What is Forensic Triage for Smartphones?

When it comes to accessing digital data across devices, mobile phones are easily the most common devices that law enforcement, businesses, and military personnel will deal with. In the past, accessing critical files (e.g., law enforcement cases, business intelligence, etc.) involved physically unlocking and searching through devices. The problem, of course, is that accessing smartphones by physically entering the device can lead to data loss, file access issues, and an incomplete view of the device's digital archive.

Since tons of information contained in smartphones is buried in inaccessible portions of the operating system, relying on antiquated digital forensic strategies can lead to data loss.

So, how do you access these files intelligently without risking deletion or inaccurate reporting?

What is Forensic Triage for Smartphones?

Finding a way to gather data across mobile devices — which frequently vary in hardware components — without risking data contamination is a mission-critical aspect of data intelligence.

Forensic triage for smartphones (or mobile forensics) is the act of intelligently gathering data across mobile device providers to provide a top-down view of all of the crucial data contained in the device.

Of course, forensic triage can be applied to a wide variety of devices (e.g., computers, tablets, etc.) But, with over 70% of the entire world's population carrying mobile devices, law enforcement is more likely to run into a cellular device as opposed to a PC. This means that forensic triage is only valuable if it's capable of capturing data contained in these devices, as it's likely that this data is significant to criminal, business, or military investigations.

6 Features a Forensic Triage Tool Should Have

While the obvious reason that forensic triage is valuable is data gathering, there are some aspects of forensic triage that separate valuable solutions from difficult, overburdening solutions.

1. It should be easy. Since forensic investigators often have a backlog and a significant pipeline of projects to handle, forensic triage tools should be simple-to-use. This helps free up time and gives the solution value beyond capability (e.g., speed reduces employee time and costs). Features such as mobile preview or screenshots with OCR allow investigators quickly preview a mobile device on scene
2. Modularity. Since mobile devices are so common, forensic triage tools need to be modularly accessible. This gives law enforcement rapid access and military personnel the ability to quickly spread solutions. For example, the MDI Field Tablet, allows field investigators to quickly and easily collect evidence from mobile devices for mobile phone forensic analysis on scene.
3. Ability to access multiple devices. With Android and Apple users at a standstill, being able to access both operating systems gives flexibility. If a solution can only address one or the other, you're going to be left with a ton of devices that cannot be adequately analyzed.
4. Scalability. You need to be able to quickly scale operations to filter through terabytes of data if necessary.
5. Intelligent. Of course, it's essential that any forensic triage tool that is accessing smartphones is intelligent enough to sift through files contained across the device — including the operating system — rapidly without missing out on crucial information.
6. Searchable. There are GB of data stored on mobile devices. You need to be able to search for relevant data without having to mine through unnecessary files. That is why our search profiles which let you focus your investigation come in handy.

Each of these solutions is geared towards specific needs. Want to know which one is right for you? Compare our mobile forensic products.