There are arguments on both sides of the issue of search of a cell phone incident to arrest. In the next 60 days or so, we will finally have a US Supreme Court decision on this issue.  The two cases being reviewed are U.S. v. Wurie (13-212) and Riley v. California (13-132).  I am not an attorney nor pretend to be one, but my opinion is that absent exigent circumstances, like computers, a search warrant will be required.  However, I would be pleased to see the justices define that seizure of volatile data can be done without a warrant.  Let me explain...

Technically speaking, there are numerous well known methods to keep a phone off the network upon seizure. I have talked about these methods in the majority of my training courses. Today, most mobile devices can effectively be isolated from the network to preserve the data on the device. This simple, yet crucial step in crime scene investigation procedures, gives the arresting officer or investigator the time to apply for, and obtain proper search authority (search warrant). Although many of these techniques have been known to law enforcement agencies as best practices when dealing with mobile devices, the fact remains that savvy users (suspects or defendants) have been known to remotely wipe their phones before the device data can be acquired, much less searched.

By now, everyone has heard about the different ways to "find your phone" if it is lost or stolen.  The average user also has the ability to remotely destroy the data on that device to protect it from prying eyes. Wouldn't you think it is reasonable to believe that someone under investigation (or even arrested), who has the opportunity to destroy incriminating evidence, might do that? 

In the spirit of preserving evidence, which can be (and is known to have been) remotely wiped prior to police seizing and searching that data, the justices would serve the people, and law enforcement alike, with an acknowledgement of the technical challenges and dynamic nature of data in mobile devices. A forward thinking court could define that it is reasonable to allow seizure of dynamic and volatile data contained within a cell phone, tablet, etc. (the container) without a warrant. At the same time, they can reiterate the protection of the Fourth Amendment protecting the actual review (search) of the that data until the issuance of a properly executed search warrant.

I am guessing the court will probably mention the existence of exigent circumstances to search cell phones. This can be easily addressed by simply reiterating that a search by a law enforcement officer without warrant may take place if exigent circumstances exists.

As the CNN article here states, "the Constitution's Fourth Amendment protects against unreasonable searches and seizures." In addition, it also states "the high court has repeatedly affirmed the government's discretion to conduct warrantless initial pat-downs and searches of people and vehicles -- to ensure officers' safety and prevent destruction of evidence."

With proper training, officers can be instructed how to keep a device off the network.  Keeping a device off the network, can preserve data until proper search authority is obtained for the search and recovery of cell phone data. However, since technology advances so quickly and due to the dynamic nature of data on mobile devices, I am certainly hoping for a forward-thinking decision by the justices which will not impede current investigative procedures.

Your comments are welcome!
I will be teaching the Cellebrite 5-Day Mobile Device Examiner Course at the North Miami Beach Police Department May 19-23, 2014 (registration link below).

The Cellebrite Certified Mobile Examiners Course is designed for the intermediate and advanced investigator / digital forensic examiner. This 5 day course combines the curriculum from the Cellebrite Certified Logical Operator (CCLO) and the Cellebrite Certified Physical Analyst (CCPA) Courses providing the participant with an intense exposure to Cellebrite UFED, Physical Analyzer Software and all of the core competencies associated with examination of mobile devices using Cellebrite’s Tools and methodology.  During the course two optional written exams and two optional practical skill challenges are administered and students may earn the Cellebrite Certified Logical Operator Certificate (CCLO) and the Cellebrite Certified Physical Analyst (CCPA), both of which are prerequisites for entering the Cellebrite Certified Mobile Examiner Process.

Back in January of this year, Cellebrite published an iOS application to help examiners identify phones in the field.  UFED Phone Detective is a simple tool for investigators to identify mobile devices, and determine what capabilities exist for extracting data from those devices.

The application is available for both iPhones and iPads with a graphical user interface which works very similar to the UFED Touch and UFED4PC device.  It allows you to search for vendors and mobile device names and even find out if Cellebrite can acquire the data even if the device is locked.

If you already have access to the Cellebrite portal, you will need to use your same credentials to access and use the application.  This is a nice and free tool to have for anyone involved in digital evidence investigations!

Here is a direct link to the iTunes store to get the app!