Can you jailbreak a...
 
Notifications
Clear all

Can you jailbreak an iPhone to achieve physical extraction?

6 Posts
5 Users
0 Likes
610 Views
(@wotsits)
Posts: 253
Reputable Member
Topic starter
 

We know that IF an iPhone is jailbroken you can get a full physical extraction from it, but if it's not then on anything newer than a 4s a logical is your only option.

How about if a new iPhone model comes in unlocked, can you jailbreak the device yourself so you can then perform a full physical extraction on it? Is that permissible and would work or is that a big no no in forensics?

 
Posted : 05/02/2016 10:05 am
(@skulkin)
Posts: 38
Eminent Member
 

Elcomsoft iOS Forensic Toolkit is a good tool for physical extractions.

You can learn more about the tool here

https://www.elcomsoft.com/eift.html

The main problem for iOS physical extractions is encryption, so I don't think that we will be able to acquire next iPhone/iPad models using this method. I think, next model will be even more secure.

 
Posted : 05/02/2016 12:15 pm
(@droopy)
Posts: 136
Estimable Member
 

ALL iphones could be jailbreak.
We offer this method for goverment, as iphone has a design flaw and ALL could be jailbreak in less than 2 minutes. (not using the public tools which are limited)

If you are a goverment agency contact me, else, try to find a public jailbreak tool

 
Posted : 05/02/2016 10:24 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

We offer this method for goverment, as …

Out of curiosity, who are the "we"?

jaclaz

 
Posted : 05/02/2016 11:46 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

wotsits

Please note the following in regards to your questions

Q1) How about if a new iPhone model comes in unlocked, can you jailbreak the device yourself so you can then perform a full physical extraction on it?

A1) There is generally a difference between "unlocking" a phone, which typically means allowing a phone to be used with a different phone carrier than originally intended, and "jailbreaking" a phone, which typically means changing the encryption keys that are used to encrypt or "protect" the internal contents of a given phone.

For example, phone carriers themselves can provide "unlock" codes that will allow one to then use a phone with a new carrier.

However, unlocking a phone does not change the encryption keys protecting the internal contents of a phone itself.

Q2) Is that permissible and would work or is that a big no no in forensics?

Your considerations regarding jailbreaking or rooting a phone should include, but not be limited to

A. Do I have the consent of the owner of the phone to jailbreak or root the phone?

B. Have I discussed in advance the possible negative effects that can result from jailbreaking or rooting with the attorney(s) I am working at the direction of such as

1. The sensitive contents of the phone such as credit card numbers and passwords may be uploaded to the jailbreaking/rooting software company itself; there is no "free" lunch in this world.

2. The phone may have to, for all intents and purposes, be sacrificed due to the security damage that jailbreaking/rooting will cause. Although it is possible to un-root or un-jailbreak a phone, I have seen reports (please Google them yourself), that malware can remain on a phone even after a factory reset/re-installation of a factory ROM is performed. Depending upon your client, it may be an economic hardship to sacrifice their phone and purchase a new one.

3. Licensing considerations a company that owns 50 iPhones may not want to take on the additional legal risk of breaking their phone's licenses with Apple.

So, in my own civil practice I set my clients' expectations appropriately upfront that a logical or file system forensic extraction may not or more likely will not extract as much potential evidence as a physical forensic extraction but that a physical forensic extraction may not be possible due to unsurmountable encryption or that rooting/jailbreaking a phone may not be reasonable due to the risks and problems listed above.

I cannot speak to experts working in support of criminal cases, but I imagine they will not jailbreak nor root a phone without the upfront written consent of an officer of the court.

Hope this helps.

Regards,

Larry

 
Posted : 06/02/2016 2:58 am
(@wotsits)
Posts: 253
Reputable Member
Topic starter
 

When I said unlocked I didn't pin unlocked to any network - I meant NOT passcode locked so we are assuming that you are able to obtain a logical in the first place and the ability exists further to jailbreak the device.

My question can be broken down into 2 parts

1) In the law enforcement/private sector, would jailbreaking the device be a permissible means to obtaining a full physical acquisition, or would that totally change the device so much that any evidence you obtained from it anyway would be thrown out of court because this is not an acceptable method? Does anyone know of cases where this has been applied?

2) Assuming you decided to jailbreak the device, would you retroactively be able to have access to everything that was previously deleted on the chip before the jailbreak or would the jailbreak start it over fresh and possibly overwrite previous data? What I mean is would it only be any use of the suspect device was already being used jailbroken for quite some time previously?

 
Posted : 06/02/2016 5:30 am
Share: