I'm thinking of Pink floyd's, Is there anyone out there…..

[Crazy Ivan]

My wife has an iPhone 4. We share a Mac (10.8) with iTunes. I regularly back up as she does not. So, our daughter comes along and we are not certain what happened but when my wife turned it on she said she saw a new iPhone. She booted it up and synced it to the Mac. Don't ask me why but in the process she also loaded the recent 6.0. Since this, maybe mid September the phone has sat unused on the desk.
I have tried a number of small programs and hoped to pull content, if any but as with using Phone View and a few others I haven't been able to find anything. I was able to get my hands on some $3000 forensics software for free and I'm looking at a great deal of data on the drive but unfortunately this software is limited as a loaner: all the goodies are locked up.
So back to Pink Floyd, is there any data out there on the drive? What I hope to do is try to retrieve some of the data if not all. I then hope to bring it back to factory.
I've tried looking in the forum and on other sites and even read some good info on forensics but I am seeing so much I haven't a clue where to begin and she is getting frantic. I have run terminal a few times reading from forums and modifying the intel but when it goes more than three pages I get a headache. I had read some items about iLiberty but I haven't found a valid link. As I said, I'm just looking for the least invasive and hopefully I'll find something.
Thanx

[blkcadi]

Let's see if I got this, your wife synced her phone in iTunes and it updated to OS 6.0? Since that happened and she had not done a back up or recent sync, your unable to restore all personal info, apps, messages, notes etc.?
If that is the case, and the phone was updated without an recent iTunes then the info is gone.
By restoring to a new OS, it sets the device up as new, no personal data, that all has to be synced back via iTunes. I think your out of luck if I understand your post. Sorry.

And...Welcome to MMi

[Crazy Ivan]

Ok, I appreciate the info. I had the idea that the device was partitioned into two areas, the ios on one and raw disk image compressed as static on the other side. Some law enforcement analyst were retrieving data even on a full restore from iTunes.

[blkcadi]

That's above my pay grade.........lol
There may indeed be a way, unfortunately in all my years I have never heard of one.
I'd like to have that type of program myself to recovery info for people I help out.
Good luck in your search.

[Crazy Ivan]

http://cryptocomb.org/iPhone%20-%20i...pdfiPhone/iPod Touch Forensics Manual Zdziarski, J
Page 10 of 44
"Simply placing a device into restore mode does not destroy the file system. A fleeing suspect may
attempt such a feat if they are aware of incriminating evidence on their device by holding down
the Home and Power buttons on the iPhone until a Connect to iTunes message and/or icon is
displayed. The forensic examiner might also accidentally enter the device into restore mode if a
mistake is made during the recovery process, or if an unforeseen interruption occurs. DO NOT
PANIC. When the device is placed into restore mode, all data still remains intact. In restore mode,
the device can in fact be made to boot back into the operating system without a loss of data,
provided the user has initiated the recovery process via iTunes to re-image the device. If the
iPhone is simply sitting in restore mode and has not been re-imaged from iTunes, it will need to
be booted back into the operating system to perform forensic recovery. This can be done from the
iLiberty+ tool discussed in the next section. Some versions of iPhone firmware have been
reported to kick themselves out of recovery mode within ten minutes of sitting idle, while
connected to the dock.
When a full restore of an iPhone is performed (using iTunes’ Restore option), the file
system is destroyed, but the NAND is not re-initialized. This means that much of the data
previously stored on the device should still be recoverable."