Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Go to court with compelling digital evidence
Quite often we got damaged smartphones for forensic examination. And, of course, chip-off technique is our best friend here. Yes, we physically remove the chip from the mobile device and use a reader to acquire data from it. Usually we use this technique for extracting data from damaged Android smartphones and classic mobile phones, but recently we have tried it for an iPhone.
It’s NAND consists of four parts, so we got four DMP files after data extraction. Each NAND page has 8 sectors with data, the 12 bytes identificator and 90 bytes ECC. The size of a page is 4224 bytes, the sector size is 524 bytes.
Here is the structure:
What is more, blocks are mixed in different parts of NAND, like in a RAID. To rebuild these four DMP files in one BIN file we used PC-3000 Flash:
We extracted the file system from the image, added it to a ZIP-archive, and imported it to Oxygen Forensic Analyst. Here are some deleted SMS-messages from sms.db:
As you can see, extracted data is successfully parsed with the tool. Anything is possible, even an iPhone chip-off.
Interests: Computer, Cell Phone & Chip-Off Forensics
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
How did you handled the encryption? – Chip off is mostly done in the cases where data is otherwise inaccessible (phone locked, damaged) so the data in the chip would encrypted and protected by secure enclave.
So, what model of iPhone was this?
this Iphone is ANY model before the “Iphone 4s”
Starting from 4s not posssible yet, except in ONE ONLY CONDITION
So DFI News led with a headline for a method that has been largely irrelevant since October 2011? I appreciate your effort, but this misdirection is more suited to BuzzFeed.
Must have been an iphone 4 or below right?
iPhone 4s and up are encrypted and as far as I know still inaccesible by chipoff.
Please do tell. I don’t see this working on anything past an Iphone 4. More info. . . .
Why do I get the feeling this is a marketing ploy from a vendor?
Do you know anybody or a company who can do it?
Сompanies do not offer recovering data from damaged Apple devices (like iPhones, iPads).
Those are “TOOLS”
“JTAG and Chip-Off Equipment List”
the question is: have you ever tried any of those?
its like listing some Data Recovery App. and MAYBE 1 or 2 of them supports XFS FS.
Igor`s work is possible and correct.
you will need more than googling Bob
Save my name, email, and website in this browser for the next time I comment.
Speak to a Specialist Now
Get Help Now