Cellebrite, the mobile forensics company reportedly assisting the FBI to extract data from the iPhone in the San Bernardino case, has written a white paper noting that extracting the data is only part of the challenge. If law enforcement agencies are to be able to obtain convictions on the basis of that data, there are a lot of questions that have to be answered.
Just as it is for physical evidence, the admissibility of digital evidence depends on good handling procedures throughout the entire chain of custody. Each link on the chain is responsible for the proper preservation, collection, and documentation practices that demonstrate the evidence is as close as possible to its original state.
When evaluating whether a tool is forensically sound – whether its use can certify that evidence remains unchanged and that the resulting report is a true and accurate representation of what exists on the evidence device – here are four questions to ask:
Is it a tested theory or tool?
Has it been in