Elcomsoft Enhances Windows and Linux Edition of its Forensic iOS Extraction Tool

ElcomSoft Co. Ltd. releases Elcomsoft iOS Forensic Toolkit 8.60, a major update to the company’s mobile forensic extraction tool for Apple devices. The new release enhances the Windows and Linux editions, enabling agent-based extractions with regular, non-developer Apple IDs.

Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s Developer Program if one used a Windows or Linux PC. Mac users could utilize a regular, non-developer Apple ID. The update makes this feature available in Windows and Linux editions of iOS Forensic Toolkit.

Background

Low-level extraction enables forensic experts to access information stored in Apple devices running a compatible version of iOS or iPadOS. While there are several different methods of achieving essentially the same goal, modern devices require the use of a special app called extraction agent. Agent-based low-level extraction allows capturing the full image of the device’s file system and a decrypted copy of the keychain.

To access information, the extraction agent must be installed onto the device. The installation is implemented via sideloading, which is a method of installing apps onto iOS or iPadOS devices directly, bypassing the official App Store. Sideloading involves signing the app and verifying its digital signature with Apple, which in turn requires the use of an Apple ID.

In previous builds, iOS Forensic Toolkit supported sideloading in Windows, Linux, and Mac editions, yet the Mac edition was the only one that could utilize a regular, non-developer Apple ID for this purpose. Users of Linux and Windows editions had no choice but to enroll their Apple ID into Apple’s paid Developer Program. For mobile forensic experts, newly enrolled developer accounts provide little to no tangible benefits over free, non-developer Apple ID’s other than the ability to sideload apps from other operating systems.

iOS Forensic Toolkit 8.60 brings an end to this discrepancy, fully enabling the use of regular, free Apple IDs for the purpose of sideloading and signing the low-level extraction agent. This new feature closes the gap between the Linux and Mac editions, while bringing the Window version one step closer to the Mac build.

About Elcomsoft iOS Forensic Toolkit

Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, conversations carried over all instant messaging apps, including the most secure ones such as Signal, Wickr, and Telegram, as well as all application-specific data saved in the device.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certified Partner, and Intel Software Premier Elite Partner.

For more information about Elcomsoft iOS Forensic Toolkit visit https://www.elcomsoft.com/eift.html