Mobile devices have become the main tool for interpersonal communication. The applications are ever growing: messaging, email, ride-hailing, live mapping…etc. As the applications grow more diverse, so does the data the mobile devices capture:

• Message contents
• GPS locations
• Media (images, videos)
• Application records…

This information can be analyzed in the same way as standard computer forensics. However the capture method is substantially different and will require action for the client to preserve state:

• The mobile device has to remain powered on, unlocked (if possible) and isolated from WiFi or 3G signals. The easiest way for our clients to do this is to plug it the device on to a power bank, enable airplane mode and remove the sim card. A forensic method is to use a Faraday case (a metal box that will block signals from outside).
• If the device has been found unlocked, we could quickly disable the password settings as well.

Once seized the device can be imaged with a variety of different tools (depending on make, model and OS version).