and reproduce the problem. You can increase the log level by modifying the corresponding setting in the Settings.ini file as instructed below. After reproducing the problem and submitting the log file, please return the log level to its default setting to avoid excessive growth of the log file.
0 - No logging is performed
AndroidThe tool logs the Java version and the WhatsApp version in AndroidScripts.log file located at
If you are experiencing any problems with Elcomsoft eXplorer for WhatsApp, please create a ticket in our online support system (see Contacting us for details), providing us with the log file mentioned above and the EXWA.log file. NOTE: EXWA is not guaranteed to work with Android devices connected to virtual machines. If you have rooted the Android device, please make sure to restart the device before connecting it to EXWA to ensure that the data is loaded properly. If you are loading data from the device, but the device does not prompt to “trust” the computer, and the connection is not performed,make sure the latest USB drivers for your device are installed and try again. If you are loading data from an unrooted device and experiencing issues entering the password on your device, do the following:
| |
|