For encrypted backup files, the user can run either Dictionary or Brute-Force attacks. In this example, we attempt to crack an encrypted iOS backup file.

The Brute-Force attack settings are shown in this slide. The examiner can determine the password length and the character sets and add dictionary or custom files. Dictionary and custom files found on other devices associated with the investigation may prove to be useful. We recommend starting with 4 as a numeric PIN and then trying 6 as a numeric PIN. This is the fastest to crack.