As people are moving away from email as their default communication tool, key information related to business transactions, product development, and nefarious behavior is often found buried in mobile data, and the work-from-home movement has only amplified this.
To fully understand the substance of such communications, the individuals involved, and how this affects your case, it is critical to effectively extract data across all tools used to transmit relevant information.
Modern professionals now rely on a combination of platforms for business and personal communications, and the work-from-home movement has only amplified this.
What does this mean for legal practitioners?
Considerations and best practices: Mobile data
Key information can reside in multiple locations concurrently, because modern conversations frequently cross over from email to text to collaboration tools, and loop back again – all on one mobile device.
Additionally, collecting and reviewing data from different sources is only two thirds of the equation. Practitioners must also consider the ease of producing this data to opposing counsel.
Ensuring you have a tool that can optimize collecting, reviewing, and producing these data types is key to accelerating review and reducing time to insight.
💡Pro tip: Ask your technology provider for examples of how different data types will render. We have included an example from DISCO Ediscovery in this blog.
Get (all of) the data
Because there are multiple layers of authentication required to access all potentially relevant information originating from a mobile device, physical possession of the device alone may not be sufficient to access everything.
Per DISCO Director of Forensics Dave Hendershott, speaking from 20+ years of forensics expertise, “There are considerations for how the device is set up for each of the applications stored. It’s common to have these applications store their complete data in the cloud. Therefore, having the physical device alone will only provide data actually stored or cached to the device itself. Even data such as the camera roll and native messages are typically offloaded to the cloud.”
For this reason, you should also obtain login credentials for the iCloud, Google Drive, or other relevant cloud storage to access any material stored off the device.
What you can forensically and defensibly image from a device also depends on the model of the device and the version of the software it is running. It is extremely important to ensure you or your forensic partner are using the right technology to access the data on the specific model and operating system of the device(s) you are dealing with.
Make sure the output is clear and easy to review
SMS (Short Message Service – i.e., text messaging) is the traditional communication style on cell phones. However, when data is exported from phones using collection tools, the output can be difficult to parse without the appropriate expertise.
It’s important to work with technology that can render text messages in an easily digestible format in order to accelerate time to insight. Not all tech is created equal on this front! Be sure to ask for an example of text data in any review tool you are evaluating for a matter that will be SMS-heavy.
Note: Make sure that the text messages you’re handling are easy to review and easy to produce. Nobody wants to spend time redacting a 100-page document of messages when you only need to produce a few select messages from the thread.
Know where to look for data
There are a variety of data types and locations that may be relevant in mobile data discovery.
Data may reside on the physical device, in a cloud-based backup, and in third-party applications.
In the event you are dealing with international matters and/or data in a chat app like WhatsApp, Telegram, or WeChat, global data privacy concerns may arise, depending on where the third-party application hosts the relevant data.
Be aware of “Bring Your Own Device” policies
In today’s rapidly evolving work environment, Bring Your Own Device (BYOD) policies have become more common. The proliferation of companies allowing employees to use their personal smartphones, tablets, and laptops for work tasks further complicates the challenge of working with mobile data.
From increasing the variety of potential device types and models to the commingling of personal and work-related data, these policies add nuance to data preservation and collection.
Additionally, BYOD policies may limit an enterprise’s control over which applications employees add to their devices, and how those might interact with remote collection and wiping capabilities.
Dig into your client's device policy early in the preservation discussion to uncover these issues.
Ediscovery Expanded: Mastering Complex Data from Slack to Signal and Beyond
Now that you’ve mastered mobile data, uncover the considerations and best practices for handling other complex data types in ediscovery, including:
- Ephemeral messaging
- Internet of things devices
- Social media platforms
- Virtual conferencing data
Download the complete guide here.
And, if you’re ready to collect from collaborative data sources with DISCO, request a demo to see what we can do for you.