Securing the evidence

With advanced smartphone features such as Find My iPhone and remote wipes, securing a mobile phone in a way that it cannot be remotely wiped is of great importance. Also, when the phone is powered on and has service, it constantly receives new data. To secure the evidence, use the right equipment and techniques to isolate the phone from all networks. With isolation, the phone is prevented from receiving any new data that would cause active data to be deleted. Depending on the case, sometimes traditional forensic measures, such as fingerprints or DNA testing, may also need to be applied to establish a connection between a mobile device and its owner. If the device is not handled in a secure manner, physical evidence may be unintentionally tampered with and may be rendered useless. It is also important to collect any peripherals, associated media, cables, power adapters, and other accessories that are present at the scene. At the scene of investigation, if the device is found to be connected to a personal computer, pulling it directly would stop the data transfer. Instead, it is recommended to capture the memory of the personal computer before pulling the device, as this contains significant details in many cases.