Having the theory under your belt is good, but putting this into practice is much better. Let's create a logical image of an iPhone running iOS 13.2 with libimobiledevice, which should already be installed on your workstation, as we used it for device information gathering in the previous chapter.

OK, let's start:

1. First of all, let's make our backups encrypted. Connect the iOS device to your workstation and start the Command Prompt. Change the directory to the one containing libimobiledevice and type in the following command:

idevicebackup2.exe backup encryption on <your_password>

2. If you see Backup encryption has been enabled successfully, then you've done everything right and the backups will be encrypted. This will help you, the forensics examiner, to gain more information regarding users' passwords, Safari browsing history, and much more.

3. It's time to create the backup—our iOS device logical image. To do this, type in the following command:

idevicebackup2 backup --full <the_folder_you_want_the_image_to_be_saved>

That's it. You can see the logical imaging process in the following screenshot:

Next, let's look at logical acquisition with the Belkasoft Acquisition Tool.