This article by Rob Adler looks at when it is warranted to undertake a forensic examination of a mobile device.

For me the key element that stood out whilst reading this piece is the sheer wealth of information that is stored on these devices and how crucial this data can be to investigations, both regulatory matters, as well as litigation.

Not every case will warrant it, but there should be an active discussion to make that decision due to the results it can yield.

When it comes to data stored on a mobile device, there are a multitude of alternative data sources. The most comprehensive of these would be a device backup, whether this is stored in a cloud account, or locally to a laptop or computer. Depending on who or how such secondary sources are managed, this may provide a door to access the required documents without the need for an individual’s mobile device. Obviously, any applicable laws would need to be analysed to ensure there are no breaches to an individual’s privacy in doing so though.

Furthermore, there may be information stored on other corporate systems that can at least help plug certain gaps of information. For example, who else may have been included on emails with individuals whose personal devices hold the same documents, do company backups shed any light or provide yet more completeness to an expected full dataset?

Ultimately companies must ensure that they have the ability to control their data as and when required. Ensuring that employment contracts, and carefully drafted BYOD policies are in place is certainly a good starting point in the process.

In addition to this, there should also be careful consideration as to how information is managed when an individual leaves a company – this is even more relevant to regulated companies, and as such, defined and regular tested procedures should be in place for such situations.

A very useful read for sure.