Curious if anyone has a method for downloading iPhones or iPads when they are in the 'activate' stage after a factory reset (showing the hello screen and you have to choose language, location etc)
iPhone 5 and iPad A1475 specifically. I'm not expecting anything to remain but need to at least make the effort to show this.
When factory reset happens, the previously used encryption keys are also deleted, so it it pretty impossible to gather useful (decrypted) data from the chip.
There are theories about the wear levels and re-allocations, which might contain partial data from the previous usage, but I never met a real life case where anything useful could be recovered after a factory reset.
that's been my experience as well, but was mainly curious if anyone had successfully processed them in this state (regardless of any actual data located)
I could finish the activation process and link it to my local wifi, but forensically speaking that makes me shudder to even consider, but failing that I'm not aware of any other way I can actually show that no data is available…other than verbally saying it is so.
Don't modify the device in any way, if you do anything like that, the evidence is void no matter of it's data.
Take the phone to the closest official Apple service, pay an hour service time and get a legit paper from them stating what data is available from the phone.
Just take a photograph of the welcome screen; which is fairly clear evidence that the iDevice has been reset.
If the case is important I doubt that a picture like that would be taken in consideration.
Try the Apple service, you got nothing to loose and you could end up with an official paper from them stating that the device has no active user data.
I suspect that all the data on the
How does it show that someone is trying to cover up some things? (if this is not a bot account)
I suspect that all the data on the
iPad models have been deleted and gone for good, but this shows that someone is trying to cover up some things.
"Erase all content and settings" option in Settings obliterates all of the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible (p15 upper left corner). The keyword is inaccessible. 'Factory reset' still has encrypted data if there were before, the non-firsttime-used flash storage is unencrypted. Encrypted data is written to the storage, not the whole storage is encrypted. So dependant on ever used free storage can be unencrypted or encrypted by former keys.
It depends on what devices iOSs you have (e.g. A8 or before). Apple SoCs multiplied by iOSes can result in mulitple options. Please decide on one option e.g. A9 with iOS 10 for precise answer to your question.
See the official Apple iOS 12.1 security guide here, to learn yourself. Former security guides are online not available, you should keep these pdfs in archive for your lab.
https://
Your question was on downloading data, the answer is no. You hang in the factory reset boot process which is different from normal boot process.