±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35894
New Yesterday: 0 Visitors: 133

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

ISP Extraction - Worth Training For?

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

jaclaz
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 18:45

- passcodeunlock
the_Grinch is right, in certain situations the encryption keys can be found and used to decrypt the userdata partition.

Sure Smile , and the issue is now swiftly shifted onto the meaning (or frequency of occurrence) of "certain situations".

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

passcodeunlock
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 26, 19 21:45

To make it short, we got a 82% success rate over the last 5 years, out of almost 10000 devices. This is a strong base for calculating "certain situations". Please note that not all the devices we had were encrypted, but lately all are.

The success rate will decrease in time a bit, but still chip-off / JTAG / ISP is part of our life, I consider they are worth learning Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

jaclaz
Senior Member
 

Re: ISP Extraction - Worth Training For?

Post Posted: Feb 27, 19 12:10

- passcodeunlock
To make it short, we got a 82% success rate over the last 5 years, out of almost 10000 devices. This is a strong base for calculating "certain situations". Please note that not all the devices we had were encrypted, but lately all are.

The success rate will decrease in time a bit, but still chip-off / JTAG / ISP is part of our life, I consider they are worth learning Smile


Yep. Smile

That is actually the WHOLE point.

Vague data (particularly when aggregated) is and remains meaningless.

You provided data for a period that (roughly) covers:
  • 4 years (please read as 80 %) where devices were largely[1] unencrypted and/or had anyway different access/imaging possibilities
  • 1 year (please read as 20 %) where devices were largely[2] encrypted and where no other access/imaging possibilities exist.

I am not particularly impressed by the 82% "historical" success rate, it seems to me more relevant to know (assuming the rough sustained average of 1 device per working day in the last 5 years) how many of the 20 or so devices you analyzed in the last month:
1) Were encrypted
2) Were successfully unencrypted by post-processing after ISP extraction

jaclaz


[1][2] and a definition for "largely" is still needed
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 2 of 2
Page Previous  1, 2