iPad investigation

Well try Oxygen Forensic Suite 2011 as it clearly mentions for its
'Changes in version 3.1 (11 March 2011) Added support for Apple iPad 2. '
and
'Changes in version 3.6.5 (25 October 2011) Added support for iOS 5.'
I believe it should work…

Unfortunately we don't use Oxygen Suite at my workplace..

It says that Cellebrite PA doesn't support the iPad, I'll ask my manager about doing a 30 day trial.

Thanks for everyone's help!

Cellebrite UFED PA does support physical extraction on the iPad / iPod and iPhone (excluding physical for iPad 2 and iPhone 4S)

Actually, these devices are supported with Physical extraction bypassing locked devices (no need to know the user lock code and unlock) and decryption iOS4 and 5 encryption
iPhone (original)
iPhone 3G
iPhone 3GS
iPhone 4 GSM
iPhone 4 CDMA
iPad 1
iPod Touch (3rd generation)
iPod Touch (4th generation)

Logical extraction and file system dump is supported for ALL iDevices.

For more details on UFED iOS Physical extraction see this manual
http//www.ume-update.com/UFED/iOS_User_Manual.pdf

Ron

Without stating the obvious, have you tried a different cable??

Are there any other applications running that may be trying to access the iPad that are causing it to not be seen.

Try running the registry cleaner built into XRY as well (previously BladeRunner) to clear any driver conflicts/issues that may be occurring.

Make sure the device is unlocked if it has a passcode enabled.

Tom

Unfortunately we don't use Oxygen Suite at my workplace..

The trial version is fully functional. Why not try that?

chloroform87

Why aren't you using Cellebrite UFED PA.
As a UFED user you have a 30 day trial of UFED PA that has also physical support (that can also bypass locked iDevices) and also supports the latest iOS5 encryption.

Check the latest UFED PA iOS user manual for more information
http//www.ume-update.com/UFED/iOS_User_Manual.pdf

RonS

How do we get this trial set up Ron?

bigjon,

Didn't you get the mailing list with instructions?

All you need to do is log into MyCellebrite, register your UFED (if you did not already) and there you will have an option to generate a UFED PA 30 day trial license.

Use this link
http//my.cellebrite.com/patrial

RonS

Thank You RonS!

I had a similar issue when I tried to extract an Apple device using the latest XRY. It just would not see it even though Windows could see it! Frustrating!

You can perform a backup in iTunes and then use XRY to parse that backup. As far as I am aware you should get the same data set back from the method described above as you would through a standard XRY extraction.

If you want to go down that route let me know and I can post up some notes to guide you through.

If you are after email, logical will not get it for you (unless the device if jail-broken). The only way is though physical methods (file system dump or full physical)

RonS