« E-Mail Forgery and EDD | Main | Invisible GIFS and Premature Expert Disclosure »

Cell Phone Data Extraction and E-Discovery

Cell phones have evolved into more than talking devices and are now in substance hand-held computing devices exposing such devices to "litigation holds" and e-discovery requests. More and more models of cell phones are running robust operating systems, like Palm, Symbian, Windows Mobile, and Blackberry OS. Cell phone data extraction kits have been developed to assist investigators and attorneys in obtaining and preserving key cell phone evidence.

Most current models of basic "free with service deal" cell phones act like miniature computers, run software applications, and are connected to the Internet. Current basic cell phone functions include: Phonebook, SMS, Calendar, Memos, To Do Lists, Pictures, Video, Audio, amongst running thousands of other small format applications like attachment viewers, mini spreadsheets, pop email, and instant messaging.

The issue of when a litigation hold must include the data on cell phone devices is still murky. Call data and text messaging are transient in nature and come and go from the cell phone's memory and cache very quickly. The transient nature of cell phone devices will certainly be a factor in any Court's calculus about the reasonableness of the applicability of a litigation hold to cell phone devices. The more the cell phone acts like a small laptop, like say a Windows Mobile device, with less transient storage the more likely the device needs to be considered for a litigation hold.

The more the cell phone data is important to the case, regardless of the transient nature of the storage, the more likely that such data would need to be mirrored and stored as part of a litigation hold. For example, I recently was involved in a case where a text message that auto deletes in a few days was at issue in a contract dispute - this is the sort of case where arguably the cell phone data needs to be preserved. In other situations knowing when a call was made or received can be important to a case. The list is virtually endless for the many ways cell phone data can be relevant to a dispute.

Given the popularity of cell phone use and the importance of data that can be extracted litigators and investigators should not overlook preserving the evidence as part of a litigation hold as well as requesting such evidence from the other side via e-discovery requests.

The Logicube CellDEK developed in cooperation with the UK's Forensic Science Service appears to be a state of the art "field" device to download and store a copy of the current data state of a cell phone device. The portable CellDEK® acquires data from over 200 of the most popular cell phones and PDA's using numerous different USB adapters specific to each handheld device. Connectivity by infra-red and Bluetooth are also built-in.

The CellDEK software automatically performs forensic extraction of the following data: Handset Time and Date, Serial Numbers (IMEI, IMSI), Dialed Calls, Received Calls, Phonebook (both handset and SIM), SMS (both handset and SIM), Deleted SMS from SIM, Calendar, Memos, To Do Lists, Pictures, Video, and Audio.  

Paraben has an impressive competing product known as the Device Seizure Toolbox.

Using the proper method for cell phone data extraction is important for laying the proper foundation for admissibility - both Logicube's and Paraben's offerings take into consideration preserving the integrity of the data and verifying the accuracy of stored files using an MD5 hash paradigm amongst other things.

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.