Amnesty International’s investigations, corroborated by secondary information we have received, seem to suggest that Pegasus is no longer maintaining persistence on iOS devices. Therefore, binary payloads associated with these processes are not recoverable from the non-volatile filesystem. Instead, one would need to be able to jailbreak the device without reboot, and attempt to extract payloads from memory.

https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/