Iphone Data Collection for eDiscovery
Concord can collect data from Apple Iphone or Samsung at our facility for only $395.00 … or Concord can send a mobile kit to collect your Iphone or Samsung at your business anywhere in the United States (costs from $1500-$2500).
Remote collection of iPhones for eDiscovery (electronic discovery in legal contexts) is a process used in litigation, investigations, or compliance matters to gather relevant data from mobile devices without requiring physical shipment or on-site handling. This approach is particularly useful for preserving chain of custody, reducing costs, and minimizing disruption. Collection uses forensic eDiscovery software and requires the custodian’s (device owner’s) consent or cooperation to comply with privacy laws and avoid unauthorized access.
CONCORD supports the collection and processing of data from mobile devices, such as cellphones and tablets, directly onto our portal. Attorneys & our investigators can move efficiently from device access to searchable evidence. • Mobile device acquisition can be initiated from within the Sources and Welcome tabs, allowing attorneys / investigators to acquire and process data from supported devices within the broader CONCORD attorney workflow, without utilizing external tools. • The acquisition method covers iOS and Android devices, old and recent versions. • Mobile device acquisition requires the device to be unlocked and authorized for access. • Acquisition is based on common mobile OS backup protocols, resulting in a non-invasive extraction method with a minimal device footprint. On iOS, the iTunes Backup protocol is used. On Android, the Android Debug Bridge is used. • Results are gathered in a CONCORD Acquisition file (.ida file extension), which can be processed.. • Collections typically capture user data such as call logs, text messages, browser histories, installed apps, and more. • The collection also captures WhatsApp chat databases. Future releases will expand this to more third-party apps. • Note: this extraction captures user-level data available through logical access. Full file system imaging, physical
Key Steps in the Process
- Planning and Scope Definition: Legal teams identify the relevant data types (e.g., messages, emails, photos, app data like iMessage or WhatsApp) and custodians. They assess device management (e.g., corporate-owned via MDM—Mobile Device Management—or personal). For iPhones, Apple’s security features limit full remote access, so collections focus on accessible data like backups or specific apps.
- Custodian Notification and Consent: The device owner is informed via legal hold notices. They must actively participate, often by following instructions from the eDiscovery tool provider. This ensures the process is defensible in court.
- Remote or Local Data Collection: Concord uses top collection software used worldwide (e.g., Cellebrite, CrossCopy Mobile), a secure connection is established. This might involve:
- Sending a one-time secure link to the custodian, who accesses it via their phone’s browser to select and upload data.
- A brief initial wired pairing with a computer (e.g., via USB) for authentication, followed by wireless collections over Wi-Fi.
- No permanent app installation is needed; data is transferred directly to a secure cloud environment controlled by the legal team (e.g., AWS or Azure).
- For corporate devices, MDM tools can enable broader remote access.
- Data Extraction: Collections can be targeted (specific apps or files) or full (e.g., iTunes/iCloud backups). The tool logs all actions, verifies files with hashing, and preserves metadata for authenticity. Data is encrypted during transfer to maintain privacy and compliance (e.g., GDPR or CCPA).
- Review and Integration: Collected data is integrated into eDiscovery platforms for processing, review, and production. Audits ensure the process is forensically sound.
Considerations
- Limitations: iOS security (e.g., encryption) may restrict access to certain data without passcodes or biometrics provided by the custodian. Full forensic imaging often requires physical access.
- Best Practices: Engage certified vendors for defensibility. Remote methods are faster (often same-day) and more cost-effective than shipping devices.
- Legal Compliance: Always conducted under court orders or agreements to avoid privacy violations.
