We could take advantage of Plist to bypass Trust relationship so as to extract data from a iDevice. Now it becomes a impossible mission in IOS.
As you could see the iOS version is iOS 10.0.2.
Now my workstation trust this iDevice, and the plist in Lockdown folder are right there.
Let me show you how happen to IOS 10. I Poweroff This iDevice and power it on. Of course it ' s locked. You have a to enter passcode or Touch ID.
Let's take a look at the iTunes in my workstation. ITunes could not see anything in that iDevice ... But the plist are still right there. What ' s matter and this iDevice???
The answer is, the life cycle of plist in Lockdown changes in IOS 10. That means if you seize a iDevice which is poweroff. The plist in suspect ' s pc/laptop/mac have no effects on that iDevice. You still need the passcode or Touch ID in order to got the data inside this iDevice.
I ' m not sure why Apple doing this. Life cycle of plist in Lockdown changes dramatically in IOS Ten being a bad influence on mobile forensics. IOS Forensics is going dark in the very.
Life cycle of plist in Lockdown changes dramatically in IOS 10