±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34714
New Yesterday: 0 Visitors: 279

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Forensic Focus - Iphone image RAW using linux - Digital Forensics Forums Mobile Phone Forensics - Iphone image RAW using linux

Forensic Focus

Mobile Phone Forensics

Iphone image RAW using linux

Iphone image RAW using linux

Posted: Fri Feb 17, 2012 11:15 am
Author: nocomp Location: france
Hi to all of you, glad to have join this community, i ll feel less lonely then Smile
I have a question to ask you, how do you proceed for do a real complete image raw of an iphone using linux (or windows)

This is how i do, but the issue i am facing, is that i can never mount the image, either i build an img, a dmg or a .dd

this is how i do, using ssh from a laptop, we are assuming that openssh runs on the iphone:

ssh [email protected]_ip dd if=/dev/rdisk0 bs=1M | dd of=iphone.img

what is wrong with that? if i set bs=4096 it doesn t work, i get invalid error.
If you have a better solution for create a raw from an iphone using linux, that interest me a lot!
thx for your time
best regards

Re: Iphone image RAW using linux

Posted: Fri Feb 17, 2012 12:06 pm
Author: Doug Location: UK
for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset:
www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution:
katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft:
www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit:
www.cellebrite.com/mob...imate.html

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 7:11 am
Author: nocomp Location: france
thx doug for your message.
nop i am not working as le, learning forensic on mobile, and planning to pass chfi certification soon.

i tried the katana tool, but installed failed on my mac, ill try to windows solution and let you know.
thxx a lot!
best regards
herve

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 7:17 am
Author: nocomp Location: france
great, no freeware, noway i gonna pay for try...
so there is no reliable way to do a raw of an iphone without a credit card? :'(

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 7:31 am
Author: trewmte Location: UK
Just a suggestion. Have you looked at Ubuntu?

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 7:36 am
Author: nocomp Location: france
hi trewmte,
yep that s what i use, but aside of the dd over ssh, couldn t find any ways/ tutorials for do a raw of an iphone.
can you help?
best regards
herve

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 12:45 pm
Author: trewmte Location: UK
Hi Herve


Because you are looking for possible free solution, a few posts I read that I wasn't sure whether you have read them?


jefferytay.wordpress.c...hone-ipad/

modmyi.com/forums/gene...woe-2.html

log.ijulien.com/post/1...a-recovery

ubuntuforums.org/showt...?t=1366684

www.tuxtree.com/2009/1...using.html

Re: Iphone image RAW using linux

Posted: Sat Feb 18, 2012 4:29 pm
Author: armresl Location: Indiana
Doug, the Elcomsoft version is also LE only so 2 of those choices the majority can't use.

Everyday I am more amazed at the companies that go this route and only supply to LE.

- Doug
for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset:
www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution:
katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft:
www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit:
www.cellebrite.com/mob...imate.html

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 9:01 am
Author: nocomp Location: france
- trewmte
Hi Herve


Because you are looking for possible free solution, a few posts I read that I wasn't sure whether you have read them?


jefferytay.wordpress.c...hone-ipad/

modmyi.com/forums/gene...woe-2.html

log.ijulien.com/post/1...a-recovery

ubuntuforums.org/showt...?t=1366684

www.tuxtree.com/2009/1...using.html


hi,
thx a lot for your links, truelly appreciate.
from what i ve read, i ve did the right thing then with my dd command.
the question is, why you can t mount the .img image that is generated?
is it cause of bs=1M ?

best regards
herve

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 9:02 am
Author: nocomp Location: france
- armresl
Doug, the Elcomsoft version is also LE only so 2 of those choices the majority can't use.

Everyday I am more amazed at the companies that go this route and only supply to LE.

- Doug
for direct trouble shooting it might be helpful to post up the Hardware and iOS versions you are dealing with.

In relation to tools that can image the iPhone the obvious first question relates to your employment. Are you working in Law Enforcement?

If you are LE then you can apply for free access to the Zdziarski toolset:
www.iosresearch.org/
They work on both Linux and Mac

Otherwise if you have access to a Mac then Sean at Katana offers a good solution:
katanaforensics.com/

My personal preference at the moment (due to its Windows and Mac support) would be the offerings from Elcomsoft:
www.elcomsoft.com/eift.html

There are other solutions that offer iPhone imaging as part of their arsenal such as the Cellebrite Ultimate unit:
www.cellebrite.com/mob...imate.html


i agree with you, this is just pathetic, "l337 only" kind of behaviour tthat make you want to shate your app on bittorent once you scored it!

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 11:29 am
Author: steve91386 Location: USA
You have access to a Mac, and depending on the hardware you are trying to image, Katana Forensics offers a free imaging tool called LanternLite; katanaforensics.com/la...anternlite

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 11:36 am
Author: nocomp Location: france
hi steve,
thxx i ve found this one, but couldn t install it on the mac, got an error during install :/ "lantern lite run preflight script"
#fail #coarsed!

