Forensic Data Collection From Mobile Devices
When our client, a global financial services institution, needed to quickly investigate a suspected security breach which required data from over two hundred of its employees’ mobile phones to be collected and reviewed, our computer forensic experts were able to help.
Our client approached us following a suspected security breach, and it needed to collect data from over two hundred mobile devices from employees in a short time frame. Yet the operational, legal and practical challenges were daunting.
The logistics of such a task, which encompassed both corporate and personal devices, were highly complex when surrounding such a sensitive issue. With the industry norm of a turnaround time of three-to-four hours per device, collecting more than 100 in one day posed a significant challenge. However, our computer forensics experts who have a proven track record of being able to extract data types, including deleted files, from mobile devices quickly and seamlessly, embraced the challenge head on.
Their immediate priority was to design a forensic process which would enable a timely collection and return of all the devices, and the extraction of all the relevant data, with minimal business disturbance. They supported this with a fully documented, defensible and proportionate process which included clear chain of custody records.
Having collected the data, the team then converted it for review on FTI Consulting’s propriety e-discovery and data analytics software, Ringtail. Ringtail enabled the team to deconstruct each mobile phone data source into individual messages, call entries, and contacts – a granular level of data which enabled the client to quickly refine their review to specific points-in time and identify where specific phrases, numbers and events were used.
Owing to the speed and rigour with which we designed and implemented the bespoke process, our client was able to retrieve all of the data and information it required with the full cooperation of the device owners and with no material disruption to the business. As a result, the client was able to discover all of the information it needed to pursue its internal investigation. As the inquiry continued, our team of experts trained the client’s own IT, security and legal teams to be able to quickly and cost-effectively undertake further reviews themselves, in full adherence with relevant data privacy laws.