Outline of Craig Ball's Electronic Discovery Workbook Part 7 - Mobile Devices
Here's a continuation of my outline of the 2016 edition of Craig Ball's Electronic Discovery Workbook which I last posted about March 5, 2017.
X. Opportunities and Obstacles: E-Discovery from Mobile Devices
A. Mobile Miracle 1. IDC, a market research firm estimates that digital data will grow at a compound rate of 42% through 2020. 2. As per U.S. Center for Disease Control, 41% of American households don’t have a land line. 3. As noted by SCOTUS in Riley v. California “Today, by contrast, it is no exaggeration to say that many of the more than 90% of American adults who own a cell phone keep on their person a digital record of nearly every aspect of their lives — from the mundane to the intimate.” 4. Smartphones have these instruments: a. Microphone b. Fingerprint reader c. Barometer d. Gyroscope e. Global positioning system f. Compass g. Accelerometer h. Radio i. Near Field communications j. Proximity, touch, and light sensors k. Still and video cameras
B. Mustering Mobile 1. Mobile device plugs change frequently a. 30 pin dock b. Lightning c. Thunderbolt
2. Windows and MAC are the only two operating systems for desktops, but mobile devices while for the most part either having Android or iOS also include: a. Tizen b. Symbian c. Motorola d. Sailfish e. Bada f. Yaffs g. Ubuntu h. Huawei i. Blackberry j. Windows Phone k. Nokia DCT4 3. Email messaging on mobile phones is encrypted so as to make it impossible to acquire. 4. Forensic disk imaging software can be downloaded for free for desktops, and write blockers can be purchased for $25, but mobile preservation tools are far more costly. $12K for hardware, $3K per year for software. Cellebrite offers data extraction devices for cell phones.
C. Challenges Across the EDRM 1. It takes longer to acquire data from a 64GB iPhone than it does from a 640 GB hard drive. An iPad full of data may take 48 hours to process. 2. Mobile Devices are upgraded and replaced frequently, so data maps may not be current. 3. Companies usually don’t have the means to preserve data on smartphones. iPhone does not give you a way to download or print text messages. 4. Relativity and Concordance cannot ingest and review data from mobile devices and their apps. 5. Predictive Coding not effective on much mobile data such as shorthand messaging.
D. Geolocation 1. Phones broadcast location to within 10 meters. 2. Phones will automatically ping for nearby routers 3. My Nest thermometer knows when someone has entered or left their home. 4. Alexa and Siri can be used to turn lights on and off. 5. Siri listens while an iPhone is being charge, not only when the user holds down the home button to activate her.
E. What to do? 1. Most people are reluctant to part with their smartphones. 2. It’s necessary to provide a replacement.
F. Four Options for Mobile Preservation 1. Demonstrate nothing on phone that can’t be obtained from other more accessible source. In the past Blackberry Enterprise Servers redirected data to Blackberry phones, but now most smartphones have unique data. 2. Sequester the device by putting it in Airplane mode. 3. Software Solutions: Decipher TextMessage and Ecamm PhoneView can preserve messaging. 4. Technician forensically imaging a phone is the most defensible approach. Cellebrite UFED, Micro Systemation XRY, Lantern or Oxygen Forensic Suite. a. Three levels of access i. Physical – most complete, but slowest. Device may have to be rooted or jailbroken. ii. Logical iii. File System b. Encryption schemes often frustrate forensic software.