Hello , can be physical image İpad 2 (A1396) ?
Hello asparajin,
As far as I know, not yet! There have been a few 'jailbreaks' out for the A5 chipset but as far as I know, no official tool for imaging the iPad 2 has been released.
I used this forum as a discussion topic in one of my forensics classes and was advised that there actually is. Check out https://
Where is that specific issue detailed on the BlackBag site?
Under the blacklight product……under features,
I can confirm that Blacklight is capable of imaging an iPad 2.
Cheers,
Andy
My understanding is that they are not alone in the ability to image the devices, however, I wonder whether the approach offered is a clean approach with little to no footprint left. Other providers offer a solution for these devices though currently these are classed as dirty and as such we are refraining from using them.
I'd be keen to know whether Blacklight's approach would be regarded as clean or dirty? Wardy perhaps you could confirm?
Colin
asparajin questions was about a physical extraction of an iPad2.
There are NO solutions for Physical extraction of iPad2 nor iPhone 4S unless the device is jail broken (which is now probably not relevant once v5.1 was released).
All tools, support logical extraction from these 2 devices, but none support physical extraction and none work (logical or physical) when the devices are locked with a password.
Ron
Cellebrite
Indeed his question was.
So the solution may be to jailbreak the device no?
But there is indeed a solution…
As mentioned previously those which I am aware of are dirty however, **depending on the circumstances this may be acceptable**. Without knowing the reason for the original question only the question itself I would suggest that the answer of NO is incorrect.
Is the image required for research? Then the solution is good.
Is the image required for forensic evidence recovery? **Then the solution may be good depending on the circumstances**.
Of course if the device is locked and not already jailbroken then there may be a brick wall which cannot be gotten around..
Colin
It is a bit hard tell what interpretation is being given to "imaging" "physical extraction" etc when used in context with the subject matter.
Blackbag states https://
Multi-Version Operating System Analysis
Analyze Mac OS 10.0.x - Mac OS 10.7.x (Lion) systems, iOS 1.x - iOS 5.x devices and iPhone (Edge) - iPhone 4S devices, iPad and iPad2 devices, and all four generations of the iPod Touch.
The above doesn't claim Blacklight can produce a physical extraction directly from a locked iPad2, nor does it claim it can't produce a physical extraction from an unlocked working iPad2, nor does it claim it will produce a physical (or logical) extraction at all from a switched On, non-password protected iPad2. The statement suggests to me, in the absence of clarification to correct any misunderstanding, that Blacklight merely provides a capability to analyse ("analyze") the systems specified.
Elcom at their website state they can image an iPAD2 but only one that is jailbroken and simply refer to iOS5 in their chart http//
Q What about iPad 2?
Unfortunately, iPad 2 bootrom isn't vulnerable to any public exploits, so we cannot do anything with it, sorry. The only way to perform forensic analysis of iPad 2 is work with iTunes backup; if backup is password-protected and/or you want to decrypt the keychain, our Elcomsoft Phone Password Breaker will help.
Jailbreaking iPad 2 iOS 5.0.1
A further direction on jailbreaking comes from the Limera website http//
Running a combination of different tools might achieve the goal. Colin raises a useful point from which it made me wonder how close to "clean" should the methods deployed in the production of a physical extraction be before the physical extraction is said to be 100% clean i.e. that is in comparison to "dirty"?