Trials and Tribulations of Cell Phone Data Collections
Electronic discovery has been moving quickly well beyond the cyber walls of email and file-share environments and now into social media and mobile device data collections. Records managers already know that a record isa record regardless of format or medium and as company business is being conducted on mobile devices more and more courts are taking notice. Discovery requests for company issued cell phone is just as much of a standard requesttoday as a key custodian’s work hard-drive. That said, cell phones and hard-drives are light years apart as far as technology is concerned.Personal computers, have only about 6 basic software architectures and haven’t changed drastically in the last 15 years or so. Cell phones on the hand, there are approximately 10,000 makes and models on the market today with software architecture being drastically different in any one phone. The future of cell phones is even more impressive which will measure altitude, emotions, heart monitoring, perspiration, humidity and more. It’s no wonder why Cell Phone forensic software providers do all they can to keep up pace with the changes.
What to expect?
Each cell phone forensic software provider and package is different in each of their own ways. As a forensic company who has a vast toolkit we use many of the different tools available and some are certainly better at extracting data compared to others. During most cell phone data collections you are typically able to extract:contacts, call logs, text messages, and sometimes voicemails and email. Deleted items like text messages are sometimes recoverable depending on the phone model and forensic tool the examiner is using.
Word of Caution
If you are an experienced litigator or litigation support manager consistently receiving data from forensically collected laptops and personal computers and the time and deliverable typically associated with such collections, do not assume the deliverables and timeframes for cell phones are similar. Some time cell phones need to be imaged on multiple tools to maximize data extraction. Deliverables on cell phone collections may sometimes be in excel format and difficult to run proper searches because of formatting issues which needs to be normalized. For example phone numbers could be stored as (123)-456-7890 or 123.456.7890. Data similar to this needs to be normalized prior to searches.
In short, when dealing with cell phone data recovery keep in mind there are thousands of makes and models compared to personal computers and that a proper investigation by experienced forensic examiners is your best bet for maximizing data recovery and analysis.
References:
https://www.macrumors.com/2011/05/20/new-types-of-sensors-in-future-mobile-phones-altitude-emotion-and-more/”