What can a forensic expert find in an Outlook data file? Can they recover deleted emails, contacts and appointments from Microsoft Outlook? Can users erase unwanted correspondence from Outlook? In this article, we’ll demonstrate how experts can recover valuable information from Outlook data files (PST/OST), including deleted emails, contacts, attachments, and appointments. Even when users attempt to erase unwanted correspondence, traces often remain within the database. With the right tools, experts can extract and analyze this hidden data to uncover critical evidence.

Advanced Intuit Password Recovery received a major overhaul, adding support for Intuit QuickBooks 2024. For QuickBooks’ annual update, we are excited to provide the complete solution for safe, instant, unconditional password removal. This enhancement addresses a persistent issue in earlier versions, making user management more reliable and efficient for users, IT professionals, and digital forensic specialists.

Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could utilize a regular, non-developer Apple ID. Today, we are bringing this feature to Windows and Linux editions of iOS Forensic Toolkit.

Apple accounts are used in mobile forensics for sideloading third-party apps such as our own low-level extraction agent. Enrolling an Apple ID into Apple Developer Program has tangible benefits for experts, but are they worth the investment? Some years back, it was a reassuring “yes”. Today, it’s not as simple. Let’s delve into the benefits and limitations of Apple Developer accounts in the context of mobile forensics.

iOS Forensic Toolkit comes in three flavors, available in macOS, Windows, and Linux editions. What is the difference between these edition, in what ways is one better than the other, and which edition to choose for everyday work? Read along to find out.

Twelve years ago, we introduced an innovative way of accessing iPhone user data, retrieving iPhone backups straight from Apple iCloud. As our iCloud extraction technology celebrates its twelfth anniversary, it’s a fitting moment to reflect on the reactions it has provoked within the IT community. Let us commemorate the birth of the cloud extraction technology, recap the initial reactions from the forensic community, and talk about where this technology stands today.

Forensic acquisition using Elcomsoft iOS Forensic Toolkit (EIFT) has undergone significant changes over the last few years. The earlier major branch, EIFT 7, was a carefully crafted but Windows-only script that automated the use of several bundled tools and guided the user without requiring them to know how to use each of them individually. EIFT 8 brought many new features, a more powerful interface and widespread support for new devices and host operating systems. Due to restrictions and challenges, not all features were immediately available on all platforms. There are still some minor differences in features between Windows, Linux, and macOS versions of the tool.

In the realm of iOS device forensics, the use of the checkm8 exploit for low-level extractions has become a common practice. However, when using this method, you may occasionally need to remove the device’s screen lock passcode, which can lead to several undesirable consequences. In this article, we’ll study these consequences and learn when you need a screen lock reset, when it can be avoided, and how what the latest iOS Forensic Toolkit has to do with it.

iOS backup passwords are a frequent topic in our blog. We published numerous articles about these passwords, and we do realize it might be hard for a reader to get a clear picture from these scattered articles. This one publication is to rule them all. We’ll talk about what these passwords are, how they affect things, how to recover them, whether they can be reset, and whether you should bother. We’ll summarize years of research and provide specific recommendations for dealing with passwords.

In iOS device forensics, the process of low-level extraction plays a crucial role in accessing essential data for analysis. Bootloader-level extraction through checkm8 has consistently been the best and most forensically sound method for devices with a bootloader vulnerability. But even though we brought the best extraction method to Linux and Windows in recent releases, support for iOS 16 on these platforms was still lacking behind. In this article we’ll talk about the complexities in iOS 16 extractions and how we worked around them in the newest release of iOS Forensic Toolkit.