Forums
Main Category
General (Technical,...
Method of decryptin...
 
Notifications
Clear all

Method of decrypting iPhone using linked computer

 
General (Technical, Procedural, Software, Hardware etc.)
4 Posts
3 Users
0 Reactions
772 Views
RSS
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 04/01/2016 3:50 pm  

This is a method I've heard of but know nothing about and hope someone can direct me to more information.

Let's say you have an iphone seized along with the PC used to sync it with itunes. I understand it's possible to decrypt the iphone using this, but how? If you simply turn the computer on and start running the iphone on it then it would no longer be forensically sound. If you obtain an image of the PC then how can you decrypt the iphone?

Is this method well practiced?


   
Quote
 senor_paul
(@senor_paul)
New Member
Joined: 10 years ago
Posts: 4
04/01/2016 7:31 pm  

I think you are referring to the lockdown file, which will bypass the pin lock (slightly different from decrypting the device)
I was going to post a detailed reply to this but Oxygen have produced a pdf which covers the main points

How to bypass iOS lockscreen protection.pdf

The technique is the same for any of the main forensic tools. Basically you are looking for the lockdown.plist file which can then be used to unlock the device. However, the massive caveat (which is in the Oxygen pdf) is that if the iPhone has been powered off at any point since being linked to the suspect's computer then the lockdown file will no longer work!

Hope that helps.


   
ReplyQuote
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 05/01/2016 12:23 pm  

I think you are referring to the lockdown file, which will bypass the pin lock (slightly different from decrypting the device)
I was going to post a detailed reply to this but Oxygen have produced a pdf which covers the main points

How to bypass iOS lockscreen protection.pdf

The technique is the same for any of the main forensic tools. Basically you are looking for the lockdown.plist file which can then be used to unlock the device. However, the massive caveat (which is in the Oxygen pdf) is that if the iPhone has been powered off at any point since being linked to the suspect's computer then the lockdown file will no longer work!

Hope that helps.

Thank you for that. It also says the lockdown file must not be older than 30 days. What if it is?


   
ReplyQuote
OxygenForensics
 OxygenForensics
(@oxygenforensics)
Estimable Member
Joined: 14 years ago
Posts: 143
11/01/2016 3:04 pm  

If the file is older than 30 days you will be able to extract only videos and photos which may contain geo location information. Other private data won't be retrieved.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: