Setting the stage for mobile device e-discovery

Electronically stored information on mobile devices—mobile ESI—is quickly becoming relevant, if not critical, in a wide variety of corporate investigations and litigation including employment, intellectual property and trade secrets, securities, and other areas. Even so, many organizations face a number of challenges in obtaining mobile ESI, not least of which is the blurry and sometimes shifting line between personal and corporate data.

Scott-Giordano-255x300Scott Giordano, Exterro’s Corporate Technology Counsel, applies legal, business, and technical skills to problem-solving in corporate ethics and compliance, information security, and electronic discovery. Together with Cellebrite’s forensic technical director Yuval Ben Moshe, Scott will present during Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection.

I took the opportunity to speak with Scott about the need for mobile forensics as part of a holistic e-discovery approach, how privacy laws affect mobile e-discovery globally, and the need for strong policy as a result—no matter the size of an organization.

Christa Miller: Many companies resist collecting mobile device evidence because they see it as redundant, especially when their burden of proof is only preponderance of the evidence, and they must take proportionality and cost into account. What’s the tipping point between collecting enough, and being thorough in building a case?

Scott Giordano: While there is a fair amount of redundancy between what’s already on the network and what’s on mobile devices, much of the information likely to resolve a matter can only be found on the latter—geolocation information, for example.

I can tell you that the first time I saw a Cellebrite presentation, I was made a believer.  The best way to meet the preponderance standard is to identify those few “documents” – pieces of information, really, that succinctly demonstrate to a jury a particular chain of events and merit only one conclusion.

Christa Miller: You’re a Certified Information Privacy Professional (CIPP) in both the US and Europe. How do privacy laws in each region affect mobile devices in the workplace? How do they overlap, and how are they different, especially with regard to BYOD? What might US corporations take away from European corporate compliance, particularly around concepts like “the right to be forgotten”?

Scott Giordano: Employee-owned mobile devices are rapidly being woven into the fabric of U.S. corporate operations via BYOD, but in the EU they’re still considered completely separate and off limits.

As a result, if U.S. multinationals want to use the same model, they’re going to have to take into account regulations at both the EU- and local levels, build policies that adhere to them (including the right to be forgotten to the extent it’s implemented) and deploy if allowable, which is not always a given.

Christa Miller: Some corporate counselors recommend that companies audit mobile devices upon employees’ exits and at other designated intervals. Others shy from collecting BYOD data because they don’t want to be liable for access to deeply private data such as personal health information. Can you give examples of how companies can address the need to protect their own data, vs. the need to protect employees’ privacy?

Scott Giordano: All of this has to be addressed via policy from the introduction of the mobile device into the corporate firewall, otherwise you’ll potentially face different outcomes in every jurisdiction and even then it will likely vary from case to case.  This lack of policy clarity is essentially the reason for the result in the Cotton v. Costco opinion that was handed down this year.

Christa Miller: Smaller companies, including SMBs, may perceive that corporate compliance is only for the Fortune 500. From an infosec and employee privacy standpoint, what steps can these firms take to protect themselves in the event of BYOD-related litigation?

Scott Giordano: SMBs have to take these issues seriously and, again, it goes back to developing policies and setting expectations for both the employer and employee.  Employees often fail to understand that employer data that’s on their devices is still the employer’s property and litigation over privacy and intellectual property can (and often does) get ugly.  Moreover, those devices broaden the corporate attack surface and have to be addressed from that standpoint.  Better to prevent or mitigate it in the first place.

Christa Miller: You are speaking on Exterro and Cellebrite’s upcoming webcast (May 14), Step Up Your ECA Game Plan with Mobile Device Data Collection. What do you hope viewers come away with from the presentation?

Scott Giordano: I hope that they’ll come away with the following:

  1. Mobile devices are rapidly become part of the larger e-discovery universe
  2. Early data- and early case assessment for mobile devices are crucial tasks for litigation success
  3. The time to prepare is now.

Read more about Cellebrite’s perspective in Exterro’s interview with Yuval. To learn more from Scott and Yuval about the necessary policies to defensibly collect mobile data and best practices for speeding up the mobile data collection process, register for Exterro and Cellebrite’s complimentary webcast, Step Up Your ECA Game Plan with Mobile Device Data Collection, airing on May 14.

New UFED release delivers improved workflow, permission management, a new mobile app, and more

The new UFED 3.0 release is designed with front-line investigators in mind. From a new permission management and user authentication capability, to a much more streamlined extraction workflow and a mobile app that’s accessible from any iOS or Android device, the new UFED promises to make your work more efficient by getting you the data you need faster.

New user authentication and permission management

Many labs are struggling with backlog and the need for front-line investigators to get quicker access to information in order to begin or complete an investigation. However, doing so within the “right to know, need to know” boundaries of both legal authority and internal standard operating procedures and policies is important to retain community trust—whether you work in law enforcement or in the corporate environment.

The new UFED Permission Manager standalone application allows an administrator to create profiles and manage user accounts, including usernames and passwords, which enable users to perform specific extraction activities. Each profile contains access permissions, including operation rights per extraction type, content types and more.

Once these are created, the administrator can then export the users and profiles into an encrypted permission management file, and in turn into multiple UFED Touch and UFED 4PC units. This file activates user authentication, ensuring that only users with the right credentials can access the UFED and perform the extraction types they have permission to perform.

New smoother workflow

Customers have been asking for a more efficient extraction workflow, and we’re pleased to deliver it in UFED 3.0! Now start your extraction process in UFED Touch or UFED 4PC by selecting the device vendor, before proceeding to the specific device selection screen. The UFED interface then provides a list of supported actions for that device.

After installing the update, the UFED Touch/4PC application will notify you about the new workflow and provide instructions on first usage.

The new smoother workflow includes an Auto Detect feature. Connect a device and push the AutoDetect button on the main screen; AutoDetect will run automatically on UFED 4PC when the UFED Device Adapter is connected.

autodetect

New UFED Phone Detective mobile app

While in the field, use the UFED Phone Detective mobile application to look up extraction and decoding capabilities—as well as whether lock bypass is supported—for all device profiles supported by UFED hardware and software. Use your my.cellebrite.com credentials to login, then search by vendor and model.

Android_en_generic_rgb_wo_60

 

 

Download_on_the_App_Store_Badge_US-UK_135x40

 

New device, decoding and app support

New device support includes logical extraction for BlackBerry 10, physical extraction for a number of new Samsung devices, and Advanced Logical extraction for iOS 7.0.6/6.1.6.

New decoding support is available for enhanced locations decoding from file system and physical extraction of iPhone 4 running iOS 7.x, along with enhanced decoding of application permission to include permissions to location services. Enhanced decoding of contact list, call log, calendar, and tasks is now supported on Windows Mobile 6/6.5 physical extractions, as well as backup decoding from the latest devices running Android version 4.x.

New Android and iOS apps now supported for decoding include Burner (calls, contacts and SMS messages), WeChat, Badoo, BlackBerry Messenger, and Silent Phone. Additional decoding is also newly available for WhatsApp, Facebook, Gmail (for Android) and the new Line version for iOS.

For more information on these new features and support details, as well as a rundown of new UFED Physical/Logical Analyzer functionality, download our release notes here.