By Alex Harmon

Mobile phones and other portable devices are a hotbed of activity in the electronic discovery industry.

Phones typically contain incoming and outgoing call logs, voicemails and text messages. These devices also utilize nearly every form of communication used on the Internet, including social networking sites such as Facebook and MySpace, as well as other more traditional instant messaging applications.

With the boom in popularity of smartphones such as the iPhone and BlackBerry, portable devices now send and receive massive amounts of business email and attachments. Mobile phones today also have a much higher storage capacity now than they did just a few years ago. Apple’s iPhone 3GS stores up to 32 gigabytes of data. Many other phone brands accept SD card-based flash media, allowing for potentially unlimited storage accessible to the device.

But what happens when a mobile phone is involved in a civil or criminal matter and that data needs to be extracted and analyzed? These devices can’t be overlooked as repositories of potential evidence. For example, take the downfall of former New York Gov. Eliot Spitzer, who was ensnared in a sex scandal with a high-priced prostitute. Many of the most salacious details of his activities were obtained because Spitzer, who is married, had a proclivity for communicating with the prostitute in question via text messages and email. In the end, the one-time Wall Street crusader was brought down by these text messages and emails, and he resigned the governorship in disgrace.

Obtaining this type of evidence is possible with program suites such as Paraben Corp.’s Device Seizure. Device Seizure allows for the capture of a phone’s soft data – the call history logs and text messages – as well as its underlying file system. This makes it possible to retrieve deleted text messages, emails and other items which otherwise wouldn’t be retrieved.

Paraben products also help with another problem: physically plugging a mobile device into a computer for the purposes of extraction. It may sound like this shouldn’t be a problem, but it is. Here’s why: In the last decade, hundreds of different mobile phone models and technologies have been introduced for several different platforms.

The Device Seizure Toolbox contains data cables, power adapters and other equipment which is compatible with hundreds of phone models, including the iPhone, Motorola’s RAZR and various BlackBerry models. Also included is equipment to capture data contained on a mobile phone’s SIM card.

Paraben’s StrongHold Box mitigates another troublesome area of mobile device forensics: When turned on, mobile phones will automatically connect to a cell network, but this can potentially destroy evidence.

For example, iPhone OS 3.0 includes a feature called “Remote Wipe” which allows users to destroy up to 32 GB of data with a simple remote command. Placed in a StrongHold Box, however, this remote command can’t be received by the phone. This allows a forensic acquisition to successfully take place.

Once data is retrieved from the device, a computer forensic investigator needs to know what he or she is looking at. Device Seizure allows for a basic review to happen. The CFI can browse through captured photographs, videos, emails, SMS and other data right in the program.

Once this first pass is complete, the data is exported and prepared for importation to a wide variety of applications. Other companies also produce software to capture and review data in the mobile space, including AccessData’s FTK Mobile Phone software.

Alex Harmon is a technology manager at Blank Law + Technology. He manages the firm’s network and systems infrastructure and provides electronic-discovery services, including the imaging, processing and searching of data.