Archive for the ‘Tips & Tricks’ category

How to break ‘strong’ passwords? Is there a methodology, a step by step approach? What shall you start from if your time is limited but you desperately need to decrypt critical evidence? We want to share some tips with you, this time about the passwords saved in the Web browsers on most popular platforms.

For more than ten years, we’ve been exploring iPhone backups, both local and iCloud, and we know a lot about them. Let’s reveal some secrets about the different types of backups and how they compare to each other.

The previous publication talks about the basics of using the bootloader-level exploit for extracting iOS devices. In this article, we are posting a comprehensive step-by-step guide of using the new checkm8 capability of iOS Forensic Toolkit for performing forensically sound extractions of a range of Apple devices.

In older iPhones, the ‘file system dirty’ flag indicates unclean device shutdown, which affects the ability to perform bootloader-level extractions of Apple devices running legacy versions of iOS (prior to iOS 10.3 released in March 2017). As such, the “file system dirty” flag must be cleared before the extraction. In this article we discuss the very different forensic implications of this flag if it is set on the Data or System partitions.

Have an iPhone backup but cannot get around the password protection? I have a story to share. I was recently contacted by an old partner from the other side of the world who asked for assistance in an urgent case. He had an iTunes-style backup of a device full of critical evidence, but the password locked him out of the data.

There was a 3-fold increase in identity theft and more than 2-fold increase in phishing attacks registered in 2020 compared to 2019 according to IC3 report. A whopping 50 – 81% of attacks (depending on who you read) are targeting both corporate and private sectors to steal users’ login credentials; that is, passwords. No matter what changes happen in data security, passwords remain the most wide-spread means of protection.

iOS Forensic Toolkit 7.0 brings low-level extraction support for the latest generation of Apple devices. This includes the entire range of iPhone 12 models as well as all other devices capable of running iOS 14.0 to 14.3. Learn how to image the latest iPhone models without a jailbreak.

The iPhone recovery mode has limited use for mobile forensics. However, even the limited amount of information available through recovery mode can be essential for an investigation. Recovery access can be also the only available analysis method if the device becomes unusable, is locked or disabled after ten unsuccessful unlocking attempts, or had entered the USB restricted mode. Learn how to enter and leave Recovery and what information you can obtain in this mode.

True physical acquisition is back – but only for a handful of old devices. We’re adding support for unlocking and forensically sound extraction of some of Apple’s legacy iPhones. For iPhone 4, 5, and 5c devices, we’re adding software-based passcode unlocking and device imaging functionality. Moreover, on some models you won’t even need to break the passcode in order to make a full disk image! In this walkthrough we’ll describe the steps required to image an iPhone 4, iPhone 5 or iPhone 5c device.

DFU Mode Cheat Sheet

January 14th, 2021 by Oleg Afonin

The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.