How to Know You Need a Cellphone Forensics Expert

May 5, 2021 | Article

Do you need a cellphone forensics expert in your case?

As technology continues to progress, one of the most important and most personal items we have is our cellphone. Cellphones hold our pictures, videos, calendars, contacts and all our text messages. Volumes could be written on the number of apps available to us today.

While the cellphone is deeply personal to many, it’s also incredibly critical in court proceedings. In fact, the cellphone is the single largest piece of evidence overlooked in the eDiscovery process.

How cell phone forensics works
Standard cellphone forensics typically comes in two different flavors:

  • Logical extractions. A logical extraction is the extraction of all information found on the operating system.

  • Physical extractions. A physical extraction is all the data found on the operating system for any given device as well as the unallocated space. Unallocated space is simply defined as the area or space on the hard drive of the computer that is available to write data to. The unallocated space is not viewable to the typical computer user and requires specialized computer forensic software/hardware to view and analyze.

When a cellphone allows for a full physical extraction, this opens the doors to deleted photos, videos, text messages and more.

Cellphone forensics requires knowledge of each make and model of phone, as well as their operating systems.

The Impact of Cell Phone Forensics on Your Court Case

When we consult on nearly any court case, we ask if mobile devices have been included in the preservation order to opposing counsel.

Cellphone data can make a huge difference in your court case

They offer more information about a person than any other piece of evidence, including:

  • Pictures and videos
  • Text messages
  • Photo messages (multi-messaging service)
  • Call logs (received, dialed, missed)
  • Contacts
  • Emails (depending on device)
  • Internet history
  • Social media

Based on the information needed, a cellphone forensic expert can provide information in a variety of reports. One of the most common and most popular is the UFED Reader for mobile devices.

The Extraction of Deleted Data in Forensic Investigation
When you bring a device in to be forensically analyzed, you will frequently hear the term “forensic image.” This is a term describing the process of information gathering when the source drive is copied in its entirety, encrypted and compressed to a file that can then be loaded into specialized software and analyzed without ever having to touch the actual data from the source drive.

This technique is invaluable to examiners because the information is more than what can be seen on the surface. It includes backup areas, the information that makes the entire computer run and everything in between. It’s within all this information that we can see and sometimes recover the files that were lost.

Why You Should Consider a Cell Phone Forensics Expert Today
Cellphone forensics is an ever-evolving science that requires a constant adaptation to technology. Gaining access to the necessary (and potentially deleted) information in a court-permissible way is essential. The information on a cellphone can go a long way in uncovering the facts of your case.

Eide Bailly’s Digital Forensic Experience

We currently support more than 23,000 devices and nearly 5,000 app versions. This data needs to be viewable on an eDiscovery review platform. Our examiners use Cellebrite, MPE+ and IEF to name a few of our tools.

Learn more about how we look for digital evidence

