These days, private investigators need advanced technology if they’re going to offer professional services such as mobile forensics.
In 2013, Prudential Associates invested in Cellebrite’s UFED Equipment which is a complete solution for any devices made by Apple that run on any iOS version. It enables data extraction that is forensically sound and decoding and analysis to obtain current and deleted data from Apple devices.
The iOS devices that can have data extracted include iPhone 5, iPhone 4s, iPhone 4, iPhone 3GS, iPhone 3G and iPhone 2G. The iPods covered include the iPod Touch 5G, iPod Touch 4G, iPod Touch 3G, iPod Touch 2G and iPod Touch 1G. iPad models covered include iPad 4, iPad 3, iPad 2, iPad 1 and iPad Mini.
There are different ways in which data extraction can be performed on iOS devices. For unlocked devices, file system and logical extraction are enabled on UFED Touch. For locked devices, file system extraction and physical extraction are enabled on the UFED Physical Analyzer. There is support available for locked iOS devices, when you use the UFED Physical Analyzer.
You may use UFED Physical Analyzer to extract file system and physical information. Analysis and decoding can also be performed on iOS devices that are locked, whether they have a simple or a complex passcode.
Simple passcodes are recovered during the process of physical extraction, and this enables access to keychain passwords and emails. If the device is set with a complex password, then physical extraction can be done without accessing keychain and emails. If there is a known complex password, keychain passwords and emails are still available.
The capabilities of the UFED Physical Analyzer include:
Advanced decoding and decryption techniques are used to recover mobile data deleted from SQLite databases. This includes contacts, call history, apps data, messages and more.
Cellebrite’s UFED physical analyzer features an innovative physical extraction and decoding solution for iOS devices. It is important to be able to extract data from iPhones, iPods and iPads.
The Cellebrite program is launched on the iOS device. The menu bar allows you to select the step of extracting information from the Tools menu. A support package is available at Cellebrite, if the extraction has never been done previously on the device.
In preparation to extract data, the Cellebrite connector is plugged into your computer. The iOS device should be turned off, and not connected to the cable.
The iPhone, in this case, is set to recovery mode, and the cable 110 is plugged into the iPhone. You will set the device into DFU mode, and press the home and power buttons at the same time. The iOS program will begin loading the forensics program onto the device.
At the extraction screen, you will select physical or file system extraction. Generally, a physical extraction will allow you to extract personal files like emails, texts, etc. You can also extract user and system partitions, or both. After you choose where you would like the extraction saved, you will begin the actual extraction.
After your extraction is complete, you may turn off the iOS device and exit, open a file location or open in UFED physical analyzer. Physical analyzer will allow you to view the extracted data. It will show up in its pertinent folders.
Image Source: http://sparkletechnews.com/the-history-of-apple-iphones/