±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32365
New Yesterday: 8 Visitors: 150

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

iPhone SE with UFED-UFED touch 2

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

iPhone SE with UFED-UFED touch 2

Post Posted: Fri Mar 17, 2017 7:26 pm

Hi,

i just made extraction for a iphone SE with IOS 10.

I made the logical extraction and the filesystem with UFED touch 2.

After that i made the extraction on my forensic computer with UFED software IOS extraction device. I made method 1 and method 2.

When i put all 4 extraction on UFED, it seem that i dont have the same data. I mean if a compare the logical extraction (UFED touch2) and method 1 of UFED software, i have not the same total of SMS, video, photos, etc.

I still have some of the same stuff but depend on the extraction type.

Anybody have this issue ?  

stefspvq
Member
 
 
  

Re: iPhone SE with UFED-UFED touch 2

Post Posted: Sat Mar 18, 2017 2:17 am

I usually only use Methode 1 in Physical Analyzer (be sure to use encryption when asked). It is basically an iPhone backup.

As far as I know there's not really additional useful information included in the other extraction methods.

Method 2 was sometimes useful with older iOS versions (only way to extract pictures synced via iTunes) but got less and less important over time. It is not compatible with iOS 10 anyways as Apple has closed that loophole.

I think doing an extraction on UFED itself also extracts stuff like iTunes Music files, album covers (which Apple doesn't include in its backup service, thus it is not contained in Method 1) but no information that could be relevant.

If you want to dig deeper you need to jailbreak the device (provided the iPhone and iOS version allow it) and install the apple file service via cydia. After doing that, method 3 will magically appear in Physical Analyzer and you'll get a lot of additional information.  

SamBrown
Senior Member
 
 
  

Re: iPhone SE with UFED-UFED touch 2

Post Posted: Sun Mar 19, 2017 7:01 am

When i do additionnal extraction i've got more sms, more chat(imessage).... Very strange that ufed decode more of this stuff in another type of extraction.

Right now i'm thinking doing all 4 methods, put in ufed in the same extraction to have it all.  

stefspvq
Member
 
 
  

Re: iPhone SE with UFED-UFED touch 2

Post Posted: Mon Mar 20, 2017 2:45 am

- SamBrown


If you want to dig deeper you need to jailbreak the device (provided the iPhone and iOS version allow it) and install the apple file service via cydia. After doing that, method 3 will magically appear in Physical Analyzer and you'll get a lot of additional information.


Method 3 for obtaining a physical will only work upto iPhone4s on jailbroken handsets.

If jailbroken you could SSH into the handset to obtain a physical.  

dandaman_24
Senior Member
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 1