Over the years, we have published several articles about the extraction agent. However, the underlying technology changes quickly, and incremental changes often have significant cumulative effects. As a result, many of our older posts are no longer relevant and can be misleading if followed to the letter today. While last year’s recap, Installing and Troubleshooting the Extraction Agent (2025), remains a solid foundation for general setup, it does not account for the most recent hardware and software developments. This article serves as the definitive point of reference, providing an up-to-date recap of everything you need to know about the extraction agent as of May 2026.

What is it?

Alongside extended logical extraction, Elcomsoft iOS Forensic Toolkit (EIFT) implements several low-level extraction techniques because low-level extraction remains the gold standard for mobile forensics. Standard logical backups only pull what the operating system explicitly allows, meaning some critical evidence might be left behind. Low-level extraction largely bypasses those restrictions, making it the only reliable method to retrieve sandboxed app data, private chats, deleted records, full messaging histories, and the raw files and databases.

To achieve this on modern Apple hardware, EIFT utilizes the extraction agent. The agent is an in-house app that gets sideloaded directly onto the target device. Once installed, it unlocks low-level system access. It applies OS-level exploits to elevate privileges, escape the iOS sandbox, and ultimately grant direct access to both the root of the file system and the encryption keys required for keychain decryption.

Data Scope and Acquisition Benefits

The primary function of the extraction agent is to facilitate a level of system access that standard protocols such as the Apple File Conduit (AFC) or the backup service are designed to restrict. By operating at a low level, the agent overcomes the inherent data filtering of the iOS environment.

What is Extracted?

Once running with elevated privileges, the agent can acquire raw files and databases that are unavailable through standard logical or advanced logical procedures. In addition, the agent retrieves the encryption keys necessary to decrypt the keychain. The resulting dataset is significantly more comprehensive than a standard backup and includes both the full file system image and a copy of all keychain records, fully decrypted. Examples of extracted data include:

• Sandboxed App Data & Caches: Full databases for both native and third-party applications (including secure messengers), along with their attachments, logs, and configuration files. This also encompasses extensive application and WebKit caches, which frequently expose user activity from embedded in-app browsers.
• Passwords, Tokens, and Encryption Keys: By retrieving the keys necessary to fully decrypt the keychain, the extraction secures stored passwords, authentication tokens, and the specific keys required to decrypt protected application data.
• System & User Activity (KnowledgeC & Biomes): Access to deeply integrated system databases, such as the KnowledgeC and Biome frameworks. These record granular “pattern of life” data, tracking app usage, user interactions, and contextual states (such as Focus Modes) to help construct highly accurate behavioral timelines.
• System Service Logs & Diagnostics: Massive volumes of system-level data, including PowerLog statistics, Spotlight indexes, Health data, and detailed system service activities. This includes Wi-Fi and Bluetooth connection histories, lock/unlock methods, screen orientation changes, power-saving mode triggers, power-saving mode triggers, various notifications, copies of some messages and and a lot of other user and system activities, which collectively often enable the tracing of precise location data.
• Deleted Records & Thumbnails: Access to SQLite WAL (Write-Ahead Log) files, which frequently allows for the recovery of deleted messages and records. Furthermore, the extraction pulls system-level thumbnails that often persist long after the original media files have been deleted by the user.
• Instant Messenger Chats: Complete, un-scrubbed communication histories from secure messaging platforms. This includes full access to Telegram (including Secret Chats), Signal, Apple’s own iMessages, and a host of other messaging apps. While Signal databases are encrypted by design, the extraction agent retrieves the necessary decryption key directly from the keychain, allowing for the complete decryption and analysis of the message database.
• Detailed geolocation history, including significant locations and connections to 5G/LTE/3G cell towers, which allows to build much more detailed and comprehensive timeline with geo data.

Core Benefits

The extraction agent addresses several critical shortcomings of alternative forensic methods. It bypasses logical restrictions, as standard acquisitions are governed by the operating system’s permission model, which intentionally omits sensitive system files and third-party app data. Unlike checkm8, which only covers older chipsets, the agent-based approach works on modern SoCs (with a few notable exceptions that we will detail below). Finally, since our extraction agent implements our own proprietary communication protocol, it’s highly optimized for modern hardware interfaces. By utilizing a direct USB-C connection, it can achieve real-world transfer speeds of up to 200 MB/s, which is especially important when imaging high-capacity devices (512 GB to 2 TB) which would otherwise take hours via slower “stock” protocols.

May 2026: At a Glance

Technical information:

• Supported Devices and OS Versions: The extraction agent supports iPhones with A12 through A18-series chips, as well as iPads with A12 or newer A-series chips and M1 through M4 processors. Firmware support covers iOS and iPadOS 12.0 through 18.7.1, as well as iOS/iPadOS 26.0 and 26.0.1 on compatible devices.
• Major Exceptions: Devices based on A19, A19 Pro, and M5 chips running iOS or iPadOS 26.x are not currently supported due to Apple’s hardware-level Memory Integrity Enforcement.
• Signing Requirements: The extraction agent must be signed with an investigator-controlled Apple ID. The signing account must have a trusted Apple device linked to it to complete the mandatory two-factor authentication prompt.
• Firewall Requirement: Because Apple requires online signature validation when the agent is launched for the first time and our past workaround for non-developer Apple IDs is no longer working, a strictly configured software or hardware firewall is required. This allows the signature check while isolating the evidentiary device from iCloud synchronization, remote wipe commands, and other network activity.

Supported Devices and OS Versions

The compatibility of the extraction agent is defined by the intersection of the device’s SoC and the specific version of the operating system. Currently, the agent supports a broad range of hardware, including iPhones equipped with A12 through A18 series chips and iPads utilizing A-series (A12 and newer) or M-series (M1 through M4) processors. Regarding firmware, support generally spans from iOS 14.0 through 18.7.1. Furthermore, the agent maintains compatibility with iOS 26 and 26.0.1 for devices based on the A13 through A18 Pro chipsets, with the notable exception of the iPhone 17 series. Similarly, iPadOS 26 and 26.0.1 are supported across compatible iPad models, excluding those powered by the M5 chip.

The extraction agent supports the following iPhone models:

Forensic examiners should be aware of a specific operational quirk affecting high-end iPad Pro models, specifically the 1TB and 2TB variants equipped with 16GB of RAM. These devices may exhibit instability when applying the exploit due to significant variations in the active memory layout compared to lower-capacity models. This instability is not a failure of the agent itself but a side effect of the memory architecture. In such cases, if the agent fails to initialize or triggers an unexpected reboot, the recommended procedure is to simply re-attempt the extraction. In practice, the exploit typically succeeds after one or two additional attempts.

A more significant technical challenge is the introduction of hardware-backed Memory Integrity Enforcement (MIE), which debuted with iOS 26 on devices featuring A19, A19 Pro, and M5 processors. This security feature utilizes a mathematically generated 4-bit secret tag assigned to every memory allocation, designed to neutralize exploits such as buffer overflows or use-after-free conditions. On these specific devices (primarily the iPhone 17 series and M5-based iPads) the processor requires a matching tag to access memory. Apple’s implementation of MIE mandates strict synchronous enforcement; any tag mismatch during an exploit attempt triggers an immediate, uninterruptible CPU exception that terminates before privilege escalation can complete.

As of May 2026, MIE represents a roadblock for low-level agent-based extraction on A19 and M5 devices running iOS 26.x. While this hardware-level security effectively prevents current privilege escalation techniques, research into potential bypasses is ongoing. Preliminary laboratory results regarding a potential solution are encouraging, though these developments are currently in the early stages and are not yet ready for shared implementation.

Installation, Signing, and Network Isolation

Deploying the extraction agent requires precise configuration of both the forensic workstation and the network environment. Because Apple mandates that all sideloaded applications be signed to verify code origin, the agent must undergo a strict signing process before execution.

Furthermore, Apple’s security model now requires the operating system to perform an online signature validation check during the app’s first launch. This requirement presents a significant risk in a forensic setting, as an active internet connection could trigger iCloud synchronization or a remote wipe command. To mitigate this risk, the device must be isolated using a strictly configured firewall that whitelists only Apple’s Provisioning Profile Queue and blocks all other traffic.

The Firewall

Isolating the target device during the mandatory online signature validation is a critical step in the extraction process. To achieve this safely, we provide two options: a software-based script designed for macOS, and a hardware-based approach utilizing a Raspberry Pi microcomputer. The following articles are still relevant today:

• Extraction Agent and Firewall: Software vs. Hardware
• Sideloading the Extraction Agent using a Firewall
• Open-Sourcing Raspberry Pi Software for Firewall Functionality: Secure Sideloading of Extraction Agent

The software firewall is a script that requires a macOS computer. Its primary advantage is convenience and cost, as it requires no additional hardware beyond your existing Mac and cables. However, deploying it requires strict attention to detail. You must follow the provided setup instructions exactly as written; a single misstep in configuration can easily compromise the environment. A mistake here can result in failed signature validation or, more critically, unrestricted internet access for the evidentiary device, putting the data at risk.

The hardware firewall, on the other hand, requires an initial investment to purchase a Raspberry Pi microcomputer and necessary network adapters. While we support several single-board computers, we generally advise against using Orange Pi models, as our testing has shown them to perform unreliably in this role. The main benefit of the hardware route is its consistency. Once the initial configuration is complete, the device essentially becomes plug-and-play, allowing you to use it repeatedly without worrying about active network configurations.

