When you connect your Apple iPhone or iPad to your computer, iTunes automatically starts and you can select to synchronise the device with your PC so that any music, emails, photographs etc that are on one device are transferred to the other.
It is also possible to take a full backup of the content of your iPhone or iPad and store it to your PC.
When this takes place, the data on your iPad or iPhone is then stored to your computer within a hidden software folder. Those files and folders can be used in the future if you need them, for example, if your iPhone stops working or gets broken then you can restore the backup to your new iPhone.
If you’re not sure whether you have a backup of your iPhone or iPad on your computer then you can use this guide to check and, if you do, when the backup was first taken and when it was last backed up.
The backup for your iPhone or iPad, on a Windows PC, will be located at the path \Users\[Your UserName]\AppData\Roaming\Apple Computer\MobileSync\Backup\ on a Windows 10 PC and within the path \Users\[Your Username]\Library\Application Support\MobileSync\Backup\ on an Apple based computer.
If you’re not sure how to access the folder then you can follow the guide below for a Windows 10 PC.
First, select the Windows icon at the bottom left hand side of the screen which will bring up the screen below:
Select ‘This PC’ and then select ‘Local Disk C:’. Now, to be able to access the next folder, you need to be able to see it as, by default, it is ‘hidden’.
So at the top of the ‘Local Disk C:’ window that will be open on the screen, look along the top and select the ‘View’ tab as below:
Select ‘Hidden Items’ within the ‘View’ Window so that the ‘tick’ appears next to it as below:
Now you can select the ‘Home’ tab so that the ‘Local Disk (C:)’ windows is visible again. This time, you should be able to see a folder named ‘AppData’ as below:
Select the folder named ‘AppData’ and then navigate to the ‘Roaming’ folder and then ‘Apple Computer’ or ‘Apple’ (if the backup folder is not found within the ‘Apple Computer’ folder then try looking in the folder named ‘Apple’ within the ‘Roaming’ folder). The access the folder named ‘MobileSync’. If the ‘MobileSync’ folder contains another folder named ‘Backup’ then you have previously created a backup of an Apple device and this is where it is stored.
Within the ‘Backup’ folder will be a further folder that is named after the UDID reference of the device that has been stored. By right clicking on the folder and selecting ‘Properties’ you can view the ‘Created’ attribute which is the point at which the first backup of the device was taken.
By viewing the folder in ‘Details’ view, the ‘Date modified’ attribute of the folder should be displayed which is the last time that a backup of the device was taken as below:
If you still have the device, you can view the ID of it by browsing by clicking the ‘Serial Number’ within ‘Summary’ in iTunes when the device is connected to the computer.
Within the ‘Backup’ folder for each device, there will be a large number of folders containing the data from that device and there will also be 4 loose files within the folder including 1 named Info.plist. This file can be opened using a text editor (such as Notepad) and, whilst it is not exactly easy reading given the code used, the device serial number name of the device and the model of the device are all displayed in plain text. You can find this information by searching for ‘Device Name’ within the file.
The backup itself is not in any viewable format, particularly if it has also been encrypted. However, it is possible to use specialist software to access the backup files, convert them into a readable format and provide the information present, for example this can include text messages, photographs etc that may have been deleted from the original iPhone or iPad, but still remain within the backup.
About Athena Forensics
For information on our digital forensic investigations or if you require an Athena Forensics Incident Response Service please contact a member of our team, details of how to get in touch can be found on our contact us page.
At Athena Forensics our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our computer forensics experts are fully aware of the significance and importance of the information that they encounter. Our computer forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.
Athena Forensics
Computer Forensic Experts
https://athenaforensics.co.uk/service/mobile-phone-forensic-experts/
https://athenaforensics.co.uk/service/computer-forensic-experts/
