The lockdown file found on the host computer may contain the pairing record required to access the locked iOS device. The pairing record is a unique key associated with the iOS device that is synced to the host computer to allow access every time the device is connected. The concept of a pairing record and trust/pair relationship was introduced with iOS 7.

One caveat is that the lockdown file will not work with a freshly started device and may not work on later iOS versions. Additionally, it may not work after 7 days of not being connected! This means that we need to consider what we learned in Section 1. If the device is on and we power it off, the chance of using the pairing record from the lockdown file is gone. The phone must remain booted and in an active state for the lockdown file to work.

Even if you get access to the device by utilizing the lockdown file, limited data may be retrieved, if it even works. It is common to only capture third-party application data from the device via iTunes. Email, calls, SMS, and other native iOS data files are not synced with iTunes and cannot be pulled by simply connecting the iOS device to the host machine. The way around this is to possibly create a backup file using iTunes. Best practices include trying it all anyway. Using the lockdown file is so quick to determine if you can get access that it’s worth the effort to try.

The location on a Mac (OS X) for the lockdown directory is /var/db/lockdown. On a Windows computer, the paths are:

Windows XP: C:\Documents and Settings\username\Application Data\Apple Computer\Lockdown

Windows Vista: C: \Users\username\AppData\Roaming\Apple Computer\Lockdown\

Windows 7 and later: C:\ProgramData\Apple\Lockdown