There are debug pins exposed on the standard iOS connector, yes - they may not be 'full JTAG' but they are there for manufacturing and testing purposes, and accomplish pretty much the same thing as you would normally use JTAG.
And yes, you can do a full block copy - with the cooperation of the OS - if you know the back door. A lot of these Border Patrol devices depend on it.
As someone who wrote multiple iOS jailbreaks, the above post is entirely incorrect.
(1) It is almost certain that JTAG is not exposed on an iPhone, as this would be a massive and obvious error on Apple's part, though I do not actually have proof of this.
(2) No type of debug interface is exposed via the dock connector, as this would also be a massive security hole. Rather, as previously stated, imaging software uses exploits, often for bugs previously found by jailbreakers and since patched. (Note that people have used the kernel debugger over the serial interface on some dock connector pins, but only as a convenience after exploiting the kernel to enable this functionality. It is normally disabled.)
(3) A raw block copy of the NAND is useless, because the data is encrypted using the UID key hidden in the hardware AES engine.
(4) Even if you get an exploit running, some information (sensitive information minus the information that's required for operation while locked) is encrypted with the passcode. You can bruteforce the passcode, the process of testing a particular passcode requires using the aforementioned UID key, which you can only ask the hardware AES engine to encrypt and decrypt things with, not actually retrieve. Therefore, without some really powerful hardware attacks, bruteforcing must be conducted at a fixed rate on the phone itself, rather than offline on a compute cluster. If you use a 4 digit passcode, this isn't much help, since it doesn't take long to try 10,000 possibilities, but a good password will take a long time to bruteforce.
Not perfect - among other things, as previously mentioned, you're screwed if they also have the computer you sync the phone with - but not bad.
That makes sense. I'm guessing this is why the forensics company has a procedure for lifting some sort of key out of the paired iTunes library to get access to the device without the PIN.
I should add that these aren't primarily border control devices. Legitimate use-case would be searching a phone seized in an arrest after obtaining a wiretap order for it. They police end up using them to read your entire digital life as long as an officer says that, in his judgement, you may have been texting while driving.
Yeah doesn't really make a lot of sense at the border. Nobody is going to deliberately bring any device with incriminating content over the border, not when you can easily get a new phone and laptop at WalMart for a couple of hundred bucks.
And yes, you can do a full block copy - with the cooperation of the OS - if you know the back door. A lot of these Border Patrol devices depend on it.