Elcomsoft Introduces the Linux Edition of its Forensic iOS Extraction Tool

ElcomSoft Co. Ltd. releases Elcomsoft iOS Forensic Toolkit 8.50, a major update to the company’s mobile forensic extraction tool for Apple devices. The new release introduces the Linux edition, which enables forensic extractions of Apple devices on Linux-based computers.

The new Linux edition supports forensically sound bootloader-level extraction, previously a feature exclusive to macOS. This opens a window of opportunity for experts who don’t have access to a Mac, enabling true forensically sound extractions of more than ten generations of Apple devices up to and including the iPhone 8, 8 Plus, and iPhone X.

The release of the Linux edition is ElcomSoft’s final step towards true multiplatform compatibility. The tool has been tested on multiple Linux distributions, officially supporting the current Debian, Ubuntu, Kali Linux, and Mint distros.

Accurate iOS Version Identification for Bootloader-Level Extraction

The new update brings a significant improvement in precise iOS version identification during bootloader-level extraction. Formerly, the toolkit attempted to guesstimate the installed iOS version based on the version of the device’s bootloader, which could result in several potential matches if the tool could not pinpoint the exact version of iOS. The new approach achieves a nearly 100% accurate identification of the iOS version, eliminating any ambiguity in the extraction process.

Low-Level Extraction for Apple Watch S0 through S2

In addition to the Linux edition, this update adds support for older models of Apple Watch, allowing macOS and Linux users to get more data like passwords and complete file systems from these watches. Newly supported models include the original Apple Watch, which is often called the “S0”, as well as Apple Watch Series 1 and Series 2, while Apple Watch Series 3 has been already supported. Bootloader-level extraction makes it possible to obtain the full file system image as well as extract a copy of the keychain.

With this update, Elcomsoft iOS Forensic Toolkit becomes one of the most advanced yet affordable iOS acquisition tools on the market and is the only forensic tool for extracting Apple Watch, Apple TV, and HomePod devices. The toolkit supports all possible acquisition methods including advanced logical, agent-based and bootloader-based low-level extraction.

About Elcomsoft iOS Forensic Toolkit

Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS, offering file system imaging and keychain extraction from the latest generations of iOS devices. By performing low-level extraction of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, conversations carried over all instant messaging apps, including the most secure ones such as Signal, Wickr, and Telegram, as well as all application-specific data saved in the device.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certified Partner, and Intel Software Premier Elite Partner.