Active Incident? 24/7 Response →
SleuthX

For Attorneys

Collecting Text Messages and Mobile Data for E-Discovery (Defensibly)

Mobile data is discoverable and easy to spoil. The preservation and collection duties, why unsupervised self-collection draws sanctions, and what defensible looks like.

All articles·8 min read·June 24, 2026

Mobile data is discoverable — and easy to spoil

Text messages, chat-app threads, and the data riding alongside them are squarely within the reach of modern discovery. They are also among the easiest evidence to lose: phones auto-delete, get reset, and roll over their storage. Collecting them in a way that holds up takes a deliberate method and counsel's oversight from the start. This is informational, not legal advice; build the collection plan to your matter and jurisdiction.

The rules that govern collection

Federal Rule of Civil Procedure 34treats mobile ESI like any other discoverable material and calls for production in a reasonably usable form — which a screenshot, stripped of metadata, often is not. Rule 37(e) supplies the consequences: if messages that should have been preserved are lost because a party did not take reasonable steps, the court can order measures to cure the resulting prejudice, and on a finding of intent to deprive may instruct the jury to draw an adverse inference. The duty to preserve, as Zubulakeestablished, attaches when litigation is reasonably anticipated — and it falls on counsel, not just the client, to see that it is honored.

Why unsupervised self-collection is the trap

The tempting shortcut — let the client gather their own texts — is exactly the practice courts have punished. In DR Distributors, the court imposed substantial sanctions after counsel failed to supervise the client's self-collection and relevant chat-app messages were lost. The lesson is not that clients are dishonest; it is that self-collection without oversight is not a defensible method. Counsel has an affirmative duty to understand where the data lives, to direct a sound collection, and to verify it happened.

What a defensible collection looks like

The hold comes first

Most spoliation problems are preservation problems wearing a collection costume. Get the litigation hold out early and make it specific to mobile devices and apps; a phone reset two weeks before production is far cheaper to prevent than to explain. A defensible collection done well also produces evidence you can authenticate — see chain of custody for litigators.

What this means for your matter

If text messages will matter, treat their collection as a litigation task with counsel in the loop, not an errand for the client. A defensible mobile collection — the kind e-discovery services for law firmsare built to deliver — protects both the evidence and the lawyer who has to certify the production.

Sources

  1. Legal Information Institute, Cornell Law School, Federal Rule of Civil Procedure 34 — Producing Documents, Electronically Stored Information. https://www.law.cornell.edu/rules/frcp/rule_34
  2. Legal Information Institute, Cornell Law School, Federal Rule of Civil Procedure 37 — Failure to Make Disclosures or to Cooperate in Discovery; Sanctions (37(e)). https://www.law.cornell.edu/rules/frcp/rule_37
  3. U.S. District Court for the Northern District of Illinois (Johnston, M.J.), DR Distributors, LLC v. 21 Century Smoking, Inc., 513 F. Supp. 3d 839 (N.D. Ill. 2021). https://www.govinfo.gov/app/details/USCOURTS-ilnd-3_12-cv-50324
  4. U.S. District Court for the Southern District of New York (Scheindlin, J.), Zubulake v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003). https://en.wikipedia.org/wiki/Zubulake_v._UBS_Warburg

Related services

Meet Your Practitioner

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response
Quinnlan Varcoe, Founder & CEO

Collecting texts defensibly: quick answers

Certified Expertise

GIAC · AWS · Splunk · CompTIA

Transparent pricing

Trusted by partners across the practice

DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management
DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management