, ,

An Introduction to Mobile Device Forensics (Part One)

Written By

Michael Neher

How much information is your cell phone retaining? And how much of that data can be gathered with digital forensics? As computer forensics specialists and eDiscovery consultants, Capsicum’s team routinely engages with mobile device data as part of digital investigations. Today, the wealth of information that can be found on a mobile device may far exceed what can be obtained from a computer.

To effectively harness and present the data within mobile devices, you need to understand what data is found on the device, the different types of acquisition options available, and the various challenges presented in preserving and processing. In part one of our three-part series, we look at the evolution of how courts view of mobile device data.

How does mobile data intersect with the eDiscovery process and mobile investigations? 

Broadly speaking, mobile device forensics is the process of collecting, examining, and analyzing evidence originating from digital data sources on cell phones and other mobile devices, usually for presentation to courts in a legal proceeding. Most of us have mobile devices in our pockets, providing us with convenient access to cameras, banks, entertainment, social communication, retail, directions and a litany of other conveniences. The resulting data produced by mobile devices often contain insights that would be relevant and persuasive in different legal scenarios.

Mobile data can have an impact on a wide range of cases, for instance, criminal matters. In one 2019 criminal case, health data, time-stamped photos, call logs, and GPS coordinates extracted from an iPhone refuted a suspects’ alibis. Together with evidence from the suspects’ social media accounts, the iPhone data placed the suspects at the crime scene in the same timeframe the murder took place. 

Likewise, mobile forensics is often necessary for corporate and employment matters, including due diligence, internal investigations, financial audits, intellectual property breaches, regulatory compliance, settlements, and forensic accounting to name a few. In civil litigation, email has long been the bastion of discoverable business communication; however, with the expansion of personal device use for everyday business, there has been a consequential expansion to mobile phones. Often the courts will look to the Bring Your Own Device policy, or BYOD, to determine the bounds of permissible employer conduct, but it is common, and often necessary, for data from multiple custodians’ mobile devices to be taken and used as evidence. With society’s major embrace of mobile technology and the ensuing shift in user habits, Courts have been more liberally granting discovery requests for text message preservation and production

Take for instance the 2015 case H.J. Heinz Co. v. Starr Surplus Lines Ins. Co.[1], in which Heinz was ordered to examine which members of their team used their personal cell phones to discuss topics pertinent to the underlying food contamination claims and produce the relevant data from the appropriate custodians. Although the court did accept sworn statements from Heinz executive denying the use of their personal devices, this case demonstrates that claiming your cell phone as a “personal” device is no longer a sufficient excuse; when personal phones are used for business purposes, the information is more than likely discoverable, and thus should be preserved for litigation.

More recently in Laub v. Horbaczewski[2], text messages and iNotes were collected from defendant’s iPhone and produced in discovery in a breach of contract case. However, the production inadvertently included thousands of text messages. Among them were communications between defendant and some of the company employees, between defendant a college friend who was also a potential investor in the company, and, most notably, nearly 4,000 texts between defendant and a company human resources employee about their romantic relationship. The court declined to order a claw-back of the inadvertent production for most of the cell phone data, although the court did make an exception for the personal romantic messages.

Accordingly, while courts may entertain arguments about personal privacy interests, the data from personal cell phones, often from multiple custodians, are unquestionably ripe for acquisition and presentation in many legal proceedings.

 

[1] H.J. Heinz Co. v. Starr Surplus Lines Ins. Co.  2015 WL 12791338 (W.D. Pa. July 28, 2015)

[2] Laub v. Horbaczewski, 331 F.R.D. 516 (C.D. Ca. 2019)