Digital forensics is a complex and ever-changing field that requires a lot of testing, tools and validation. This paper is written by experts in smartphone forensics who have many years’ experience in research, tool development, validation, testimony and who care about educating the community on the recommended steps to ensure mobile data is extracted, examined and reported in a manner that is trusted.

The authors of this paper stand shoulder to shoulder even though our backgrounds, organizations and jurisdictions differ. Many tools and methods exist to support smartphone forensics and no one tool is perfect. Depending on your mission or investigation, not all steps may be required. Equally, as a summary document, the steps listed here cannot be exhaustive and more research or guidance could be necessary.

The SANS whitepaper is written with the contribution by Belkasoft.

Authors: Heather Mahalik, John Bair, Alexis Brignoni, Stephen Coates, Mike Dickinson, Mattia Epifani, Jessica Hyde, Vladimir Katalov, Scott Koenig, Paul Lorentz, Christophe Poirier, Lee Reiber, Martin Westman, Mike Williamson, Ian Whiffin, and Oleg Skulkin