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 11:45 am
Author: steve91386 Location: USA
- nocomp
hi steve,
thxx i ve found this one, but couldn t install it on the mac, got an error during install :/ "lantern lite run preflight script"
#fail #coarsed!


Try downloading all the components again and reinstall. I've used this tool extensively with great success, if you've got a device that it supports and you're really looking for a free tool it'd be worth the effort to get it running.

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 11:49 am
Author: nocomp Location: france
i agree with you steve, but what component you talk about? there is just a .zip file to download.

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 11:56 am
Author: steve91386 Location: USA
- nocomp
i agree with you steve, but what component you talk about? there is just a .zip file to download.


If you got the ZIP from Katana there is a PDF included that has links to firmware downloads for use with RedSnow. I'm not sure whats causing your error, and seeing as it's early morning here I haven't had my coffee Idea shoot me a PM and I'd be happy to help you the best I can.

Re: Iphone image RAW using linux

Posted: Sun Feb 19, 2012 12:00 pm
Author: nocomp Location: france
oulaaa never used redsnow, it seems i ll need some help there. thx for your help Smile
have a cofee, me i have to build furniture for my daughter, otherwise i ll end the day as "just divorced" and then tonite (here in france) i ll have a look to it.
if you use skype, please add no-comp in your list Smile
thx for your time
best regards
herve

Re: Iphone image RAW using linux

Posted: Mon Feb 20, 2012 12:24 pm
Author: nocomp Location: france
well i just did everything that is required, i get an install error when installing lantern, i guess it s cause of my mac version 10.5.8 #fail

Re: Iphone image RAW using linux

Posted: Mon Feb 20, 2012 2:25 pm
Author: AlexC Location: UK
What version of iOS was the device running? Could the problem here be that you've got an encrypted dump?

Re: Iphone image RAW using linux

Posted: Mon Feb 20, 2012 4:13 pm
Author: nocomp Location: france
well i doubt it has anything to do with the device, it s not even plug during the install.
it runs the latest update.
the device got iPhone2,1_5.0.1_9A405_Restore.ipsw installed.
thx for your time
best regards
herve

Re: Iphone image RAW using linux

Posted: Tue Feb 21, 2012 7:35 pm
Author: wksk Location: Orlando FL
- nocomp
great, no freeware, noway i gonna pay for try...
so there is no reliable way to do a raw of an iphone without a credit card? :'(


If all you are looking for is a way to dd the iphone try

msftguy.blogspot.com/2...n-and.html

there is an automatic version now. i usually use dd in the cygwin package to connect and get the image.


Mount the drive

Everything
ssh [email protected] dd if=/dev/rdisk0 bs=1M | dd of=iphone-dump.img


Just the system partition:
ssh [email protected] dd if=/dev/rdisk0s1 bs=1M | dd of=iphone-root.img


Just the user data partition:
ssh [email protected] dd if=/dev/rdisk0s2s1 bs=1M | dd of=iphone-user.img

Re: Iphone image RAW using linux

Posted: Tue Feb 21, 2012 8:03 pm
Author: nocomp Location: france
hi wksk,
thx for this tool, i didn t knew it.
the dd over ssh is what i normaly do, but impossible to mount the img file, never understoud why:/
the prob of this technic, is htat you need to have the iphone jailbreak with ssh running.
there is no other way where you can simply plug an iphone and create an image of it without ssh?
thx for your time
best regards
herve

Re: Iphone image RAW using linux

Posted: Tue Feb 21, 2012 8:16 pm
Author: wksk Location: Orlando FL
- nocomp
hi wksk,
thx for this tool, i didn t knew it.
the dd over ssh is what i normaly do, but impossible to mount the img file, never understoud why:/
the prob of this technic, is htat you need to have the iphone jailbreak with ssh running.
there is no other way where you can simply plug an iphone and create an image of it without ssh?
thx for your time
best regards
herve


If you read on the tool, it loads ssh into ramdisk. It is basically plug in play with this new automatic version, before you had to make custom ramdisks for each model, now it detects what model phone and auto downloads the correct files. Then use dd to image phone or winscp if you just want file access. this is what i use my office most of the time. Nothing is done permanently unless you yourself write to the file system. just mount the img file in r-studio or winhex raw scan.

Re: Iphone image RAW using linux

Posted: Tue Feb 21, 2012 8:22 pm
Author: nocomp Location: france
thxxx i gonna give it a try tomorrow (late here) and i let you know how it goes Smile
thxx ofr the tip!

Re: Iphone image RAW using linux

Posted: Wed Feb 22, 2012 7:04 am
Author: nocomp Location: france
jaav error on mac, same on linux :'( #coarsed

Re: Iphone image RAW using linux

Posted: Wed Feb 22, 2012 3:19 pm
Author: wksk Location: Orlando FL
I have only used it on windows and make sure you download the 32 bit jre
All times are GMT - 6 Hours
Page 1 of 1
https://www.forensicfocus.com/