Data Recovery & Collection: Mobile Devices

Have you got a bunch of important messages on your phone and you’re wondering how you can store this data for safe-keeping.  Have you experienced an incident that has made you feel unsafe, and your wondering how to make a record of it to report it to your employer, school or police.

if you type into google ‘templates incident report’ you’ll find a bunch of example documents that you can use to make something that suits your purposes.

However; one of the problems might be that if you’re simply writing things out, perhaps the matter won’t be taken seriously…  not what anyone wants.

For this reason, and many others, below is an outline of how to get data out of your phone.   We’ll also cover the process just in-case you’ve ‘accidentally’ deleted important data on your phone already.  whilst the method is not 100% successful, it’s a process worth trying out, just in case it makes your life easier.

We’ll just focus on Android and iOS. Whilst there’s a few other options out there; the majority of the case, it’ll be one or the other.

Data collection off most “smart phones“, is most-often handled by some-app that’s connected to it; whether that be facebook, gmail, twitter or several photo apps, etc.  these systems all store the data within their apps and so, its alot more complicated to think about how to retrieve anything that may have been deleted within those apps; and indeed, the data is stored on the ‘cloud service’, in which case – its’ better to figure out how to download a copy.

However; Things like SMS’s & Call Logs are a little different.  these are generally not stored as part of a cloud-service and need to be retrieved from the phone.

PART 1: Lets start with a situation where the data you want has been deleted;


Try not to use it and do not download anything to the phone in an attempt to get that data.

when a user tells the operating system managing the device to delete something, it’s generally not deleted.  it’s just ‘marked’ for deletion and is no-longer available through the graphical user-interface of the computer, making it ‘deleted’ as far as most people would know.  The space is then ‘freed-up’ which means the operating system knows that the area of the storage device used previously to store that data; can now be over-written with something else.

Whilst the process of writing to the storage device does not necessarily write over that specific part, its not really very controllable.  Sometimes data can remain for years; in other cases, it can be overwritten very, very quickly.

data recovery’ applications that seek the user to download something to the same disk; aren’t the types of tools you want to use.


Find an application that works on a Laptop or Desktop Computer. A simple example of how to do this is to type into google ‘iPhone Data Recovery’ or ‘Android data recovery’.

Features you may want to look for;

– What types of data application supports retrieving.

– What formats the application outputs the records.

The benefit of obtaining data in a format such as CSV is that the data is thereafter more easily consumed by analytics tools to have a better look into what’s been going on; or how to present that, to others seeking evidence.


Plug your mobile device into your computer & download the data.


Make a copy of the data for back-up purposes, and do what you want with the working copy of the recovered data.

PART 2: Data that is still on the phone, and you don’t need to worry about any deleted records.

So, if the data is already on the phone and the whole ‘recovery’ process is unnecessary, then you’ll find a bunch of apps online that will work with your phone, on your phone, to collect and upload your data to a nominated location.

Importantly; if, you need to make a point about something – an issue you might want to consider is that the ‘metadata’ stored in the files is more easily manipulated when you take that data off the phone.  Whilst data-records like call-logs remain on the phone; it’s far, far more difficult to manipulate these records.  Therefore; in-terms of ‘evidence collection’, you might find taking a ‘screenshot’ of the data on the phone – to be an important part of your data-collection process.

Similar to the above examples – search google for ‘snapshot android’ or ‘snapshot iOS’ and the method to do so can easily be found.

PART 3: I’ve got voice-mail messages; and, the provider won’t give them to me.

The method i’ve found to obtain a copy; has been to use an audio recorder app, put the phone onto speakerphone, and whilst the audio-recorder is working; call the voicemail service and record the messages, including the information about when they were created, etc.

Once you have obtained these messages; use a audio editing application on a desktop or laptop computer and be sure to add the information about when the recording was made, etc.

Concluding remarks.

once you have the data you need, you might find it helpful to log the records chronologically; and have a look at any available metadata that might be available to you, to further illustrate a clearer picture to those who need to know.  Obviously, undertaking these sorts of tasks on innocent, unsuspecting 3rd parties without their knowledge is most likely, illegal, but moreover a gross breach of privacy and indeed trust.  In some cases, it may be that someone needs help to do these sorts of tasks; in which case, it’s recommended that any would-be ‘good samaritan’ goes about doing it, on the data-owners equipment as to ensure, no lazy copies end-up floating about unnecessarily.