Our Members:

Mobile Device Forensics Part 1

Authorization and documentation.

By: Janet Smith


Mobile devices contain a wealth of data, making them a crucial source of digital evidence in civil and criminal investigations. Mobile device forensics involves extracting, analyzing, and presenting data from these devices in a report for legal or corporate investigations. However, two essential steps must be taken. This article will explore these critical processes that must occur before examining the first byte of data.


Authorization

Before any digital forensic examination takes place, it must be appropriately authorized. Without authorization, examiners risk violating computer trespassing and privacy laws, infringing on civil liberties, or rendering the evidence inadmissible in court. Authorization can take different forms depending on the situation.


The simplest method is consent from the device's owner, which is common in civil or corporate investigations. Consent must be informed, meaning the individual understands the scope of the examination and the data to be reviewed. Consent documentation is crucial, and it must be recognized that consent can be withdrawn at any time. If this occurs, the forensic extraction or analysis must cease.


In corporate environments, examining company-owned devices is often more straightforward. Many companies have policies allowing them access to data on devices issued to employees.  Typically outlined in employee handbooks or contracts, these policies authorize the company to examine devices and reduce employees' privacy expectations. Corporate forensic examinations are standard in security breaches, internal investigations, eDiscovery, and compliance audits. However, even in these cases, the policies must be clear, reasonable, and lawful to avoid legal complications.


In criminal investigations a search warrant is preferred over consent. A search warrant is a legal document issued by a judge or magistrate that authorizes law enforcement officers to conduct a search of a specific location, person, or vehicle for evidence related to a crime. It must be based on probable cause, meaning there is a reasonable belief that evidence of a crime will be found at the place to be searched. The warrant typically outlines:


  1. The specific location to be searched (e.g., a home, office, or car).
  2. The items to be seized, such as documents, electronic devices, or illegal substances.
  3. The timeframe during which the search can be conducted.


Search warrants are required by the Fourth Amendment of the U.S. Constitution to protect individuals from unreasonable searches and seizures, ensuring that law enforcement follows proper legal procedures. 


Proper authorization is crucial in a digital forensic investigation. Failing to follow the correct procedures can lead to severe legal consequences, such as excluding evidence from court and undermining the investigation. Once authorization is obtained, the next step is to collect the physical device. For this article, we'll assume that approval is granted, the chain of custody is intact, and the device is now in your possession.


Documentation

Now the examination begins with creating the appropriate documentation. It is vital that the examiner follows their organizations standard operating prosecutes or standard work process. Label the device according to your protocols. Ensure that all related components, such as chargers, SIM cards, and cases, are adequately documented.


Read More

Join

A

S

D

F

E

D

Click here

Featured member

CONTACT US


The American Society of

     Digital Forensics & eDiscovery, Inc®

      For Digital Evidence Experts™

      2451 Cumberland Parkway, Suite 3382 

     Atlanta, GA 30339-6157

     (404) 919-1143


CONTACT  US




ABOUT

BENEFITS

BY-LAWS

CALENDAR

CONTACT

DONATE

LEADERSHIP

PRIVACY

TERMS


Copyright 2024

All Rights Reserved

Powered by Wild Apricot Membership Software