Digital Forensics Dispatch

Cell Phone Forensics – The Crucial First Steps

October 22, 2019

So you need to provide a mobile device to a forensic examiner for preservation purposes but you are not sure what exactly to do. Let’s face it, for most this isn’t a common situation. Not to worry. By following the advice below you or your client should be able to avoid the common pitfalls involved in mobile device evidence transfer.

The first and most important thing to do once it is clear a mobile device will need to be forensically preserved/analyzed is to stop using the device. Continued use of a device, even for simple tasks like text messaging or web browsing, has the potential to overwrite older data that may be important. To preserve the data on the device it is best to place it in airplane mode to isolate it from the network and then turn it off.

Once the device has been isolated from the network, you will need to determine the best way to get it to your forensic examiner of choice. If the need for analysis stems from a legal matter, chain of custody will be critical. Keeping chain of custody documentation in mind, the user may want to hand deliver the device for analysis. If this isn’t practical, shipment via a reputable delivery service such as FedEx, UPS or USPS with tracking information is also acceptable. It is best to check with counsel and learn the details of any established protocols or orders when making this decision.

If you are shipping it is important to remember electronic devices like cell phones are delicate and susceptible to damage in many different ways. When shipping a mobile device you will need to be sure to protect it from shock and vibration. One way to accomplish this is to use thick pliable packaging material such as bubble wrap, crate paper or foam blocks. Packing peanuts are often not an ideal choice as the device tends to find its way to the bottom of the box placing it directly against the outside box edge with no shielding on one side.

You will also want to protect their device from possible water damage in transit. To keep a device dry, use simple plastic bags or better yet sealed bubble wrap envelope mailers. Finally, while not as obvious as physical shock and water damage, it is possible that as a device is jostled in transit damaging levels of static electricity could build up and cause damage. To avoid this and have the highest level of protection, you can employ an anti-static bag as the first layer of packaging. These types of bags are available from online retailers and many electronics stores. Shippers like FedEx, and UPS also often have them available along with specialty electronics packaging with anti-static measures already incorporated.

To Review:

• Stop using the device as soon as practical
• Put it in airplane mode and/or turn it off
• Keep chain of custody in mind
• If shipping, remember to adequately protect the device

By following these guidelines, you should be able to easily navigate the first crucial steps in any matter involving mobile device preservation and analysis.   

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics