L2C - iOS Forensics

Extract more data from iOS devices

  • Logical, physical and over-the-air extraction of iOS devices
  • Analysis of iOS apps and their capabilities
  • Continuous update of contents, working techniques for the successful extraction of iOS devices

Why should you attend this training?

iOS as the “problem-child” in Mobile Forensics makes it increasingly difficult for forensic experts to successfully extract data from a device. As a result, it’s important to stay up-to-date on the current unlocking and extraction possibilities for iOS devices.

This training is aimed at experienced forensic experts who want to improve their skills in working with iOS devices. This training teaches logical & physical acquisition techniques for Apple iOS, especially working with backups, jailbreak and iCloud. iOS app data structures, as well as the analysis of app binaries to acquire knowledge regarding app data, are part of this extraordinary training.

The training includes:
  • Demo smartphones
  • Exercises with solutions
  • Exams
  • Certificates
  • Presentation slides for download


The training contents are continously updated, therefore we ask you to contact us if you are interested in this training to ensure that you are up-to-date.

L2C.1 Overview operating system iOS
  • Architecture
  • File structure
  • iOS versions
  • Locks & encryption
  • Extraction methods
  • Seizure of iOS devices and protection against data changes
L2C.2. iOS data structure and security mechanisms
  • Analysis of file structure
  • Apple iOS security concept and implications for the forensic analysis
L2C.3. Handling locked devices
  • Current situation and implications for extraction
  • Live demo: bypassing iOS security
  • Practical tips and tricks for dealing with locked iOS devices
L2C.4 iOS acquisition: logical extraction
  • Local iOS backup
  • Decryption and analysis of encrypted iOS backup files
  • Extraction with common Mobile Forensic Toolkits
  • Helpful hints for a successful logical extraction
L2C.5 iOS acquisition: physical extraction
  • Jailbreak
  • Physical extraction of different models
  • Helpful hints for a successful physical extraction
L2C.6 iOS Acquisition: Over-the-air extraction via iCloud
  • iCloud functionality and data storage (Which data can be extracted from the cloud?)
  • Benefits and dangers of cloud extraction
  • iCloud Backup for locked and unlocked devices
  • Risks and challenges of cloud backups
L2C.7 iOS app structure and binary analysis
  • iOS app analysis
  • iOS apps from a developer’s perspective

Training in cooperation with:

The training contents can be adapted to your personal requirements.

If you have further questions, feel free to contact us: office@t3k-forensics.com or +43 1 929 15 91 – 60.

Mobile Phone Extractions & Analysis Training

Learn the basics of mobile forensics – tool independend & precise knowledge for daily work

Advanced Smartphone Forensics Training

Unlocking, advanced extraction methods and other skills beyond toolkit capabilities

SQLite Forensics for Smartphones

Get additional information from databases & retrieve deleted data