Iphone image RAW us...
 
Notifications
Clear all

Iphone image RAW using linux

25 Posts
7 Users
0 Likes
3,261 Views
(@nocomp)
Posts: 16
Active Member
Topic starter
 

Hi to all of you, glad to have join this community, i ll feel less lonely then )
I have a question to ask you, how do you proceed for do a real complete image raw of an iphone using linux (or windows)

This is how i do, but the issue i am facing, is that i can never mount the image, either i build an img, a dmg or a .dd

this is how i do, using ssh from a laptop, we are assuming that openssh runs on the iphone

ssh root@iphone_ip dd if=/dev/rdisk0 bs=1M | dd of=iphone.img

what is wrong with that? if i set bs=4096 it doesn t work, i get invalid error.
If you have a better solution for create a raw from an iphone using linux, that interest me a lot!
thx for your time
best regards

 
Posted : 17/02/2012 5:15 pm
 Doug
(@doug)
Posts: 185
Estimable Member
 

for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset
http//www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution
http//katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft
http//www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit
http//www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-ultimate.html

 
Posted : 17/02/2012 6:06 pm
(@nocomp)
Posts: 16
Active Member
Topic starter
 

thx doug for your message.
nop i am not working as le, learning forensic on mobile, and planning to pass chfi certification soon.

i tried the katana tool, but installed failed on my mac, ill try to windows solution and let you know.
thxx a lot!
best regards
herve

 
Posted : 18/02/2012 1:11 pm
(@nocomp)
Posts: 16
Active Member
Topic starter
 

great, no freeware, noway i gonna pay for try…
so there is no reliable way to do a raw of an iphone without a credit card? '(

 
Posted : 18/02/2012 1:17 pm
(@trewmte)
Posts: 1877
Noble Member
 

Just a suggestion. Have you looked at Ubuntu?

 
Posted : 18/02/2012 1:31 pm
(@nocomp)
Posts: 16
Active Member
Topic starter
 

hi trewmte,
yep that s what i use, but aside of the dd over ssh, couldn t find any ways/ tutorials for do a raw of an iphone.
can you help?
best regards
herve

 
Posted : 18/02/2012 1:36 pm
(@trewmte)
Posts: 1877
Noble Member
 

Hi Herve

Because you are looking for possible free solution, a few posts I read that I wasn't sure whether you have read them?

http//jefferytay.wordpress.com/2011/04/25/backing-up-an-ios-device-iphone-ipad/

http//modmyi.com/forums/general-iphone-chat/681068-3gs-3-0-disk-image-dump-failure-leads-brand-new-iphone-users-tale-rage-woe-2.html

http//log.ijulien.com/post/182804914/iphone-3gs-data-recovery

http//ubuntuforums.org/showthread.php?t=1366684

http//www.tuxtree.com/2009/10/how-to-connect-iphoneipod-touch-using.html

 
Posted : 18/02/2012 6:45 pm
(@armresl)
Posts: 1011
Noble Member
 

Doug, the Elcomsoft version is also LE only so 2 of those choices the majority can't use.

Everyday I am more amazed at the companies that go this route and only supply to LE.

for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset
http//www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution
http//katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft
http//www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit
http//www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-ultimate.html

 
Posted : 18/02/2012 10:29 pm
(@nocomp)
Posts: 16
Active Member
Topic starter
 

Hi Herve

Because you are looking for possible free solution, a few posts I read that I wasn't sure whether you have read them?

http//jefferytay.wordpress.com/2011/04/25/backing-up-an-ios-device-iphone-ipad/

http//modmyi.com/forums/general-iphone-chat/681068-3gs-3-0-disk-image-dump-failure-leads-brand-new-iphone-users-tale-rage-woe-2.html

http//log.ijulien.com/post/182804914/iphone-3gs-data-recovery

http//ubuntuforums.org/showthread.php?t=1366684

http//www.tuxtree.com/2009/10/how-to-connect-iphoneipod-touch-using.html

hi,
thx a lot for your links, truelly appreciate.
from what i ve read, i ve did the right thing then with my dd command.
the question is, why you can t mount the .img image that is generated?
is it cause of bs=1M ?

best regards
herve

 
Posted : 19/02/2012 3:01 pm
(@nocomp)
Posts: 16
Active Member
Topic starter
 

Doug, the Elcomsoft version is also LE only so 2 of those choices the majority can't use.

Everyday I am more amazed at the companies that go this route and only supply to LE.

for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset
http//www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution
http//katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft
http//www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit
http//www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-ultimate.html

i agree with you, this is just pathetic, "l337 only" kind of behaviour tthat make you want to shate your app on bittorent once you scored it!

 
Posted : 19/02/2012 3:02 pm
Page 1 / 3
Share: