This chapter covers the essential best practices for performing a mobile device investigation process accurately; we covered the important mobile forensics phases, starting from evidence intake to the archiving stage. The process described was based on the NIST guidelines for mobile device forensics. Even if it's true that technical examination may one differ from device to another, the examiner is always invited to adopt and roughly follow a consistent framework in order to produce repeatable, presentable, and defensible results.
In the upcoming appendix, we will present a step-by-step guide for preparing a forensic workstation based on Santoku Linux.