Cellebrite PA iPhone extraction error
good evening all,
im fairly new to digital forensics, and I have recently encountered a problem that I have never seen before.
I am attempting to extract an iPhone XR by utilizing cellebrite physical analyzer. When I get to the extraction to choose between method 1 and method 2, I get the following error:
“method 1 and method 2 cannot be used, because the device was not unlocked (with a pin code) after it was reset”.
i have reset the device and used the proper security pin code, but I am still getting the same error.
any help would be much appreciated!!
Have you tried using UFED 4 PC for an advanced logical?
I use UFED PA & 4PC on a weekly basis and haven't come across that specific error message when dealing with reset phones. I would update the PA to the latest release. Are you able to unlock the phone with the pin and view the phone's contents?
Is it a work iPhone? Does it have some kind of MDM (Mobile Device Management) enabled?
I have come across a few MDM enabled iPhones and they generally disable data over the cable port. The only exception to accessing data over teh cable port is the administation computer that exists somewhere in the company that administers the phone. There are two ways to get data from an iPhone under these circumstances:
1. Use the checkm8 exploit to get a full filesystem. The boot loader basically negates the MDM from preventing access to cable port. (This method won't work on an iPhone XR though)
2. Contact the business/company that own the phone and get them to do an iTunes backup (or MDM equivelent) using the adminstration terminal.
One of the common ways I first spot that MDM is enabled is when I go to set the Auto-Lock to "Never" but the "Never" option isn't avaiable. Quite often I have found with MDM that the maximum I can set autolock for is 5 minutes.