MOBILedit Forensic uses iTunes backup for extracting data from iOS devices.

To extract as much data as possible, it is necessary to encrypt the iTunes backup by setting a password/pin. If a password is not entered, the backup will be unencrypted and contain less data.

If the user of the device has already configured the iTunes backup to be encrypted, having previously set a password for creating the iTunes backup in the device, it is necessary to know the user's password.

If you do not know the user password, you can use the Password toolbox to make a brute force attack and identify the correct password.

However, many users do not set this password.

If no password has been set, MOBILedit Forensic will ask you to set the iTunes password temporarily to “123”.

The reason is that encrypted iTunes backup contain more data.

From iOS 16.1. the temporary password may need to be confirmed on the device by entering the device’s lock screen pin/password.

After the extraction, the password setting is removed.

If the extraction is canceled for any reason or if the iTunes backup password is not removed, there will be a button to remove the password on the connection page below the device.

For iOS 16.1 and above, removing the backup password will also have to be confirmed by entering the lock screen pin/password on the device.

An iTunes backup can be both imported and exported by MOBILedit Forensic.