When you hear the phrase “mobile device,” what is the first thing that comes to mind? For most people, it’s a cell phone. But mobile device forensics encompasses much more than that: it also includes GPS units, tablets, PDA’s, and wearables (such as Fitbits and Apple Watches). These devices have evolved from novelty items to being integrated into nearly every aspect of our daily lives. As a result, modern eDiscovery increasingly involves mobile device forensic discovery.
Challenges of Mobile Device Forensics
Different operating systems – Mobile device operating systems are plentiful in both number and differences. Not to mention different versions within each operating system and even different variations between carriers! Android’s open-source operating system is notorious for this, but even Apple’s iOS can vary drastically between versions.
Data collection – Traditional hard drive collection involves creating a forensic image of a device. While some mobile devices can follow this process, others require a direct acquisition of data. Furthermore, there are different protocols for gathering data from mobile devices. Your forensic expert must both be aware of the protocols and know their devices: some have design features that may only allow for one type of data acquisition.
Security on mobile devices – Mobile device technology is constantly changing, as are its security standards, and these standards can vary significantly between devices. Some mobile devices may simply be locked, while others are encrypted. A locked device requires a PIN or password to open it, which can be obtained either through a software program or the custodian of the device. Encryption, however, goes deeper, securing data at a software and/or hardware level.
Fortunately there are ways around security protocols. Since these devices are constantly syncing their data with other platforms, you may be able to pull data from alternate sources. For example, nearly all cell phone users sync their phones to the cloud. A mobile device forensic expert could potentially retrieve pertinent data from the cloud instead, including texts and photos. But most importantly, before collection begins, the expert must first create a plan for acquisition and carefully follow the proper sequence. Certain mobile devices have built-in security features that will destroy data if an improper acquisitions protocol is attempted. For example, a phone may wipe all of its data after too many incorrect password attempts.
Precise: Expert Mobile Device Forensics
At Precise, we know what it takes to perform a successful mobile device forensic examination. Our experts stay up-to-date with the latest technologies and protocols, avoiding spoliation and loss of evidence. Call us at 866-277-3247 to learn more about our mobile device forensic services.