We are committed to providing not only powerful commercial solutions but also a selection of free forensic tools. These utilities serve as a good companion to our main product line while offering valuable standalone functionality for digital investigators and IT professionals. You are free to use these tools for any legal purposes; please note, however, that these free tools are intended for your use only and cannot be redistributed in any way.
There is more to come! We are developing additional forensic tools designed to help investigators simplify their tasks and boost efficiency.
All utilities listed below are available free of charge and may be used for any lawful purposes; the license prohibits distribution and resale.
Elcomsoft Encrypted Disk Hunter (EEDH) - is a lightweight utility designed to help investigators quickly locate encrypted volumes on a computer being analyzed. EEDH scans the system for popular encryption containers, such as BitLocker, VeraCrypt, and TrueCrypt, as well as encrypted virtual machines.
The tool is easy to use and requires no installation. It provides a concise report listing all detected encrypted volumes and virtual machines, making it an essential first step in digital evidence collection. EEDH is particularly useful for triage and preliminary analysis, helping professionals identify potential sources of protected data.
File System Tool (FSTOOL) is a command-line tool designed for mounting images extracted from legacy iOS devices that feature Apple HFS and APFS file systems on Windows computers. While such images are easy to mount on macOS, Windows lacks native support for Apple file systems. FSTOOL implements this support as a fused file system, and enables investigators to access and analyze file system images from iOS devices on Windows systems.
EIFTPI is open-source software for a range of microcomputer devices such as Raspberry Pi and Orange Pi designed to provide firewall functionality for sideloading, signing, and verifying the extraction agent. Best used together with iOS Forensic Toolkit and agent-based extraction, this software turns a compatible Pi device into a functional firewall restricting access to only a range of whitelisted addresses required to sign and verify the extraction agent when sideloading using regular and developer Apple accounts.
picoScrollNScreenshot is open-source software for Raspberry Pi Pico boards to enable making long, scrollable screen shots in a semi-automatic fashion. Available for all devices and most versions of iOS, it works with most iOS/iPadOS devices starting with iOS 14.
By taking a series of screenshots of what is displayed on a connected iOS device, investigators can gather digital evidence that may not be accessible through other means, such as advanced logical acquisition, where data such as protected chat histories may not be available. In a way, the new feature can be viewed as another extraction tool complementing the cloud, advanced logical, and low-level extraction methods.