Digital Forensics Los Angeles
Digital Forensics Los Angeles
Grizzly Digital Data performs onsite, remote, and offsite digital forensic collections. We harvest data from mobile devices, desktops, laptops, external hard drives, flash drives, and cloud accounts. Based in Los Angeles, we serve the greater Los Angeles/OC area.
Our expert technicians collect evidence for criminal cases, civil actions, and internal business processes.
Mac Forensics including T2 Chip Acquisitions
Our extraction method bypasses Apple’s implementation of the secure boot process. Collect full physical images of Macs containing Apple’s T2 Security Chip.
Our technicians are familiar with acquiring T2 chipped Macs and imaging devices with File Vault encryption. Data recovery from APFS fusion drives is now supported.
Live - After First Unlock (AFU) “Hot”
- The Phone Has Been Kept On Since It Was Unlocked (Not Powered Off)
- Encryption Keys Are Still In RAM
Full File System Extractions on iPhone 5s - X
Cellebrite’s Checkm8 exploit now allows examiners to obtain Full File System extractions on iPhones 5s through iPhone X.
Since the phone’s processor is needed to decrypt data, keeping the processor available is important after seizure for maximum effectiveness of Checkm8 method. As the decryption keys are still present in RAM, we can exploit phone and access decrypted data. If the phone has been turned off or battery died, phone is in cold state, and only unencrypted data within the file system is available.
Restart - Before First Unlock (BFU) “Cold”
- The phone has been turned off/battery died/stored
- iOS provides some data
Live - After First Unlock (AFU) “Hot”
- The Phone Has Been Kept On Since It Was Unlocked (Not Powered Off)
- Encryption Keys Are Still In RAM
Forensic Extractions
With Court-Approved
Software
Forensic Extractions With Court-Approved Software
Collect Email & Cloud Data Remotely
Preferred Vendors
