Data protection is a feature available for iOS 4 devices with hardware encryption: iPhone 4, iPhone 3GS, iPod touch (3rd generation or later), and all iPad models. Introduction of this feature had complicated iPhone forensics process because now (almost) all files on user partition are encrypted and physical dumps are of much less value to examiners: while the filesystem seems to be intact, actual file contents are encrypted and are not suitable for analysis.
This talk will provide in-depth information about iOS 4 Data protection. More specifically, it will cover the following: System keys and their hierarchy Device passcode and its recovery Escrow keys Filesystem encryption Keychain encryption