DFS101: 11.1 Mobile Device Investigations

Sounds like a good idea to me! :D

Thank you so much!

For JTAG here is an in-depth description: www.corelis.com/education/tutorials/jtag-tutorial/what-is-jtag/
Note that JTAG on phones is pretty rare now, but IoT devices still use it quite often.
Was there another link you were looking for?

Wow. Sorry I missed this comment. Disk encryption themselves make it very difficult to recover deleted files, but in many cases disk encryption is not turned on, is incorrectly implemented or can be bypassed. I would say it is *usually* not a big problem. More of an annoyance. Of course, in really important cases it can be a big problem...

@@DFIRScience not sure. Not aware of any ability to defeat a veracrypt encrypted windows boot loader with a strong password that has been powered off. Similar for LUKS and Linux.
As far as IPhone goes, those known bypass exploits don’t really exist in the later iOS 14 + versions or iPhone 11 + models that don’t have the firmware vuln.
If iPhone of proper model and up to date and pin code is removed and alpha numeric password used with no cloud backups and FaceId not used yet (or SOS mode activated so first unlock is reset ) I think this all defeats modern techniques but I could be wrong. I believe apple has made multiple strides as well in neutering the communication interfaces as far as data transfer if first Unlock not performed . Files stay encrypted individually until first unlock
I’d probably target a user’s encrypted iCloud backups since they use Apples key and that can just be subpoenaed I believe . That’s why I don’t do it myself haha.
Also as far as Trim goes , or garbage collection on SSD’s and what not , it seems like it’s actually harder to fully delete data correctly from SSD’s than it is magnetic drives . It’s basically a pray of adding more data to the SSD to overwrite it instead of forcing 1 and 0 overwriting in multiple passes like with an HDD

The full playlist can be found here: th-cam.com/play/PLJu2iQtpGvv-2LtysuTTka7dHt9GKUbxD.html