When a Forensic Exam of a Mobile Device May Be Warranted | Kilpatrick Townsend & Stockton LLP

With the evolution of technology, electronic communication – especially text messages – can often provide a wealth of evidence. While requests for email communications and collections from hard drives and networks are standard in today’s lawsuits, party text messages and mobile device collections are often overlooked. A closely tailored move to enforce forensics can be a valuable tool for analyzing the data on a party’s cell phone.

Foundation for Motion to Force

The procedural basis for the motion is based on Federal Rules 34 and 26(b). According to the Federal Rule of Civil Procedure 34:

A party may make a request to any other party within the scope of Rule 26(b)

(1) to provide and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party’s possession, custody, or control:

(A) any designated documents or electronically stored information – including writings, drawings, charts, graphs, photographs, sound recordings, images and other data or data compilations – stored in any medium from which information may be obtained, either directly or, if necessary, after translation by the responding party in a reasonably usable form[.]

Read:Google Chrome for Android has a snazzy new address bar in the works

Federal Rule of Civil Procedure 26(b) defines the scope of admissible discovery as follows:

… Parties may obtain discovery with respect to any non-privileged matter that is relevant to a party’s claim or defense and that is proportionate to the needs of the case, taking into account the importance of the issues at issue the amount of controversy, the relative access to relevant information, the resources of the parties, the importance of the discovery in solving the problems, and whether the burden or cost of the proposed discovery outweighs its likely benefits… .

In determining whether to grant a motion to enforce a forensic investigation of a party’s telephone, the court will assess whether the investigation “will reveal information relevant to the claims and defenses in the case and whether a such investigation is proportionate to the needs of the case given the mobile phone owner’s overriding privacy interest in the contents of his or her mobile phone.” In other words, the otherwise expansive scope of discoverable evidence is tempered by the privacy interest of the party to the device.[1] Pable v. Chicago Transit Authority, no. 19 CV 7868, 2021 WL 4789023, *2 (ND Ill. 2 Apr 2021). Therefore, “the requesting party must provide at least some reliable information that the statements made by the counterparty are misleading or materially inaccurate.” ID card.

Read:Google Play adds ‘Other devices’ tab to browse Wear OS, TV apps

Pable v. Chicago Transit Authority

In tablePlaintiff, a former employee of the Chicago Transit Authority (“CTA”) and his supervisor discovered a flaw in an application used by the CTA to provide alerts and service information to its public transit users. ID card. at 1. The flaw reportedly could have allowed unauthorized users to take over the application and place unauthorized warnings on the system. ID card. After the claimant’s supervisor attempted to hack into the CTA application to test the claimant’s theory, an investigation by the CTA determined that the claimant’s actions violated the rules, policies and procedures of the claimant. CTA, forcing the plaintiff to resign rather than resign. ID card.

During the discovery, the CTA requested all communications from the plaintiff with his supervisor regarding the alleged flawed application. ID card. Plaintiff captured an image of his phone and produced what he claimed to be all communications. ID card. Upon receipt of Plaintiff’s evidence, the CTA filed a motion to compel a forensic examination of Plaintiff’s phone. ID card. The CTA was able to cast doubt on the completeness of Plaintiff’s production by demonstrating that the amount of data produced by Plaintiff represented less than 1% of the phone’s storage capacity, and that it did not contain communications third-party applications, Internet browsing and/or search histories, audio or visual files, or any data associated with 151 of the 200 applications on the phone. ID card. At 3 o’clock.

Read:A Traveller’s Guide to Staying Cyber safe

Plaintiff argued that forcing him to make his phone for a second image would have been an extraordinary remedy, that he had already produced all communications from his phone, and the CTA had failed to demonstrate that he had withheld all communications. ID card. at 1.

The court granted the CTA’s request for enforcement based on the following: (1) the original imaging was performed without any opportunity for input from the CTA regarding the protocol performed for the imaging process; (2) the extremely small amount of the plaintiff’s production; (3) that the discovery sought – communication between Plaintiff and his supervisor about the application – touched the core of Plaintiff’s claim; and (4) that Plaintiff had no reason to invoke privacy concerns after already taking an image of the phone himself.


While the numerous red flags of Plaintiff’s original production paved the way for CTA’s request to enforce in this case, the potential value of targeted discovery from a party’s cell phone should not be discounted. In most cases, we have found that a non-forensic collection from a mobile device is sufficient. However, when doubts creep in about the veracity and completeness of the production of mobile devices, a forensic image can be justified.

[1] To see Advice on Rule 34, “[i]Inspecting or testing certain types of electronically stored information or a responding party’s electronic information system may raise confidentiality or privacy concerns.”

Previous post
Beck’s ‘Sea Change’ Turns 20
Next post
Airbus slams sceptical supplier Raytheon over jet output