Originally released in September 2016, iOS 10 was regularly updated for most devices until July 2017. The 64-bit iPhones capable of running iOS 10 range from the iPhone 5s to iPhone 7 and 7 Plus. While one is hardly likely to encounter an iOS 10 in the wild, forensic labs still process devices running the older version of the OS. In this update, we’ve brought support for jailbreak-free extraction back to the roots, adding support for the oldest version of iOS capable of running on the iPhone 7 generation of devices. Let’s see what it takes to extract an older iPhone without a jailbreak. In addition, we have expanded support for the Apple TV devices, now offering keychain decryption in addition to file system extraction for both Apple TV 4 (Apple TV HD) and Apple TV 4K running tvOS 13.4 through 13.4.5.

“We shouldn’t ask our customers to make a tradeoff between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.” Guess who said that? The answer is at the end of the article. In the meantime, we keep talking of iPhone and iOS security, following up the Apple vs. Law Enforcement – iOS 4 through 13.5 article. This time we are about to discuss some other aspects of iOS security.

Every other day, Apple makes the work of forensic specialists harder. Speaking of iCloud, we partially covered this topic in Apple vs. Law Enforcement: Cloud Forensics and Apple vs Law Enforcement: Cloudy Times, but there is more to it today. The recent iOS (13.4) and macOS (10.15.4) releases brought some nasty surprises. Let’s talk about them.

In our recent article iPhone Acquisition Without a Jailbreak I mentioned that agent-based extraction requires the use of an Apple ID that has been registered in Apple’s Developer Program. Participation is not free and comes with a number of limitations. Why do you need to become a “developer”, what are the limitations, and is there a workaround? Read along to find out.

Just days ago, we have reviewed the data stored in iCloud, and studied its encryption mechanisms. We also discussed the discrepancies between the data that is stored in the cloud and the data that’s provided to the law enforcement. In case you missed it, make sure to check out Apple vs. Law Enforcement: Cloud Forensics. Today, the differences are great; Apple is using point-to-point encryption to protect certain types of data. However, it has not always been that way. Apple security model changed year after year. This article reviews the timeline of Apple security changes over time.

What can possibly go wrong with that iPhone? I’ll have a look (oh, it’s locked!), then switch it off, eject the SIM card and pass it on to the expert. Well, you’ve just made three of the five most common mistakes making subsequent unlock and extraction attempts significantly more difficult. Learn about the most common mistakes and their consequences.

What is DFU, and how is it different from the recovery mode? How do you switch the device to recovery, DFU or SOS mode, what can you do while in these modes and what do they mean in the context of digital forensics? Can you use DFU to jailbreak the device and perform the extraction if you don’t know the passcode? Read along to find out.

For us, this year has been extremely replete with all sorts of developments in desktop, mobile and cloud forensics. We are proud with our achievements and want to share with you. Let’s have a quick look at what we’ve achieved in the year 2019.

The past two years introduced a number of challenges forensic experts have never faced before. In 2018, Apple made it more difficult for the police to safely transport a seized iPhone to the lab by locking the USB port with USB restricted mode, making data preservation a challenge. The release of the A12 platform, also in 2018, made it difficult to unlock iOS devices protected with an unknown password, while this year’s release of iOS 13 rendered unlock boxes useless on iPhones based on the two most recent platforms.

Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms, they have many tangible benefits. They can be as complex or as easy to remember as needed; they can be easy to use and secure at the same time (if used properly).