Forensic Implications of iOS Lockdown (Pairing) Records

In recent versions of iOS, successful acquisition of a locked device is no longer a given. Multiple protection layers and Apple’s new policy on handling government requests make forensic experts look elsewhere when investigating Apple smartphones.

In this publication, we’ll discuss acquisition approach to an iOS device under these specific circumstances:

1. Runs iOS 8.x through 10.x
2. When seized, the device was powered on but locked with a passcode and/or Touch ID
3. Device was never powered off or rebooted since it was seized
4. Does not have a jailbreak installed and may not allow installing a jailbreak
5. Investigators have access to one or more computers to which the iOS device was synced (iTunes) or trusted (by confirming the “Trust this PC” pop-up on the device) in the past

Read More

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...