The following article will explain everything you need to know in order to successfully connect an iPhone to MOBILedit Forensic. iPhone can be connected either by cable or via Wi-Fi. All iOS versions are supported.
For successful extraction from iPhone is required to know the iTunes backup password. Without the iTunes backup password, the final result will not show much data, such as data from WhatsApp, Contacts, Photos, etc.
Since the launch of the new iOS 16.1, you must enter your phone passcode when creating an iTunes backup. This is not required in iOS 16.0 and below.
If you are not able to obtain the iTunes backup password and don't need to analyze data from the old iTunes backup, with iOS 11 or later, you can make a new encrypted backup of your device by resetting the password.
On your device, go to Settings > General > Transfer or Reset [Device] > Reset.
Tap Reset Network Settings and enter your device passcode.
Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home Screen layout, and wallpaper. It also removes your encrypted backup password.
However, this operation:
requires to enter the passcode
deletes some evidence
The advantage of MOBILedit Forensic is that it can extract data from the iPhone from a computer with iTunes for Windows installed or without, which are very different ways of communication.
iTunes for Windows not installed
There is no need to install the iTunes Windows application to use MOBILedit (it is usually required by competitive solutions). In this case, MOBILedit is able to communicate directly with iPhone or iPad, just through the Apple device driver.
Install correct Apple drivers.
Connect the device to a USB
Enable device communication
If you know the passcode
I. Unlock the device screen.
II. Disable the “Auto-Lock” option.
III. Confirm the trust message on the device screen.
If you don’t know the passcode use the Lockdown method
If you want to use the checkra1n Jailbreak, the installation of iTunes is still required, since the communication requires Apple mobile device service.
iTunes for Windows installed
If you have the iTunes Windows application already installed, MOBILedit can also communicate with iPhone. In this case, MOBILedit uses protocols of Apple Mobile service, which is already part of iTunes installation.
You can follow the same procedure as above, starting from point 2.
Jailbroken iPhone and full file system extraction
If the iPhone is jailbroken, MOBILedit is able to extract all files, including application sandboxes or system files. To achieve this, MOBILedit needs iTunes installed, so please follow the above instructions. You can jailbreak iPhones by using MOBILedit Connection Kit.
Even with jailbreak, device encryption is still working, e.g., if the device was not unlocked after reboot, a very limited set of data is available for extraction. Also, some applications protect files, when the phone is locked, so for full filesystem extraction, you still need to unlock the phone.