Mobile Forensics lets you automatically and transparently collect data from the Android devices of users in your organization.
With this capability in inSync, the enterprise IT, information security, and legal teams can facilitate eDiscovery requests and check for compliance breaches.
For more information about how to back up mobile forensics data from an Android device, see Back up and download mobile forensics data.
What are the capabilities?
Mobile Forensics provide the following capabilities:
- Collection of data and its associated metadata from Android devices with no end-user intervention.
- Additional settings for collection of text messages, browser history, call logs, device info, and third-party app logs. Additionally, mobile forensics enables eDiscovery on this data or continuous monitoring for adherence to compliance policies.
- Data collection according to the configured schedule for mobile devices.
- Ability to download collected data through the inSync Management Console or access the data via WebDAV.
What data is collected from Android devices?
- Text messages
- Call logs
- Device information
- Browser history
- Third-party app logs
inSync administrators can then access the data via WebDAV or download the data as a CSV file through inSync Web.
Note: Global folder and file exclusions will not be applicable while backing up forensics data on Android devices.
Who can access mobile forensics capabilities?
inSync Server administrator and profile administrator can do the following:
- Enable collection of mobile forensics by creating a profile or updating an existing profile.
- Download the mobile forensics data as a local copy through WebDAV access URL.
The legal administrator can view the mobile forensics data that is exposed via WebDAV.
Do I require a specific license for mobile forensics?
To access mobile forensics capability, you must have the Governance license that is available with the Elite editions of inSync On-premise.
How can organizations use mobile forensics data?
- Put the user on legal hold
To preserve the user's mobile forensics data and avoid data deletion, you can put the user on legal hold. When you keep a user on legal hold, the backup data for that user is excluded from compaction. inSync does not delete the mobile forensics data that is backed up from the user's Android device. Administrators can then analyze the user data by using eDiscovery tools. For more information on creating a legal hold policy and adding users to the policy, see Create a legal hold policy.
Download the mobile forensics data from the users on legal hold from the WebDAV access URL. For more information, see Access legal hold data using WebDAV.
Frequently asked questions
Can I back up forensics data if my Governance license has expired?
No, you need an active Governance license to back up forensics data for Android devices. If your Governance license has expired, the App Settings, Call Logs & Messages check box is disabled for selection. Additionally, you see the following message:
Is forensic data backed up for deleted users, disabled users, and users who are on legal hold?
If forensic data was backed up, then inSync will retain forensics data for such users. This data is available even for disabled users if these users are on legal hold within inSync.
Errors in CSV file after downloading the forensics data
Sometimes, you might encounter a few errors in the downloaded CSV file that contains the forensics data. See the following table for more information about the errors and their description:
|Not found||This error is displayed when the column does not exist. A few vendors do not have a particular column in the table, for example, App used field in Samsung devices.|
|NA||This error is displayed when there is an API version limitation. For example, App Install location is available only above API level 21. Anything below API level 21, the App Install location will be set to NA.|