I read an interesting article that I'd like to share with you today.
A post on Elcomsoft blog by James Duffy, titled "Demystifying iOS Data Security".



Recently I’ve been sent over a few questions from members of the community, such as “Why can’t we decrypt the data from a disabled iPhone over SSH if we know the passcode?” and “I tried to SCP a file from the device to the Mac, but getting permission errors”.

So, in this article James started answered to some questions about iOS forensics topics, such as data recovering on locked iOS devices and password bypass.

Here the answered questions:

  • Why can’t we decrypt the data from a disabled iPhone over SSH if we know the passcode?
  • I tried to SCP a file from the device to the Mac, but getting permission errors.. I even tried using chmod to set permissions!
  • Based on my searches, I found that there is a tool (called sliver I believe and referred to by appletech) that it can bypass passcode/disabled device in some circumstances. Does this mean the ability to access enter AFU using this method?

Obviously, for the answers, refer to the original post.