In this episode, I want to share with you something that I recently learned, and which you may not be aware of, about keychain data in File Format Viewer in Physical Analyzer.

This requires a full file extraction in order to get to this level of detail.

I go to Analyzed Data where I have a full file system loaded from an iPhone. Make sure you click on File Systems and check that you see KeychainDump otherwise this may not work.

When you are in KeychainDump and you see Password on the right where the data may be unreadable, you can right-click on it and then click Open in file format viewer.

This will open a window in which you can easily view the data within it and will make reviewing the data much easier for you.

This allows you to dive into the files and receive additional information about the device it was connected to, possibly what kind of password it is, and more information on it.

This may not be available for all passwords since some may be encoded.

Watch the full episode to learn more.

Share this post