In the unallocated space that exists in the background, we will be able to recover snippets of text messages or entire text messages if they still happen to linger there. With cell phones like the more modern iPhone, because of the encryption algorithms they use, the background information is all scrambled.
If the phone was backed up any place, a backup of those text messages can exist on the hard drive in both active and deleted form.
CIO.com: What about data from the phone companies?
Luehr: I haven't heard of any investigators going to the phone company for text messages. As I understand it, the most a phone company has is the meta data. Might even be at a higher level, such as X number of messages were passed, maybe the to and from, but probably not the content itself.
It's important to have access to the device and the laptop backup. With BYOD, it underscores the importance of having a thorough exit strategy whenever an employee leaves. If you think text messages are in play, you need to have some access to that device.
CIO.com: If you didn't have access to the BYOD phone, can you search for deleted text messages on the corporate-owned laptop used as a backup?
Luehr: Theoretically, you could but that's a dangerous proposition from a legal and ethical perspective. If it's truly a person's personal device and they have a reasonable expectation of privacy, you may be crossing a line when looking at that personal information, especially if it's just in a backup format.
CIO.com: Can you get deleted messages from Whatsapp, iMessage, Snapchat and others?
Luehr: We had a case that involved a conversation between different players in the game Words With Friends. The messages sent back and forth within that gaming environment ended up being relevant to the litigation. It depends on how the software is built. Many of them that have a messaging feature will have within their structure, either on the server or in the app itself, some type of database — a lot of them use a SQL-like database. If that database exists, then it's very similar to retrieving information from the mobile phone's messaging system.
Increasingly, we have more cases involving mobile devices and apps. I've learned that apps really run the continuum. One operates almost like the old terminal and mainframe type of environment, where the app is really a very thin client and doesn't have much substance. Other apps are storing a substantial amount of information on the phone. It's really just a programming choice, and we see it both ways.
Sign up for Computerworld eNewsletters.