Mobile Device Digital Forensics – Recovery of Digital Evidence

Author: Jon Isenberg 2-minute read

Computer Forensic, Cybersecurity and Managed IT Solutions.

Mobile devices have become an important part of people’s daily lives. As such, they are prone to facilitating criminal activity or may otherwise be involved when crimes occur. The crime may not be caused by the owner of the device, but may capture information about the crime (i.e. photos, text messages, etc.) itself.

In the field of Digital Forensics, which includes many types of devices in addition to just computers, it is important to recognize the process of retrieving information needed for the legal process. Mobile device forensics obtains digital evidence from mobile devices for an investigation. Mobile devices can include smartphones, PDA devices, GPS devices, and tablet computers.


There is a growing need for mobile device forensics as these devices can store and transmit both personal and corporate information and can be used for online financial transactions. Lawsuits that involve the need for information from mobile devices requires a person who is highly skilled and certified to perform the data extraction and evaluation. This is a higher-than-normal skill set than found in a typical IT department.

The evidence found on mobile devices can include the following:

  • Date/time, language settings
  • Text messages
  • Photos
  • Application data
  • Geolocation information
  • Web browsing activities
  • Call detail records
  • Deleted items records

The process requires specialized software, and great care must be taken to ensure that the data is not altered or compromised. The time to perform the information extraction process will vary and is based on these variables such as:

  • Type of device (i.e. Android, iPhone, etc.)
  • Size of the storage device (i.e. 32 GB, 64 GB, 256 GB, etc.)
  • Power state of the device (powered on or powered off)
  • is the password for the device provided by the owner of the unit?
  • Physical status of the device. Is it damaged and if so, can it be repaired prior to the extraction of the information?

Once the information is obtained from the mobile device, it is then analyzed by an examiner using the requirements as provided by the legal proceeding. For example, if the legal proceeding is requiring text messages and call record details for a specific time frame, then the examiner can apply date filters and subsequently export the requested of information. Upon the conclusion of the evaluation, a report is typically prepared to be sent to the legal counsel. In addition, in many circumstances, the examiner will also be asked to testify at a deposition and/or a trial.

Given the skill set required and the possible need to serve as an expert at trial, when selecting a Digital Forensics Investigator, pay particular attention to the examiner’s experience, knowledge, dedication, judgment, responsiveness, and efficiency.


Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit or call 866-354-5240.

Recent Posts


Drop us a line at 866-354-5240, email, or send us a message below. We’d love to hear from you!