Developments In Mobile Device Electronic Discovery
by Michael Weil And Mark Michels
Legal counsel and their supporting forensic teams face vexing challenges when it comes to preserving and collecting mobile device data. Smartphones and tablets frequently contain unique data that must be preserved, collected, processed, reviewed and produced in litigation just like any other form of electronically stored information.
Mobile device data is often critical for internal and regulatory investigations, as well. Unlike personal computer data that can often be collected remotely with relatively little impact on custodians, mobile device data collection usually requires separating custodians from their phones, sometimes for a very long time. Fortunately, there have been some important breakthroughs that may allow for remote, over-the-air, data collection from mobile devices, permitting a more efficient and less disruptive process.
It is not uncommon for a litigation matter or investigation to involve a large number of custodians, sometimes into the hundreds. In general, computer forensics professionals can gain access to the mobile device ESI only by physically connecting specialized forensic collection tools directly to the smartphone or tablet. This is unlike personal computer or server data collection, where they can remotely access hard drive files, or export email from a server for preservation, collection, processing and hosting.
Since physical access to the mobile device is the only way to collect email, text messages and other ESI, the custodian must part with the phone, causing serious "separation anxiety," and loss of a business tool and a personal lifeline. In some cases, companies have found that they must immediately issue new phones to custodians.
Mobile device management (MDM) systems allow IT teams to provision devices, maintain some level of security, and otherwise track mobile devices over-the air. Some MDMs also enable recording of SMS messages, not other text messaging applications. MDMs cannot access all of the files on the device because the mobile device operating system's security scheme does not allow remote level of access to some critical data. For example, mobile devices may hold SMS messages that have not been logged, third party text messages and other application data that cannot be accessed remotely through the MDMs.
There is some cause for hope, however. At the 2014 Barcelona World Mobile Congress there were a few companies that showcased some remote collection concepts. Furthermore, through some of our R&D efforts we have completed a proof-of-concept that demonstrated viable over-the-air remote data collection for most of the data on a smartphone.
While these remote-collection developments are encouraging, it will take some time for the operating system owners and the forensic tool developers to create protocols for complete remote over-the air mobile device data collection. Until they do, counsel and their forensic team will need to contend with in-person device collections or cumbersome mobile device backups.
Michael Weil is a Chicago-based director for Deloitte Discovery in Deloitte Financial Advisory Services LLP, where he leads the Computer and Cyber Forensics Market Offering. He has 16 years of computer forensic examination experience, including criminal, civil, and national security matters.
Mark Michels is a San Jose-based director for Deloitte Discovery in Deloitte Transactions & Business Analytics LLP. He has 15 years of experience managing corporate discovery issues as well as 8 years of experience in patent litigation, pre-merger reviews and internal investigations.
Today's General Counsel, Nov 2014, p34.