Last month, National Football League special investigator Ted Wells delivered a shocking report about Miami Dolphins player Richie Incognito's bullying tactics aimed at teammate Jonathan Martin. At the heart of the report: More than 1,000 text messages, many of them outrageously explicit, that Incognito and Martin swapped between October 2012 and November 2013.
Wells most likely had access to both Martin's and Incognito's phones and possibly even backup laptops, which would hugely aid in the recovery of text messages. Yet some of these messages were no doubt deleted. How was Wells' investigative team able to access year-old deleted text messages?
For most CIOs, text messages on an employee's "bring your own device" phone are a blind spot. That is, text messages don't go through the corporate network and thus are unmonitored and presumed unrecoverable when deleted. Even phone companies supposedly don't store content of text messages.
"We just had a case last week where we were able to harvest and recover 8,000 text messages. They covered between 12 and 15 months of activity." — Paul Luehr, managing director at Stroz Friedberg
It is true that most IT departments lack the know-how to recover old or deleted text messages even if they're in possession of the devices, but that's not the case with mobile forensics experts armed with an array of new tools. They can pull thousands of deleted text messages from the distant past and unearth evidence that self-destructing message apps, such as Snapchat, leave behind.
Perhaps because of a false belief that deleted text messages stay buried, many people rely on text messaging to carry out their dirty work, such as stealing trade secrets and other intellectual property, violating non-compete agreements and committing fraud. Even Foreign Corrupt Practices Act investigations involving bribery and price-fixing regularly run into text messaging.
"Text messages are now involved in most litigation or investigations we encounter," says Paul Luehr, formerly a federal prosecutor and supervisor of the Internet fraud program at the Federal Trade Commission and current managing director at Stroz Friedberg, a global data risk management company with a cyber-crime lab.
CIO.com talked with Luehr, in hopes of shedding a little light on the secret world of deleted text messages and the forensics experts that recover them.
CIO.com: Can IT retrieve deleted text messages from any phone?
Luehr: It really depends on the make and model of the phone, in terms of how difficult it's going to be. Text messages are usually outside the normal monitoring of the IT department. They may not be going through the system at all, rather through the carrier in a phone-to-phone transaction. You really need to have access to one or more physical devices.
Sign up for Computerworld eNewsletters.