Secure Enclave has brought new challenges to iOS forensic examiners. Now, we can't extract encryption keys required to decrypt the device image, so physical acquisition is useless. But here comes the filesystem acquisition. Unfortunately, it requires the iOS device to be jailbroken. The next section will show you how to jailbreak our iPad running iOS 9.3.5 with Phoenix.
Filesystem acquisition
Practical jailbreaking
To perform filesystem and physical acquisitions, we need our iOS device to be jailbroken. Here are the steps to jailbreak a 32-bit iOS device running 9.3.5:
- Download Phoenix4.ipa using the following link—https://phoenixpwn.com/.
- Download Cydia Impactor using the following link—http...