Scenario: You receive an iOS device and don’t have access to commercial tools to acquire the device. The custodian is cooperative and willing to give you any credentials necessary for the collection. What do you do?
My advice – create an iTunes backup. Preferably, create an encrypted iTunes backup. This allows you to grab more information from the device, such as account passwords, health, and HomeKit data. If the user has previously encrypted iTunes backups, you will be prompted for the user’s previous password. If the user has never encrypted backups, you will be prompted to create a password. IMPORTANT NOTE: This iTunes password will stay with the device. Do not lose this password!
Now that you have successfully backed up the device, how do you view the data? iBackupBot is an simple solution and has a free full-version trial for both Windows and Mac computers. You can modify backups with iBackupBot, so it is highly recommended that you make a duplicate copy of your iTunes backup first. Below are some of the items that you can see in an iTunes backup.
From here, you can export the SQLite databases and plists and view their contents in your application of choice. In another post, I will show you how to write basic SQLite queries to put meaning behind the databases.