In the last quarter of 2011, a Raleigh, N.C.-area doctor sensed something was off with his wife. She was acting too perfect, as if she was covering something up, but he had no evidence. He even checked out her iPhone, but found nothing suspicious.
Until a few years ago, the doctor wouldn’t have been able to glean any evidence from his wife’s phone without spending a lot of money and taking possession of the iPhone long enough to arouse his wife’s suspicions. Finding deleted files and nonstandard information on a smartphone was almost impossible back then because you could only extract data on a given smartphone’s terms, explains Derek Ellington, president of Ellington IT & Forensics. “Everything you got was filtered through the phone’s own software, and usually didn’t include much in the way of deleted files,” he says.