For users deploying the hardware firewall on older Raspberry Pi 3 or 4 models, the custom firmware is open-source and available on our GitHub repository.

If you plan to use the newer Raspberry Pi 5, the setup differs slightly. We have a dedicated, pre-configured SD card image specifically for the Pi 5. Unlike the older versions, this image is closed-source but provided free of charge. Since it is not hosted on our public repository, you simply need to contact our support team directly, and they will provide you with the necessary image file.

Workstation and Connection Prerequisites

Before attempting to sign or install the agent, the following workstation conditions must be met:

• Internet Access: The host computer performing the signing process must be online.
• Direct USB-C Connection: Always use a direct USB-C connection from the workstation to the device (whether the device has a Lightning or USB-C port). Avoid using hubs or adapters, as they can cause connection drops or throttle extraction speeds.
• Time Synchronization: The date and time must be accurate and synchronized on both the host computer and the target mobile device.
• Antivirus Exclusions: Host antivirus software (such as Windows Defender) must be temporarily disabled. The OS-level exploits contained within the agent will frequently trigger false positives and be quarantined by security software, causing the installation to fail.

Apple ID and Signing Requirements

A common misconception is that the extraction agent must be signed using the Apple ID linked to the target device. This is incorrect; the target device’s logged-in account is irrelevant to the signing process. An investigator-controlled Apple ID must be used, subject to the following rules:

• Mandatory Trusted Device: The signing Apple ID must have a trusted Apple device linked to it to handle Two-Factor Authentication (2FA) prompts. Relying on SMS for 2FA is highly unreliable for this process; Apple may temporarily ban the account after as few as two or three SMS verification requests.
• Paid Developer Apple IDs: This is the recommended tier. It allows signing for up to 100 iPhones and 100 iPads per year.
  • Cooling-off Period: Certificates for the first 10 devices are generated instantly. For the 11th device and beyond, Apple imposes a “cooling-off” period of up to 72 hours (the status will show as ‘pending’ in the developer portal).
  • Offline vs. Online Validation: Only paid accounts registered before June 6, 2021, can perform a fully offline first launch. For all accounts created after this date, our previous offline workaround has been patched by Apple, making online validation (via a restrictive firewall) mandatory.
• Standard (Free) Apple IDs: Free developer accounts lack signing privileges and cannot be used. Regular consumer Apple IDs can be used but carry strict limitations:
  • They are limited to signing 3 devices per week.
  • The account must have a prior history of logging into iCloud from an Apple device.
  • Standard accounts require manually trusting the developer profile in the device settings, which strictly necessitates an online connection through the firewall.

Device Preparation and Troubleshooting

Several iOS security features require manual intervention during setup to establish a connection and allow the agent to run.

• Establishing Trust: A trusted connection between the device and the workstation is mandatory. If EIFT throws a handshake with lockdownd failed error, the trust pairing is corrupted. Resolve this by running the eift_cmd normal unpair command, reconnecting the cable, and accepting the trust prompt again.
• Stolen Device Protection (SDP): If SDP is active on iOS 17.3 or newer, establishing the initial trust relationship requires biometric authentication (Face ID).
• Developer Mode (iOS 16+): Developer Mode must be enabled to run the agent. The toggle for this setting only appears in the iOS settings menu after the signed app has been sideloaded. Enabling it requires entering the device passcode and performing a reboot.

Running the Extraction

Once the agent is running, follow these technical guidelines to ensure a stable extraction:

• Extraction Order: Always extract the Keychain first. It is very fast and secures critical decryption keys immediately.
• Kernel Panics: It is normal for the device to occasionally kernel panic and reboot when applying the exploit. If this occurs, wait a few minutes after the reboot and retry the process. It may take three or four attempts to achieve a stable sandbox escape.
• Physical Stability: File system extractions operate at speeds between 35 MB/s and 200 MB/s. Do not touch the device, cable, or the EIFT license dongle during this process. Ensure the host computer is configured to never enter sleep mode. Remember: extractions cannot be resumed. Any interruption will require restarting the entire extraction from the beginning.
• APFS File Sizes: The resulting .tar file may be larger than the logically used space on the device, or even larger than the device’s total storage capacity. This is normal behavior caused by how the Apple File System (APFS) handles snapshots, clones, compression, sparse files etc., as well as symlinks.
• Storage Destination: Unless you are using a fast external SSD drive with consistent write speeds, we discourage extracting directly to an external hard drive, USB flash drive, or network share (especially on Windows hosts). Instead, we recommend extracting the data to the host computer’s internal storage first, and copying it to external media only after the extraction is completely finished.