of waiting days or weeks to obtain the evidence
3. First responders and investigators would be
able to leverage their own knowledge of a case,
including physical evidence and interviews they
conduct, to find the relevant mobile data.
4. Over the long term, more officers with basic
mobile forensics skills will be better equipped to
respond to “cyber” crimes and evidence. They
can communicate more effectively with forensic
specialists and even be in a position to move
more easily into specialist roles in the future.
Improving officer professional development in
this way enhances a law enforcement agency’s
Establishing a Practical Model for Mobile
Device Search Incident to Arrest
The cornerstone of the Court’s ruling is that unlike
other property that can be subject to warrantless
search incident to arrest, absent exigency, mobile
device data cannot constitute an immediate threat to
officer or public safety, and can be preserved without
To ensure that first responders and investigators
make the proper judgment calls when seizing a
subject’s mobile device, a mix of training, policy, and
equipment is needed.
Training informs law enforcement professionals
about the wide variances in mobile device platforms,
operating systems, chipsets, security, and other issues.
Officers learn how to protect the device from the
network and, in doing so, preserve the data from
being remotely wiped or otherwise altered. Training
also teaches them how to document each action they
take, serving as a foundation for the forensic search.
Policy, including an agency’s own standard operating procedures or guidelines, supports training by
providing guidance that is consistent with local and
state laws and processes. It helps to prevent abuse
and enforces standard evidence collection practices.
It also enables investigators to provide testimony
and evidence that meets legal standards and that is
admissible in criminal proceedings.
Policy should empower investigators to judge
when to seek a search warrant, when to perform
a basic search for themselves, and finally, when to
escalate a device to a forensic specialist for further
analysis. Investigators and first responders should be
able to use their first-hand case knowledge to make
critical decisions regarding mobile device evidence.
Policy should also be backed up by the technological ability to enforce it. Forensic specialists should
be able to administer data extraction capabilities to
frontline personnel, including the ability to grant
data extraction privileges that can limit the extent to
which first responders or investigators can search device data—even apart from the particularity outlined
in a warrant.
Finally, the technology that agencies supply to
their officers must be flexible and easy to use, with
a clear and simple enough interface that can be
deployed in as little time as possible following legal
authorization. The extraction equipment needs to
support extraction from a large variety of mobile
devices, operating systems, and apps in order to be
Arguably, the Riley warrant requirement validates
the importance of mobile forensics to law enforcement investigations and safeguards law enforcement.
By having to show the device and its data as a nexus
to a crime, police can build a much more solid case
against a suspect. “Fishing expeditions” don’t just
pose legal challenges: on a practical level, they only
add to the glut of information that investigators
must sift through as they establish facts, follow up on
leads, and seek suspects. By contrast, having enforceable policy and clear training, with technology to
support both, ensures the proper balance between
government investigation and citizen privacy interests.
Christa M. Miller is the Director of Mobile Forensics Marketing at Cellebrite. She has worked for more
than ten years as a journalist, specializing in digital
forensics and other high-tech topics for public safety
trade magazines. Miller has a B.A. in Economics from
Whittemore School of Business and Economics at the
University of New Hampshire and is based in South