EDGE Tip: Cell Phone? Do this Immediately!

EDGE Tip:   Cell Phone?: Do This.  Immediately!

What should you tell a client to do with a cell phone until it can be properly preserved?

Our last Practitioner’s EDGE Tip explained the urgency in quickly preserving cell phone content due to how quickly critical content is destroyed, but, since content is continuously being destroyed …

What do you tell a client or custodian to do (or equally important, not do) during the time until a defensible forensically sound collection can be completed?

Device on or off?  What if it’s on?  What if it’s off?  Back it up?  Sync?  Disable any of these?  What about OS updates?  Continue using?  [FYI- the answers to each can vary!]

There is no one-size-fits-all answer.  Truly, as quickly as possible (ie, immediately), reach out to your favorite mobile device expert with the following information at the ready:

• Make/model
• Operating system, including version
• Preservation/collection target (eg, texts, pics, call log, etc.)
• How the collected content is relevant

…and ask for the specifics on what the client/custodian should be directed to do, or not do, given the specific criteria until the expert can perform a defensible collection.

If you can’t quickly get an expert’s attention, or until you do, below are suggestions that should cover most eventualities:

1. Act fast!
2. Power On, or Off?
   1. You have PIN/Passcode ==> OFF
   2. No PIN/P-code ==> ON, IF:
      1. Can put in airplane mode and remove SIM card
      2. Turn off WiFi and Bluetooth for iOS (Apple) devices
      3. Keep charged

3. Suspend
   1. Cloud back-ups.
   2. Remote access.
4. Disable / do not complete software updates

To receive Protek’s continuing Practitioner’s EDGE Alerts/Tips series, please feel free to send an email to info@protekintl.com with the subject line “Send EDGE.”

Click this link for the related PDF index card!
Immed-Steps-Index-Card