The majority of mobile devices today are encrypted throughout, making extractions difficult or even impossible for major platforms. Traditional attack vectors are becoming a thing of the past with encryption being moved into dedicated security chips, and encryption keys generated on first unlock based on the user’s screen lock passwords. Cloud forensics is a great alternative, often returning as much or even more data compared to what is stored on the device itself.
Switching the iPhone into DFU mode is frequently required during the investigation, especially for older devices that are susceptible to checkm8 exploit. However, switching to DFU requires a sequence of key presses on the device with precise timings. If the device is damaged and one or more keys are not working correctly, entering DFU may be difficult or impossible. In this guide, we offer an alternative.
When analyzing connected computers, one may be tempted to pull the plug and bring the PC to the lab for in-depth research. This strategy carries risks that may overweigh the benefits. In this article we’ll discuss what exactly you may be losing when pulling the plug.