The iPhone (4s, 5, 5s & c) need to be jailbroken for Elcomsoft to work.
If you have access to the iPhone's owners computer then you can retrieve the back up from there.
@ScotchBroth interested to know how you took the unencrypted backup of the iPhone 5? I understand MPE + is due to be updated this month but did not think Physical acquisition is possible yet…?
Since it hasn't been mentioned yet the "lockdown" method(1) still works…
(1) This method involves copying the "pairing" keys from the iTunes directory (named "lockdown") from a computer with which the iPhone was connected while unlocked (even if momentarily) (iOS ≦ 6) or which the iPhone "trusted" (iOS 7), copying them to your forensics workstation, and performing an iTunes backup of the locked device using your forensic workstation.
The pairing keys were good for a time when Apple required authentication via a computer forcing the creation of pairing keys to initialise the Apple device.
Unfortunately these days with the large majority of the data being in the cloud there is no requirement to initialise an Apple device via a computer. This invariably stops the pairing keys being available on the suspect's computer.
At present there is no method of gaining access to the device without the code. The easiest is to ask the owner at the time of seizure. The selling point can be that they will have it back in a reasonable time period and if they don't provide it they don't get it back and you don't get the data.
The difficulty is at present no one is able to access and or exrtract the email data on the Apple device due to security. It is possible that as Apple increase security features that carrying out a logical examination on an Apple device will get you next to nothing. The other avenue that may be considered is to find out the Apple ID and make a production request to Apple for a copy of the backup data held in the cloud. D