RSS Feed


Created: 01.06.2023


/Users/%username%/Library/Application Support/MobileSync/Backup/


The backups are not encrypted by default but can be if this option is on during the backup process. If it was encrypted, you’ll need a device PIN to unlock it. These backups can be stored in the cloud or locally on the user’s PC.

🛠 iBackupViewer. It’s free to some extent.

Find iOS backups on macOS here 📂 Users/username/Library/Application\ Support/MobileSync/Backup. Each backup is named with its unique UDID (not the same as the device UID). Each backup contains three plists: 🏺 Info, 🏺 Manifest and 🏺 Status.

  • 🏺 Info - about the device.
    • Device name and model
    • Phone number
    • ⏰ Backup timestamps (last backup)
  • 🏺 Status - describes the backup.
  • 🏺 Manifest - instructions on how to deal with the backup
    • Is it encrypted?
    • ⏰ Backup timestamps
    • Is it passcode-protected?



[1] SDF: Volume Shadow Copies (Udemy course)

Suhanov’s blog: [2] Shadow copies become less visible, [3] Offline shadow copies, [4] Extracting unallocated clusters from a shadow copy, [5] Scoped shadow copies, [6] Things you probably didn’t know about shadow copies