Ideally, your workstation should be free of previous user and client data when you begin your collections. This is not always possible when you are at a client site and requested to image multiple devices. If you can, image the devices to an encrypted external drive or an encrypted file/partition. The big caveat to this is when you are using iTunes as your collection method, which saves the backups to its default location. On Windows, that location is: \Users\[username]\AppData\Roaming\Apple Computer\MobileSync\Backup\. On Mac, that location is: /Users/[username]/Library/Application Support/MobileSync/Backup/. Essentially, if you search for “MobileSync” or Info.plist on either OS, you will locate the iTunes backups.
Each iTunes backup per device will be named by its unique identifier. The backup will contain a numerical string of subfolders, an Info.plist, Manifest.db, Manifest.plist, Status.plist.
The data will not be collated if you perform iTunes backups with multiple devices. Each backup will be associated with its own unique identifier. The easiest way to find whose data belongs to which unique identifier is to open the Info.plist file.
Items included are:
- Device Name
- IMEI Number
- Last Backup Date
- Phone Number
- Type of Phone
- iOS Version
- Unique Identifier
- iTunes Version
This is where you can associate the Unique Identifier backup folder name with a specific user’s device. It is helpful, especially when you have multiple phone backups on one computer.
In another post, I will explain the Status.plist, Manifest.plist, and Manifest.db.