System Forensics, Investigation, and Response, 3rd Edition

Seizing Evidence from a Mobile Device

Once you are ready to seize evidence from the mobile device, remember the following rules:

If you are going to plug the phone into a computer, make sure the phone does not synchronize with the computer. This is particularly important with the iPhone, which routinely auto-syncs.
Follow the same advice you follow for PCs. Make sure you touch the evidence as little as possible, and document what you do to the device.

One of the most important things to do is to make sure you don’t accidentally write data to the mobile device. For example, if you plug an iPhone into your forensic workstation, you want to make sure you don’t accidentally write information from your workstation to the iPhone.

If the forensic ...

Get System Forensics, Investigation, and Response, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

System Forensics, Investigation, and Response, 3rd Edition by Chuck Easttom

Seizing Evidence from a Mobile Device

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly