The issue is probably not unlocking the phone, it’s cracking the encryption key to access all the stored data
He may not even be using apple encryption but may be using a third party encryption app
These can be tough to break
"Tough" is not the word I would use. "Impossible" is the word I would use.
On an iPhone, with the fact that if you don't get the passcode in ten tries, the data is erased, your only choice is to attempt to brute force break the 256bit AES encryption. The key to that is NOT the user's passcode.
The encryption key is constructed by the iOS Encryption Engine processor and is composed of FOUR elements, only one of which is related to the user's passcode.
An algorithm, also stored on the Secure Enclave, is used to entangle the user's passcode into the concatenated UUID, DID, and Random Number (these three total 128 characters before the user's passcode Hash is entangled). In any case, the actual key is padded by the algorithm to at least 144 characters in length to do the encryption decryption EACH TIME THE USER INPUTS A CORRECT PASSCODE, although it can be longer when the user's passcode is entangled.
Once you start to understand the way brute force solving of a 256bit Advanced Encryption Standard (AES) works, you start to realize why "Impossible" is the word to use. The ONLY way to crack a 256 bit AES encryption is to try every possible key until you find the one that works by seeing if you get something intelligent, usable, or translatable when you apply a trial key.
The number of key possibilities is a number that is literally higher than astronomical. For example, if one were to use all 223 characters possible in a string of 256 characters, you get a possible 223256 possible keys you will need to try to find the solution to the encryption, if you were just using a user input key.
How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force, n o? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.
Let's assume your shooter's iPhone Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with the iPhone's 128 character UUID, so the base is now 16 + 128 or 223144, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.
1,052,019,282,033,700,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
That's 1.052 duovigintillion possible combinations, give or take a few.
If the government's supercomputer could check 50,000 passcodes every second against the data, checking to see if anything made sense, It could therefore test 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 33% faster supercomputer and say they could check 2 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .
5,260,096,410,168,500,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 YEARS
to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID, DID, and environmental random number. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 5.26 Billion vigintillion (10^195) Years to break into one iPhone's data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1 trillion. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode on one iPhone. That's the law of very large numbers at work.
It's estimated that the entire Universe will die a heat death and devolve into a soup of quarks and sub-atomic particles by a mere 4.7 X 1080 years. . . yet we are looking at more than THREE TIMES THAT TIME SPAN. That's why "Impossible" is a good word. . . and that's for only a complex 16 character passcode.