Backup password breaking

MOBILedit Forensic allows you to extract iTunes backups from iOS devices in addition to ADB backups from Android devices. You can even load historical backups that have been created previously for detailed analysis or comparison.

It is not uncommon to find backups that are protected with some form of password or a code. In order to analyze such backup, a password must be obtained to gain access. There are multiple tools and methods that are offered in the software that will save a significant amount of time for investigators.

Entering password directly

The password can be entered directly if it was obtained during an investigation or through other means. There is an unrestricted number of attempts allowed to enter the password, so you cant get permanently locked out. You can also see a history of the previously entered unsuccessful passwords.

You can choose to include a password into the logs and reports.

Dictionary attack

Dictionary attacks simply go through a list of supplied strings and try to enter them as the password. An investigator can either use one of our supplied dictionaries or use his or her own dictionary. Our product comes with the following dictionaries:

1. EN_100k.txt - English dictionary containing 100 thousand words.

2. EN_200k.txt - English dictionary containing 200 thousand words.

3. EN_650k.txt - English dictionary containing 650 thousand words.

4. common_passwords_1M1.txt - file containing 1.1 million of the most commonly used passwords.

In order to add your own dictionary just provide a path to a text file after clicking "Add dictionary". All dictionaries must contain words separated by a newline. 

Multiple dictionaries can be used in a single Dictionary attack.

PIN attack

PIN attack assumes that the password contains digits exclusively. Password length is chosen and some digits can be entered manually if they are known.