Ready or not, it is time for corporate legal and MIS departments to accept the fact that real and unique corporate Electronically Stored Information (ESI) resides on mobile devices such as iPhones, Blackberrys and tablets. Until recently, most lawyers exempted these devices from preservation and collection obligations with a wide variety of arguments; too difficult, redundant content, inaccessible, lack of explicit caselaw and bipartisan agreements. The rise of the mobile workforce, integrated communications, mobile apps and more have combined to make smart phones and tablets critical sources of unique ESI for corporate executives and other critical personnel. If we accept that mobile devices must be preserved and collected for civil discovery, then we get to the hard question of how to do it.
A quick walk through the history of mobile device forensics will help to understand where the wide array of current forensic extraction technology has come from. Criminal eDiscovery has always blazed the path for civil eDiscovery. The current wave of mobile device discovery is no different in this respect than the earliest wave of large volume email collections and productions in the Enron related investigations in the 2000-2002 period.
Forensic acquisition, extraction and analysis started with relatively crude, manual command line tools that required an expert to run and testify to. Over time, these have evolved into sophisticated programs with wizards and other mechanisms that help to make this functionality accessible to a reasonably competent user with minimal training, such as we have seen with Michigan state troopers analyzing cell phones on road stops.
Just like computers, the earliest forensic cell phone acquisitions in the early 1990's used bit-copy imaging of the phone memory and the SIM cards. An investigator had to essentially 'read' the raw binary or hex code and translate it into call logs or wave files (voice messages) for prosecutors. Nascent PDA phones like the early BlackBerry released in 1999 dramatically increased business usage and the complexity of the data to be extracted. RIM brought the first smart phone to market in 2002 with an actual Operating System (OS) that could handle real email. Susteen claims to have brought the first commercial forensic cell phone software to market with their Secure View 1 product. The introduction of cell phone forensic technology in the 2003-2006 time period corresponds to the jump in business use and the explosion of civil eDiscovery. The NIST Computer Forensic Tool Testing project published their first mobile device Tool Specification in November 2007. Apple released the iPhone in 2007, which was the equivalent of dumping rocket fuel on the executive bonfire. Every C-level executive had to have one.
That tells us where cell phone forensics came from. Over 20 technology providers actively market forensic software/hardware for mobile devices at this time. But most of these target law enforcement instead of corporate legal. The relatively high standard of care and training required for criminal forensics are not suitable or scalable for typical corporate civil discovery. The real question is whether these true forensic technologies can be adapted for use by legal IT professionals in civil litigation scenarios large and small. Widespread adoption of mobile device discovery will require practical preservation, extraction, processing and review of ESI from mobile devices with minimal training at a reasonable cost. We can see the next wave of eDiscovery sources on the horizon, but it is not yet clear if the market is ready to support the customer requirements.
Most of all, I would like to hear from corporate and law firm specialists on the ground floor who are actively evaluating or using technology to preserve, extract and analyze mobile devices for civil matters. Im interested in best practices and practical solutions as well as any offerings that my initial survey missed. This is the bleeding edge of civil discovery, so we all want to hear about your hard learned lessons tackling these complex and varied devices. So take the survey and shoot me a line at Greg@eDJGroupInc.com.
Greg Buckles is the co-founder and CTO for the eDJ Group.