3 Methods of Mobile Device Extractions and the Data Each Contains

There are three types of extractions that may be performed on a mobile device: logical, filesystem, and physical. The feasibility of these three types of extractions depends upon the make, model and operating system of the mobile device.

What is a Logical Extraction?

The quickest and most supported extraction method, but also the most limited, is a logical extraction. In a logical extraction, the forensic tools communicate with the operating system of the mobile device using an API (Application Programming Interface), which specifies how software components interact. The forensic tools use these API’s to communicate with the mobile device’s operating system and request the data from the system. This process allows for the acquisition of most of the live data on the device, much like that of a live targeted collection of computer. The extracted data is output into a readable format.

The typical data available via a logical extraction are call logs, SMS (Short Messaging Service, commonly known as text messages), MMS (Multimedia Messaging Service, which are generally text messages with attachments or group text messages), images, videos, audio files, contacts, calendars and application data. It is possible to specify specific categories to collect, such as only SMS and MMS, but you cannot specify particular items in that category to only export. For example you can choose to extract SMS data, but all SMS will be collected not just conversations between specific people or phone numbers. All the data exported in these categories will be live data and will not have the possibility of containing any deleted data.

What is a Filesystem Extraction?

The next step up in extraction abilities is a filesystem extraction. The primary differentiator between logical extractions and filesystem extractions is the ability for the forensic tools to access the files on the mobile device’s internal memory directly instead of having to communicate through API’s for each type of data. This direct access allows the forensic tools to extract all files present in the internal memory including database files, system files and logs. Filesystem extractions are useful for examining the file structure, web browsing history and app usage history of a mobile device.

The most important part of a filesystem extraction is the full access to the database files on a mobile device. Numerous applications, such as iMessage, SMS, MMS, Calendar and others, store their information in database files. When a user deletes data that is part of a database, such as SMS, the entry within this database is marked as deleted and is no longer visible to the user. This deleted data remains intact within the database and is recoverable until the database performs routine maintenance and is cleaned up. Once this process occurs the data is no longer recoverable.

What is a Physical Extraction?

The most extensive but least supported extraction method is the physical extraction. Physical extraction is least supported because getting full access to the internal memory of a mobile device is completely dependent upon the operating system and security measures employed by the manufacturer like Apple and Samsung. A physical extraction from a mobile device shares the same basic concept as the physical forensic imaging of a computer hard drive. A physical extraction performs a bit-by-bit copy of the entire contents of the flash memory of a mobile device. This extraction allows for the collection of all live data and also data that has been deleted or is hidden.

By having a bit-by-bit copy, deleted data can be potentially recovered .This means that data that resides outside of the active user data and database files, such as: images, videos, installed applications, location information, emails, and more are able to be extracted and deleted versions of these items may be recovered as well.

Driven by the continued advancements in mobile technology, more and more people are using mobile devices as a primary work tool. The need for a BYOD policy or to collect these devices for eDiscovery and compliance purposes will continue to grow. Understanding the key differences in mobile device extraction methods can help prepare your team for the nuances of mobile discovery.

Attract & Retain Top Talent

With a rapidly changing industry, it's vital to offer the right compensation and set the right expectation. With our Salary Guide, get detailed job descriptions, industry insights and local salary data to equip your managers with hiring confidence and expertise.

Get your copy »

Get email updates about more content like this.

Comments

| Next articles in The Column blog |

Get the | foundation | you need to hire the best legal talent.

Request your copy of our 2018 Salary Guide »
GO NOW
LOAD MORE
LOAD MORE
LOAD MORE
LOAD MORE
LOAD MORE
March 08, 2018

Press For The Progress That You Deserve: International Women’s Day 2018

The 2018 International Women's Day theme is #PressforProgress, which unquestionably means different things to different people. However, I think it's safe to say that most all women support gender equality and equal pay, and want to work in a safe environment where they feel valued for their professional contributions. While the legal field is certainly not immune to gender parity issues, being a female and an attorney does not necessarily mean you're forever disadvantaged against your male counterparts.
Read Post »
March 01, 2018

Looking for the Summer Internship of a Lifetime?

If a summer internship that invites you to meet, travel and learn from Fortune Global 500 company executives sounds like your idea of a valuable experience, our CEO for One Month program is the one you've been searching for. This program invites top interns to compete for a chance to go straight to the top of our Global Fortune 500 parent company, the Adecco Group, as the CEO for One Month. And we should mention - the top contender takes home a $10,000 paycheck. Here's how it works.
Read Post »
February 22, 2018

Organize Your Life: Technology to Keep You On-Track in 2018

It's the new year, and many people are setting goals to be more organized and on-schedule in 2018. If you're a busy lawyer or law student, it can sometimes be difficult to keep track of all your responsibilities, deadlines and goals on a daily basis. Technology can play a big role in helping you stay on task and meeting your education, job and personal goals. Here are some technological resources that can help you stay organized and reach all your goals in 2018.
Read Post »
LOAD MORE