Challenge NO.2
Security of T2 and M1 chips
The main problem with Apple device image forensics that does not use T2:https://mall.ihongde.com/product/605 .html and M1 chips is that users use FileVault2 encryption, a full disk encryption program. Using FileVault2 encryption can be very difficult for forensic personnel. Devices without T2 and M1 chips mean no hardware encryption, which means forensics can have more technical means to extract Apple device data. However, if the FileVault2 password or recovery key: https://mall.ihongde.com/product/618.html unusable, online forensics is the only method that can be employed.
Some file data and metadata can be obtained using online forensics, but a lot of information is lost. By taking the form of physical extraction, a lot of additional data can be obtained, such as:
1. File slack area
2. File properties
3. Raw data blocks
4. All APFS snapshots
solution:
Through software that supports comprehensive forensic analysis of Apple's computer systems such as FTK:https://mall.ihongde.com/product/605.html, it can help forensic personnel access system data (users, disk partitions, etc.), user files (chats, mail, desktop information, web data, etc.), and system files (logs, operating system information, etc.). Extracting data physically yields more evidence than logically.