Mobile device forensics is a branch of digital forensics which deals with extracting, recovering and analyzing digital evidence or data from a mobile device under forensically sound conditions. Simply put, it deals with accessing the data stored on devices which includes SMS, contacts, call records, photos, videos, documents, application files, browsing history and so on, and also recovering data deleted from devices using various forensic techniques. It is important that the process of recovering or accessing details from a device is forensically sound, if it has to be admitted in a court of law and to maintain the integrity of the evidence. If the evidence has to be admitted in a court of law, it is important that the original device is not tampered with.

As explained by Eoghan Casey in his book Digital Forensics and Investigation, forensic soundness is not just about keeping original evidence unaltered. Even the routine task of acquiring data from a hard drive using a hardware write-blocker may cause alterations (for example, making a hidden area of the hard drive accessible) on the drive. One of the keys to forensic soundness is documentation. Documenting how the device is handled from the beginning is very important. Hence, an investigation can be considered forensically sound if the acquisition process preserves the original data and its authenticity and integrity can be validated. Evidence integrity checks ensure that the evidence has not been tampered with from the time it was collected. Integrity checks are done by comparing the digital fingerprint of the evidence taken at the time of collection with the digital fingerprint of the evidence in current state.

There is a growing need for mobile forensics due to several reasons. Some of the prominent reasons are:

Mobile forensics on a particular device is primarily dependent on the underlying operating systems. Thus we have different fields such as Android forensics, iOS forensics, Blackberry forensics, and so on.