Mobile Device Forensic Acquisition and Analysis

Challenges

Taking into account the very personal nature of these devices (in your pocket, on and accessible 24-7 by the employee), these devices tend to be used in a way that substantially differs from that of company email. Spontaneous thoughts, emotions, and business discussions may unfold at dinner, on a trip, at a bar, etc, where the company laptop is not available nor preferred for quick and sometimes controversial communication. Records of these interactions many times can only be found on the mobile devices themselves, with absolutely no other electronic record that exists.

Complexity of sources

What makes the preservation of this data much more difficult than other forms of ESI, is in the nature of mobile devices - the limited size, the numerous manufacturers and thousands of models, different file systems, boot loaders, literally millions of mobile specific applications with proprietary storage methods, proprietary cables, etc. There is no one-size-fits-all way to get at mobile device data. Match this with the way that mobile data is (varied mobile retention periods, system metadata constantly being updated or in some cases never explicitly recorded, etc), and it becomes exponentially more complicated to preserve, and then to make sense of exactly what was preserved, and finally what may be relevant to a matter. Add-in Subscriber Identity Modules and media cards, data encryption and password protections only add to this complexity.

Solution

If you are tasked with preserving mobile data, engaging in a self-preservation and self-collection effort can be a risky proposition. Call the experts at Planet Data to assist. Planet Data Consultants use advanced mobile acquisition and analysis tools to ensure that data is captured and restored correctly, leaving you with the confidence that all compliance and discovery requirements are met the first time.

Back to Mobile Device Discovery