My recent piece on Mobile Discovery – Are You Ready For It? seemed to hit a nerve with eDiscovery providers and practitioners alike. It generated a wave of article requests, product briefings, analyst inquiries and even hands on training and kit offers from market leaders. The volume of the response tells me that ready or not, it is time for civil eDiscovery to accept the fact that mobile devices are a real source of ESI. So I am reprioritizing my research schedule to survey mobile device solutions and best practices from the corporate and law firm civil discovery perspective. The first step is a fast six question survey launched today on mobile device discovery. Please take a minute and see how you compare to others. The next step is a look at the history of mobile device forensics to understand where the wide array of current offerings come from.
Criminal eDiscovery has always blazed the path for civil eDiscovery. The forensic extraction of information from cell phones is no different in this respect than the earliest large volume email productions in the Enron related investigations. I know because I managed some of those email collections back in the early 2000-2002 period. Forensic acquisition, extraction and analysis start with relatively crude, manual command line tools that require an expert to run and testify to. Over time, these have evolved into sophisticated programs with wizards and other mechanisms that help to make this functionality accessible to a reasonably competent user with minimal training, such as we have seen with Michigan state troopers on road stops.
Just like computers, the earliest forensic cell phone acquisitions in the early 1990’s used bit-copy imaging of the phone memory and the SIM cards. An investigator had to essentially ‘read’ the raw binary or hex code and translate it into call logs or wave files (voice messages) for prosecutors. Nascent PDA phones like the early BlackBerry released in 1999 dramatically increased business usage and the complexity of the data to be extracted. RIM brought the first smart phone to market in 2002 with an actual Operating System (OS) that could handle real email. Susteen claims to have brought the first commercial forensic cell phone software to market with their Secure View 1 product. The earliest reference I could find was a 2006 add, but I am hoping that I will get a more definitive date for my research report from readers. The 2003-2006 time period feels right given the jump in business use and the explosion of civil eDiscovery. The NIST Computer Forensic Tool Testing project published their first mobile device Tool Specification in November 2007. Apple released the iPhone in 2007, which was the equivalent of dumping rocket fuel on the executive bonfire. Every C-level executive had to have one.
That tells us where cell phone forensics came from. A quick check found almost 20 providers actively marketing forensic software/hardware for mobile devices. But most of these target law enforcement instead of corporate legal. Below is my initial list of providers and I would love help from actual users to filter out those not really suitable for corporate users and civil discovery.
AccessData FTK – MPE+
- CellDEK – Logicube
- Device Seizure – Paraben
- EnCase Neutrino – Guidance Software
- Final Data – Final Mobile Forensics
- iPhone Analyzer
- iXAM – FTS
- Lantern – Kantana Forensics
- MacLockPick – SubRosaSoft
- MobiLedit! Forensics
- MobileSyncBrowser – Vaughn S. Cordero
- Mobilyze – BlackBag Tech
- Oxygen Forensics for iPhone
- Physical DD – Jonathan Zdziarski
- Susteen DataPilot Secure View
- UFED – Cellebrite
- XRY – MicroSystemation
Most of all, I would like to hear from corporate and law firm specialists on the ground floor who are actively evaluating or using technology to preserve, extract and analyze mobile devices for civil matters. I’m interested in best practices and practical solutions as well as any offerings that my initial survey missed. This is the bleeding edge of civil discovery, so we all want to hear about your hard learned lessons tackling these complex and varied devices. So take the survey and shoot me a line at Greg@eDJGroupInc.com.