Hi,
We are trying to extract an iPhone 3GS using .XRY, Cellebrite and Oxygen. .XRY fails to extract anything bar the multimedia and Cellebrite gives a warning to indicate that encryption is being used. It suggests using iTunes to disable the encryption.
The exact message that Cellebrite gives is
Data encryption is enabled on this device. Phonebook and SMS extraction is not possible unless the device is connected to iTunes and encryption is disabled.
Any ideas on this?
IF you are military or law enforcement, it is possibly to use the Zdidarski method to bypass the encryption on the iPhone and do a full low-level disk image.
I would check out his methods on
Scott,
We are fortunate enough to have access to the tools so this will be the route we take.
I was curious as to how the device is encrypted. I have had a look through the menu structure and could not find anything that obviously looked like encryption settings.
Is it something that is activated in iTunes or on the device itself?
Regards,
Doug
Doug,
It seems the backup password was set in iTunes fro this device. If you have PRO version of Oxygen Forensic Suite, you can use iPhone Password Breaker (special utility developed by Elcomsoft and included into OFS package) to find the password. Then OFS will decrypt and load backup files as it would be the normal device.
Check http//
WBR, Oleg.
Doug,
I believe that the encryption is done through iTunes while the passcode can be set up on the iPhone itself.
Hope this helps.
Hi
I am having the same problem with an iPhone 4, have considered gaining authorisation to backup the phone with iTunes then examine this backup with oxygen 2010 PRO.
Will attempt to use the iPhone Password Breaker, as have had no luck with XRY or UFED or Radio Tactics.
Did Elcomsoft iPhone password breaker work for you?
Hi
I have not used the password breaker yet as it will mean backing up the iphone using itunes here at the lab. I am awaiting the original backup from the OIC, and will then use Elcomsofts brute force attack.
Who would you be getting authorization from, and why would you need it, just curious.
Hi
I am having the same problem with an iPhone 4, have considered gaining authorisation to backup the phone with iTunes then examine this backup with oxygen 2010 PRO.
Will attempt to use the iPhone Password Breaker, as have had no luck with XRY or UFED or Radio Tactics.
I would be testing this procedure on a non-evidentiary iphone first… just saying 😉