Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Nowadays people hold strong views about the importance of privacy in their everyday lives. This affects their digital data either. More and more often digital forensic examiners find encrypted during thier investigations. As you know, an iTunes backup can be encrypted with a password chosen by the device user. There are a few tools on the market, that can help an examiner to decrypt it. Today we are going to show you how to crack such password with one of them – Elcomsoft Phone Breaker.
This tool is able to crack backup passwords of Apple devices of all generations released to date, including the iPhone 6S Plus and iOS 9.
For demonstration purposes we created an encrypted backup of an iPhone 4 running iOS 7.1.2 using simple numeric password. Let’s try to crack it with EPB.
Start from choosing the right source:
In our case it’s iOS device backup. EPB will now automatically search for encrypted backups in the user’s folder. And it has found our demo-backup:
Of course, you can choose another encrypted backup if you created it by some third party forensic software. After selecting the backup you should choose the type of cracking: Dictionary Attack or Brute-Force Attack:
As already been mentioned, for demonstration we used numeric password. What is more, we know, that it consists of just four numbers, so we can choose its lenght and character set in Brute-Force Attack settings:
Now just click “Start recovery” button. Due to the fact, that our backup password is extremely simple, we got it immediately:
Now we know the backup password and are ready to parse it with our favorite mobile forensic suite. And we choose Oxygen Forensic. Let’s start from importing – choose “Import iTunes backup…”:
After choosing your iTunes backup, you’ll see Oxygen Forensic Extractor dialog window. Don’t forget to fill in “Backup password” field:
Now Oxygen Forensic has everything it needs to parse our backup, just click “Extract”:
As soon as the extraction process is completed, you can analyse parsed data with ease and style:
As you can see, there are some powerful tools like Elcomsoft Phone Breaker, that can help you to crack iTunes backup passwords. Of course, you can spend days and months trying to decrypt one if it’s complex enough, but according to most of our cases, people don’t tend to choose very complex passwords, so EPB is very useful for lots of mobile forensic examinations.
Igor Mikhaylov
Interests: Computer, Cell Phone & Chip-Off Forensics
Oleg Skulkin
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
Speak to a Specialist Now
Get Help Now