Decrypting FileVault disk
|Top Previous Next|
EPB allows you to decrypt the OS X disk image or its system partition encrypted by FileVault.
The following formats of disk images are supported:
The decrypted disk is saved on the computer in the raw (.dd) format and can then be viewed using the corresponding third party tools.
To decrypt the FileVault disk, do the following:
1. On the Apple tab in the Tools menu, click Decrypt FileVault disk.
2. Specify the path to the disk image and the path to the location in which the decrypted image must be saved.
3. Click Process. The program will check whether there is enough free space to store the decrypted image.
4. If the disk image contains two or more partitions, select the partition to be decrypted in the Encrypted partition drop-down list.
5. Click Process for the second time.
6. When the Apple ID is displayed, enter the password for it and then click Decrypt.
NOTE: Token authentication is not supported in the current version of the program.
NOTE: If the Apple ID is protected with two-factor authentication, you need to confirm sending the verification code to all of your trusted devices or to your phone.
You can select the Save credentials for future use option when logging in so that you don't need to enter them when you log in with this Apple ID again.
7. If the Apple ID is protected with two-step verification, verify your account by selecting one of the following authentication types:
▪Secure Code: in the Trusted device field, select a phone number or a trusted device to which the code will be sent, click Get code, and then enter the received 4-digit code in the Secure code field.
▪Recovery Key: enter a 14-character key generated defined in the Apple account settings.
8. Click Verify.
9. If the Apple ID is protected with two-factor authentication, perform authentication in one of the following ways:
▪Select Trusted Device and enter the 6-digit code in the Verification code field. Click Resend code for the verification code to be sent to all trusted devices.
▪Select Text message and enter the 6-digit code in the Verification code field. Click Send code for the verification code to be sent as a text message to the selected trusted phone number. Click Resend code for it to be sent again.
NOTE: iCloud for Windows 4.0 and higher must be installed for sending text messages.
NOTE: OS X 10.11 and higher is required for sending text messages.
▪Select Code generator and enter the 6-digit code in the Verification code field. The code is generated on the trusted device or via Cloud Panel.
10. Click Verify.
11. EPB retrieves the decryption key.
12. As soon as the key is retrieved, the disk decryption begins.
13. When the disk is decrypted, click the icon to open the folder to which the decrypted disk was saved.
14. The name of the decrypted disk is <original_disk_name>_decr.dd.
Get more information about Elcomsoft Phone Breaker
Get full version of Elcomsoft Phone Breaker (Windows)
Get full version of Elcomsoft Phone Breaker (Mac)
© 2017 ElcomSoft Co.Ltd.