Personal mobile devices house tons of relevant data, but standards for data extraction from mobile devices remain variable and confusing for many.
In a packed room at the Legalweek: The Experience conference, panelists for “Mobile Device Investigations: From Android to iPhone and Back” discussed the practical realities of collecting mobile data for litigation. Michael Burg, corporate counsel for DISH Network; Clifford Nichols, senior counsel for Day Pitney; and Rich Robinson, e-discovery and information manager for JCPenney, all brought their legal perspectives on mobile phone data, while Kroll Ontrack director of consulting operations Jason Bergerson showcased a mobile phone extraction on his own phone.
How mobile data extraction works: Bergerson explained that cell phones are not like your traditional hard drive or server—the file structure is diffuse, volatile, and spread across innumerable apps and services. When programs go in to copy disk images from a device, the data you get back is stored in lots of little mini-databases, many of which have only partial data that can be extracted and read.
How to deal: The panel suggested that attorneys start by shifting their mindsets around mobile data. “The more you can get to the idea that the phones themselves are viewers of other data, the better off you’ll be,” Bergerson explained. Thinking of the device as simply a “viewer” of data rather than a storage device for unique data may help attorneys and companies prepare for any potential problems.
Consider a work-around: Because extracting data isn’t a perfect or necessarily clean process, Bergerson encouraged the room to consider where else data might be stored or backed up. “You will find numerous locations the data will exists,” Bergerson suggested, adding that forwarding servers, iCloud backups and vendors are all good places to check for more stable data.
Define what you need: Knowing what kinds of data you may or may not need off of a mobile device is crucial to the process. Nichols said attorneys should come armed with information about what information is absolutely necessary to extract to be ready for the inevitable conversation about the need for mobile data. “It’s got to contain information that is unique to that location or is not easily accessed somewhere else,” he said, adding that data should clearly also meet standards of reasonableness and relevance.
Design a mobile policy: At this point, all three legal operatives said establishing a mobile device management policy for your business or firm is critical. While companies may want to avoid dealing with such a policy altogether by simply telling employees they can’t use personal devices for work product, Nichols encouraged the room to be realistic about current mobile usage expectations. “We can’t tell our employees these days, ‘You can’t use your phones to do business,’” he said. “They’ll ignore you.”
Consider a mobile device management system: Often companies need access to phone data well after an employee has left a company, taking with them their login credentials. Bergerson explained that logical extraction, which is the easiest way to take data from a device, isn’t really possible without a device password (something that most major companies require). “The issue with logical extraction is it will often fail if there is an encryption password,” he said. Robinson suggested that including a mobile device management system in your company policy “allows you to remote connect to the phone and force a password change,” should you need to bypass custodian cred