The first step is to put the iOS device into DFU () mode. This is done by holding down the Sleep/Wake and Home buttons, then releasing the Sleep/Wake button and keeping the Home button held down. When in DFU mode the iPhone screen should appear blank (this is different to Recovery mode -- which displays an iTunes dock connector on the device screen).

Once the device is in DFU mode you load the Toolkit Ramdisk into the iPhone memory. This is the 'hack' part, and ensures that the rest of the software can access and extract data from the device. It's all automated but you do need specify exactly what model of iOS device you are dealing with. It can be confusing between models such as iPhone 3 or 3GS, 4 or 4S but if you're unsure this information can be found out using a Jailbreak program such (which can identify devices in DFU mode).

Once the Toolkit Ramdisk is loaded you can begin the process of forensics extraction (note that if you stop the process you'll need to load the Toolkit Ramdisk again, it isn't stored on the device).

The next step is to copy the image disks from the iOS devices memory to your hard drive. There are two disks to copy:

System (rdisk0s1)