April 2020
Intermediate to advanced
400 pages
10h 12m
English
book
Practical Mobile Forensics - Fourth Edition
by Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
Content preview from Practical Mobile Forensics - Fourth Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Handling encrypted backup files
For encrypted backups, the backup files are encrypted using the Advanced Encryption Standard-256 (AES-256) algorithm in the Cipher Block Chaining (CBC) mode, with a unique key and a null initialization vector (IV). The unique file keys are protected with a set of class keys from Backup keybag. The class keys in Backup keybag are protected with a key derived from the password set in iTunes through 10,000 iterations of the Password-Based Key Derivation Function 2 (PBKDF2). In iOS 10.2 this mechanism was upgraded, so now, there are 10,000,000 iterations.
Many free and commercial tools provide support for encrypted backup file parsing if the password is known. Unfortunately, it's not always true, so sometimes forensic ...