Enough theory! Let's go ahead and do the acquisition.
First and foremost: Elcomsoft Phone Breaker should be used offline, on your own computer, and never on the suspect's PC. The tool allows decrypting an encrypted backup that is accessible from the computer where you have Elcomsoft Phone Breaker installed. You can mount a disk image or use a network disk; there will be no performance penalty when breaking the password.
Before accessing information stored in the backup, you'll need to decrypt the data. In order to decrypt the data, you'll require the original plain-text password. If you don't know the password, Elcomsoft Phone Breaker will perform an attack in order to recover it.
In order to recover the password, you will not need to have the complete backup sitting on your computer. In fact, a single tiny file named Manifest.plist
is all that you need to start breaking the password (if you are working with a...