When a forensic examination of a mobile device is warranted | Kilpatrick Townsend & Stockton LLP

As technology evolves, electronic communications – especially text messages – can provide a treasure trove of evidence. While requests for email and group communications from hard drives and networks are standard in today’s lawsuits, texting and groups from third-party mobile devices are often overlooked. Motion narrowly designed to force a forensic examination can be a valuable discovery tool for analyzing data on a party’s mobile phone.

Movement Foundation for Force

The procedural basis for the proposal is based on Federal Rules 34 and 26(b). Under Federal Law of Civil Procedure 34:

A party may make a request to any other party within the scope of Rule 26(b)

(1) To produce and permit the requesting party or its representative to examine, reproduce, test or sample the following items in the possession, custody or control of the respondent party:

(a) any specific documents or information stored electronically – including writings, drawings, graphs, graphs, photographs, sound recordings, images and other data or data compilations – stored in any medium from which the information can be obtained either directly or, if necessary, After translation by the respondent party into a reasonably usable form[.]

Federal Civil Procedure Rule 26(b) defines the permissible scope of discovery as:

… the parties may obtain a discovery on any unprotected matter that is relevant to any party’s claim or defense and is proportional to the needs of the case, given the importance of the issues in the suit, the amount in dispute, the parties’ relatives access to relevant information, the parties’ resources, The importance of the discovery in resolving issues, and whether the burden or expense of the proposed discovery outweighs the potential benefits…

In determining whether a request to compel a forensic examination of a party’s phone should be granted, the court will assess whether the test “will reveal information relevant to the claims and defenses in the case and whether such examination is proportionate to the needs of the case given the cell phone owner’s concern for privacy in the case.” the contents of his cell phone. In other words, the wide range of discoverable evidence is tempered by the party’s privacy interest in the device.[1] Babel vs. Chicago Transit Authority, No. 19 CV 7868, 2021 WL 4789023, *2 (ND Ill. Apr 2, 2021). For this reason, “the inquiring party must provide at least some reliable information that the adversary’s representations are objectively misleading or inaccurate.” ID.

Babel vs. Chicago Transit Authority

in Babylonthe plaintiff, a former Chicago Transportation Authority (“CTA”) employee, and his supervisor discovered a flaw in an application used by the CTA to provide alerts and service information to public transit users. ID. In 1. The bug allegedly could have allowed unauthorized users to take control of the app and post unauthorized alerts on the system. ID. After a plaintiff’s supervisor attempted to hack a CTA application to test a plaintiff’s theory, an investigation by the CTA determined that the plaintiff’s actions violated the CTA’s rules, policies, and procedures, forcing the plaintiff to resign rather than terminate. ID.

During discovery, the CTA requested all of the plaintiff’s communications with his supervisor about the allegedly defective application. ID. The plaintiff photographed his phone and released what he claimed were all of his communications. ID. After receiving the plaintiff’s statement, the CTA filed an application to compel a criminal examination of the plaintiff’s phone. ID. The CTA was able to discredit the completeness of the Plaintiff’s production by establishing that the amount of data produced by the Plaintiff reflects less than 1% of the phone’s storage, and that it does not contain reciprocal connections on third-party applications, web browsing and/or search logs, audio or video files Or any data associated with 151 of the 200 apps on the phone. ID. at 3 o’clock.

The plaintiff argued that forcing him to produce his phone for a second photo would have been unusual treatment, that he actually provided all communications from his phone, and that the CTA failed to show that he had blocked any communications. ID. in 1.

The Court agreed to the CTA’s motion to compel on the basis that: (i) the original imaging was performed without any opportunity for input from the CTA regarding the protocol implemented for the imaging process; (ii) the very small amount of the plaintiff’s production; (3) that the requested discovery – communications between the plaintiff and his supervisor about the application – went to the heart of the plaintiff’s claim; and (4) that the plaintiff had no basis for invoking privacy concerns after he himself had already photographed the phone.


While the countless red flags of the plaintiff’s original production set the stage for the CTA movement to force it into this situation, the potential value of targeted mobile detection should not be ruled out for any party. In most cases, we found the non-judicial mobile suite to be sufficient. However, when doubts about the reliability and completeness of the production of a mobile device creep in, a forensic photo may be justified.

[1] We see Guidance Notes for Rule 34,”[i]Disclosure or testing of certain types of electronically stored information or testing of a responding party’s electronic information system may raise confidentiality or privacy issues.”

Leave a Comment