Setting up the forensic environment

Nowadays, we have a few tools that can be used by mobile forensic examiners to acquire and analyze iOS devices using both macOS and Windows systems as the hosts. For example, Elcomsoft iOS Forensic Toolkit has both macOS and Windows versions; as for free and open source tools, the libimobiledevice library can be used – not only on macOS and Windows forensic workstations, but even on Linux!

We are going to introduce you to these tools with hands-on exercises, of course, including practical logical and filesystem acquisitions, and even jailbreaking, later in this chapter. But let's start with password protection and potential bypasses, since, without the passcode, we can't extract anything from a modern iOS device.