Asia (Other)

Screen Shot 2019-04-12 at 3.32.17 PMIt is an integral part of our life these days and an item that is rarely further than arm’s reach. There are thousands of different models running various operating systems. With each year comes a larger device with the latest devices having a storage capacity of up to 512GB with expandable memory of another 512GB. As you would have guessed, I’m talking about mobile phones. 1TB is a lot of data, but what sort of useable data can we get from a mobile phone?

Let’s think of it in terms of an investigation. One of your staff members has been accused of stalking and harassing a fellow staff member. What steps do you take to secure the potential evidence that is located on their work mobile and what type of evidence would you find?

Can you obtain the device?

The first step is to work out whether you have any legal right to obtain the device. Some companies will issue their staff a mobile device and other companies may allow bring your own device (BYOD). Certain states even allow surveillance of personal devices when they are being used at work using work wifi systems. In some instances, a person may provide consent for their mobile device to be imaged and reviewed and in these instances, you would ensure they have provided written confirmation. In other instances, you may need to rely on the company policies or you may not have any right to the device itself. The key to this first step is the policy the staff member has agreed to which will require discussion with your IT and legal team.

Secure evidence

Similar to any electronic devices which may contain key data, if the device is on, try to utilise a power source to keep the device powered on. If the device is off, leave the device in this state. If the device is on, enable airplane/flight mode. This will ensure they are not able to remotely wipe the device. You will need to obtain the PIN code from the staff member in majority of instances. Some devices can be accessed using software without the PIN code, however this will not be applicable to the latest devices.

Forensically acquire device

Mobile phones are becoming increasingly more difficult to obtain the data from so we would recommend you utilise forensic software and hardware to take an image of the device. Forensic software will have varying levels of interactions with the mobile device, which can affect whether the data itself is defensible, so make sure you research what software is forensically sound and you obtain suitable training in case the matter requires attendance in court. Through suitable training and certification, you will be able to justify the actions you have taken in imaging the device and explain how the information was obtained from the data set.

Avenues of investigation

The following are some potential avenues of investigation that relate to data obtained from a mobile device:

  • Correspondence between the two parties
    This could include call logs, SMS/MMS/iChat messages, various chat applications such as WhatsApp, WeChat, Viber, Messenger etc.
  • Correspondence between the accused and third parties that may mention the defendant
  • Internet history
    This could show the accused performing searches online for the defendants’ address, social media accounts, etc.
  • Media
    This could include photos or videos that the accused has taken of the defendant which could also include valuable data such as time stamps and GPS coordinates.
  • Location data
    This could provide GPS coordinates to indicate at certain points of time where the accused was in relation to the defendant.
  • Recover deleted data
    In some instances, data that has been deleted such as messages can be recovered. As with all deleted data, time is of the essence. The likelihood of recovering deleted data will decrease with time, especially with mobile devices.
  • Linked Devices
    Bluetooth history from the device may indicate linked devices such as smartwatches or car entertainment units which could provide further avenues to investigate.
  • Cloud Storage
    The above considerations relate to data contained on the device however a review of the applications may provide further avenues to investigate such as cloud storage of the device or individual applications.

These avenues of investigation can be performed alongside the defendants’ statement and a forensic image of their mobile device to corroborate or contradict their claims.

At the end of the day, forensic evidence can be a key source of truth to decipher between contradicting statements.

_________________________________________

 

By David Kerstjens
E: david.kerstjens@lawinorder.com
W: www.lawinorder.com.sg

 

_________________________

Screen Shot 2019-04-12 at 3.34.17 PM

3 Phillip Street, #17-01, Royal Group Building, Singapore 048693
T: (65) 6714 6655
F: (65) 6714 6677
E: singapore@lawinorder.com
W: www.lawinorder.com.sg

Related Articles by Firm
Data collection and early case assessment for investigations
Data collection and analysis for investigations is very different to collection for discovery or review. This article discusses the differences; how Early Case Assessment (ECA) can assist and the benefits of using review technology ...
Spotlight on eDiscovery
Many people are still confused about what electronic discovery encompasses ...
Will we see the end of Keywords in eDiscovery?
With the advances in Technology Assisted Review (TAR), it raises questions as to whether keywords still have a place in eDiscovery ...
How to Make Data Collection More ‘Effective’
Data can be collected efficiently, but if relevant data is not collected then the case will not come together.
Information Governance: Preserving Data and Being Prepared for Investigation
Organisations need to ensure their rules around information governance are being enforced. Many US organisations have an information governance officer in their IT, legal ...
How to speak IT
Ideally, everyone should have a basic understanding of the company’s IT infrastructure, not least because as more companies digitise, the risk of cyber threats increases. A cyberattack can come from anywhere ...
Computer Forensics and the Rise of the Drone
With more people being confined to their homes in different parts of the globe, hobbyists will be finding new uses for their drones ...
Redactions? How to Ensure There are no Nasty Surprises
With recent headlines highlighting the damage and embarrassment that can be caused by poorly redacted documents, it is no wonder many firms and corporates are turning to legal document management specialists to secure their redactions ...
Self-Collection Risks
When digital evidence is required at the start of a matter, it’s easy to get swept up in the moment and start rushing to gather the evidence but this is a key time to step back, take a moment ...
What Happens After the Dawn Raid?
The dawn raid has led to the forensic collection of 100,000 documents, now safely secured on a hard drive. What is the process from here? It’s important to plan your strategy in advance to minimise downtime, extract relevant documents and ...
Bringing eDiscovery In-House? Four Tips to Get You Started
With an increase in litigation and in costs for document review, more and more companies are considering bringing parts, if not all, of the eDiscovery process in house ...
A Lawyer’s Future is Looking Sharp with Electronic Hearings
The benefits of running an efficient collection and forensic process extends all the way to the hearings room ...
Forensic investigations, the role of corporate counsel and the rise of information governance
Head of Forensics – Erick Gunawan, discusses the Role of Corporate Counsel in the context of litigation or investigation and the increasing importance of information governance ...
Forensic investigations and cross-border matters
What are the current trends in forensic investigations for cross-border matters? Head of Forensics - Erick Gunawan, looks at the constant evolution in data types and volumes, and the ever-tightening data privacy laws and regulatory intervention ...
Adopting eDiscovery for internal investigations
In-house counsel are often called on to manage an internal investigation. How can you effectively plan for and manage these investigations? We explore how electronic discovery (eDiscovery) tools help you mitigate risk and achieve your fact-finding mission.
Related Articles
Related Articles by Jurisdiction
Reducing and removing involvement in modern slavery
The first of four reports from Kroll and Liberty Asia on how to mitigate any hidden compliance and reputational risks relating to human trafficking issues ...
Information Governance: Preserving Data and Being Prepared for Investigation
Organisations need to ensure their rules around information governance are being enforced. Many US organisations have an information governance officer in their IT, legal ...
Latest Articles