Hi all,
We used Cellebrite to create an Advance Logial Method 2 image because Advance Logial Method 1 is not supported for iPhone 7s. Method 2 only extracts the multimedia and nothing else.
Is there any other forensic software or normal software that can extract all the available data from an iPhone 7 or a device with iOS 10.3 and higher?
I'm looking at mobile forensics software right now and I tested MOBILedit Forensic Express against my iPhone 6s running 10.3.2. I haven't rigorously verified that it didn't miss anything, but it appeared to pull everything.
Cellebrite is the major player in mobile forensics; are you sure you're using the most recent version? Perhaps you're missing an update?
-tracedf
Hi there, thank you for your response.
Yes we have Physical Analyzer 6.3.5 released now in July
All iOS devices are supported.
I assume that you have iTunes installed on your computer that is somehow stuck in a state that prevents PA from starting the method 1 extraction.
I suggest uninstalling and reinstalling iTunes.
Best regards,
Ron
You can contact our helpdesk for a demo license of Oxygen Forensic Detective software.
It will not only extract all the basic data, like contacts, calls, messages, and files but also carefully parse and recover lots of app data and passwords.
If iTunes backup in the examined iPhone is encrypted Oxygen Forensic Detective will automatically attempt to find the password to decrypt it.
Hi Oxygen,
Thank you.
I have submitted a ticket for the Demo license.
We have used your software with a lot of success with Nokia mobile phones.
Should this assist us with the iOS I will motivate the purchase of a new license.
Thanking you in advance
I did a lot of iPhones 7 with method 1. It is definitely possible. Please post the error message that did prevent you to use method 1.
Is it because the backup encryption is enabled? Then using another forensic tool won't help you.
Oxygen Forensic Detective software has a built-in Passware module that automatically finds passwords to encrypted iTunes backups. You can choose any of the available attacks such as brute-force, dictionary, Xieve, etc. The module uses the latest technologies including distributed processing and GPU acceleration with ATI and NVIDIA boards.
iTunes backup passwords can be bruteforced using hashcat as well, in case you look for a freeware solution.
All bruteforce methods are out of scope in case of very long or unique passwords, it doesn't matter what program you use, if the bruteforce will take hundreds of years even with the latest GPU monster boxes )
There might be an exploitable vulnerability to bypass the iTunes passwords, but so far I didn't succeed with none of my tries based on unconfirmed "rumors".