Newer iPhones and iPads have integrated hardware-based 256-bit AES encryption built into them. This is done similar to a TPM chip that is installed in most modern notebook computers. All data stored on the device is encrypted even if there is no passcode on the device. The key to encrypting/decrypting all data stored is located on that encryption chip, there is no other place that the unique key is recorded [1]. This means that if something happens to that chip on the device, even if the memory unit of the device is still intact it would not be feasible to recover the data other than by brute forcing the key.
An additional layer of security is offered by using a device PIN which is selected by the user on the security screen. This prevents the data from being accessed without the PIN. iOS also supports automatic wiping of the device in the event that the incorrect key is entered too many times [1]. This would help reduce the effectiveness of brute forcing unless the attacker got the PIN number right in 10 tries. When the device is erased the encryption key to the data store is erased rending the data unreadable. That being said a secure PIN should be entered, PINs of 1234, 0000, etc should not be used as they might be the first guessed by a malicious person.