With iOS 11, Apple backslid somewhat with the security of previously encrypted backups. They introduced the ability to remove the previously encrypted backup restrictions from the device itself through resetting the settings on the device. This feature also works in iOS 12 – iOS 15.  If you can’t restore an encrypted backup because you don’t have the password, and new backups or forensic extractions you created of the same phone also result in encrypted backups for which you don’t have the password; iOS 11- iOS 13 now offers us the possibility of making a new encrypted backup of the device and resetting the password to one we know. ¹²³

Here’s what to do to reset all settings:

1. On your iOS device, go to Settings > General > Reset.

2. Tap Reset All Settings and enter your iOS passcode, if prompted.

3. Follow the steps to reset your settings. NOTE – you will need the device passcode on newer iOS versions.

This method is NOT getting beyond a phone lock, simply an iTunes encryption passcode.

Resetting your settings won’t affect your user data or other passwords, but it will reset settings like display brightness, home screen layout, wallet, keychain, and wallpaper. When we connect a reset phone to our forensic tools, we will find that the backup encryption password has been removed.

References:

[1] https://for585.com/c1lqm (Gillware Digital Forensics blog: "Forensic Case Files – A New Solution for Previously Encrypted iOS Backups")

[2] https://for585.com/3gend (ElcomSoft blog: "iOS11 Makes Logical Acquisition Trivial")

[3] https://for585.com/gqcn7 (Apple’s help page for previously encrypted backups)