← Back to database

Predaxia Research

ElcomSoft

ElcomSoft Co. Ltd. · Russia

ActiveEU Russia sanctions context
3

Confidence 3/5

VendorElcomSoft Co. Ltd.
Country of originRussia (Moscow)
Founded1990
FounderAlexander Katalov
Current statusActive
US Entity ListNo (sanctions context tied to Russia generally)
Notable caseDmitry Sklyarov (2001), DMCA prosecution

Technical capabilities

ElcomSoft is one of the oldest commercial password-recovery and forensic-extraction vendors, predating the modern mobile-forensics industry. Its product line covers iOS, Android, BlackBerry, Windows and macOS extraction, password recovery for archives and encrypted containers (PDF, Microsoft Office, ZIP, RAR), and cloud-based acquisition for Apple iCloud, Google services, Microsoft accounts and selected social platforms.

The flagship iOS Forensic Toolkit (iOS FT) historically relied on jailbreak vulnerabilities to extract full file-system images. ElcomSoft maintains active research against current iOS versions but publicly trails Cellebrite UFED Premium and GrayKey in After First Unlock and Before First Unlock support against current iPhone hardware.

Documented use

ElcomSoft’s historical visibility in Western markets predates the 2022 Russian invasion of Ukraine. Pre-2022 customers included Western law enforcement, military, and intelligence agencies, primarily for password-recovery use cases that did not require physical device unlock.

Within Russia, the company has long-standing relationships with Russian state agencies. Independent verification of operational links between ElcomSoft tooling and Russian internal repression is limited but the assumption of state availability is widely held in the forensic community.

The 2001 prosecution of ElcomSoft programmer Dmitry Sklyarov in the United States under the Digital Millennium Copyright Act, following his presentation at DEF CON 9 on Adobe eBook protection bypass, remains a landmark in software-research legal history. ElcomSoft was acquitted at trial.

Customer states

Public reporting identifies historic customers including the United States, United Kingdom, Germany, Italy, and other NATO members for password-recovery products. Sales to Western government customers have substantially decreased since the imposition of post-2022 sanctions against Russian entities. Continued Russian state customer relationships are presumed.

Legal and sanctions status

  • Not specifically on the US Department of Commerce Entity List.
  • Subject to general EU and UK Russia-related sanctions affecting Russian technology and cyber exports.
  • Not designated by US OFAC.
  • EU dual-use export regulation restricts certain forensic-tool transactions involving Russian entities.

Technical countermeasures

  • Strong passcode and hardware keys: defeats password-recovery brute force.
  • iCloud Advanced Data Protection: end-to-end encrypts iCloud categories, removes Apple-side acquisition risk.
  • Encrypted archive standards: AES-256 with strong passphrase, KeePassXC or VeraCrypt for sensitive containers.
  • Avoid weak password reuse: ElcomSoft’s password-recovery products rely on dictionary, hybrid and brute-force attacks against weak credentials.
  • Disk and device wipe: full disk encryption with secure-erase on rotation.
For at-risk individuals. Older password-protected archives and offline-encrypted documents are particularly vulnerable to ElcomSoft tooling if weak or recycled credentials were used. Audit and rotate sensitive containers with current standards.

Update log

March 22, 2026: Documentation added. Sourced from EFF archival case files on the Sklyarov prosecution, ElcomSoft public product documentation, Wired historical reporting, EU sanctions framework and US BIS Russia controls guidance.


There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.