Need help with anything in this article or have other questions? Contact us at support@noticiasolutions.com
Step 1: Confirm the Need
Before any collection, ask: is mobile device collection actually necessary? If the target data is email, a copy almost always exists on a server or exchange environment - go there first. Mobile collection should only be pursued when the data is device-specific, primarily:
- SMS / MMS
- Facebook Messenger (though desktop access may be available)
- Other messaging apps without cloud backups
Do not collect from a mobile device based on suspicion alone. There must be a confirmed or highly probable relevance.
Step 2: Assess Risk Level
Unlike criminal investigations where full collection is standard, civil and corporate matters require a proportionality assessment. Consider:
- How sensitive is the personal content likely to be?
- Is there a risk of non-cooperation, no-shows, or spoliation if the custodian feels their privacy is being violated?
- Does the scope justify the disruption and pushback?
Step 3: Choose a Collection Method
The methods below are ordered from least to most disruptive:
- Option A - Screenshots (Self-Collection) The custodian takes screenshots directly on their iPhone or Android. Acceptable for low-volume, targeted content. Low disruption, easy to execute, but not forensically sound and easy to miss content or manipulate.
- Option B - Print to PDF via Mac Messages App If the custodian has a Mac, they can open Messages, pull up the relevant conversation, and print to PDF. One conversation at a time. Simple, low-disruption, produces a readable output. Limitations: Mac required, not forensically verified, limited to iMessage/SMS.
- Option C - Self-Help Software (Agent-Based Collection) Software installed on the device that allows remote download of content. More comprehensive than options A/B. However - Duncan's note: high error rate, custodians frequently misconfigure it, and it is disruptive. Not recommended as a first choice.
- Option D - Remote Connection via iCloud / Apple Devices Remote access to the device backup or live data via iTunes or the Devices interface. Requires device credentials and passcodes, which custodians are reluctant to provide. More comprehensive than self-help software but faces significant cooperation challenges.
- Option E - Physical Collection The device is physically collected and forensically imaged. Produces 100% of device content - all messages, group chats, media, app data, deleted content. Most defensible method. However: maximum privacy intrusion, highest resistance from custodians, and significant scope of personal content that may require filtering.
Key Tension to Manage
Even on a company-issued device, there is a recognized reasonable expectation of privacy for personal content. This creates real practical risk - custodians push back, delay, or delete. The collection method should be proportional to what is actually at stake. Reserve physical collection and remote access for high-risk matters where completeness is non-negotiable.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article