This past October, Craig Ball, an electronic discovery special master and a professor at the University of Texas at Austin, published a succinct guide to electronic discovery from mobile devices, Mobile to the Mainstream. Here's an even more succinct summary of the guide.
The average user of a smartphone spends 4 hours on the device each day. Two-thirds of all emails are sent using phones. Ball criticizes lawyers for treating mobile phones as devices that are only used for making phone calls. Smartphones do not necessarily need to receive special forensic reviews. Only active data should be collected, not latent artifacts. A cheap tool can be used to collect documents, spreadsheets, and presentations from mobile phones. Photos and videos can be collected with ease. Photos will be stored on most mobile devices in High Efficiency Image File Format. This files will have an .heic extension. Many e-discovery tools can't support this format.
Text messages are used for digital communications more frequently than emails. Unless the default setting is changed, an iPhone will keep its text messages indefinitely. Exporting messages and their attachments is not burdensome. The encoding should be changed to Unicode UTF-8 to capture emojis. An iPhone's call history and voicemail metadata can also be easily exported. Mobile calendar data is easier to export and redact than the same type of data found in .pst archives.
Data from apps can be stored as JSON, PLIST and SQLITE files. Geolocation data may be difficult to collect and review even if a user can access it easily. Federal law requires phones to broadcast their location in order to facilitate responses to emergency calls. Apple protects geolocation data and won't allow for a bulk export of the data. This data is also not backed up or stored in iCloud.
Ball has not been able to find a forensic tool that can collect data from multiple images of multiple smartphone simultaneously. He has used a $50 tool called iMazing effectively in mobile e-discovery. His mobile discovery scorecard tracks the difficulty of collecting and reviewing different types of evidence, and its potential relevance.