Thanks Ron,

How long does the decoding/decryption usually take if strong encryption and password protection are turned on? (from a chipoff image) Doesn't it have to brute-force the password or key?  

It depends on many factors and will not always work.
See PM  

Gregg,

To answer your question I think that you will have no luck getting anything back if the device has had the passcode entered incorrectly X times and caused a wipe to commence.

I had this same issue with a customer who gave me 12 variations of a password to try, obviously I was going to only be able to try 10 of those, so, after prioritising the list of 12, 10 passwords were entered, each of which was unsuccessful. The device commenced the wiping operation. I attempted to remove the battery and replace, but the wiping continued once the battery was replaced.

After this I took a physical acquisition using UFED and got absolutely nothing back. It is my understanding that the wipe operation doesn't just replace the file system but actually zeros out the memory space first.

If my memory serves me correctly it was an 8520 which I did this on.

Colin
_________________
Colin Mortimer
FishNet Security 

Thanks Colin, appreciate your reply. You are confirming with the model you tested what the early report wrote about BB's on-board security enabled wipe capability is still relevant today.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup