Copyright 2026, Steve Burgess

Every so often I’ll sit across the Zoom from an attorney—or from a pro se litigant—who wants everything. Every text message the opposing party has ever sent. Every photo on their phone. Every search query. Every deleted file. Every app. Every cloud account. Of course, I’ve also had those calls where I think they don’t want enough. But they’re the boss here.

In other words, they want the digital equivalent of dumping every piece of dirty clothing on your teenager’s bed to find your missing sock. I understand the impulse. Somewhere in there might be the thing that wins the case.

But “it might be in there somewhere” is not how discovery is supposed to work. It’s also not how a forensic examination should work, because privacy doesn’t evaporate simply because someone becomes a party to a lawsuit.

This tension—between the legitimate need to discover relevant evidence and the very real privacy interests of the person whose device is being examined—sits at the center of much of the work I do. It’s worth understanding how courts actually navigate it, because the answer is more nuanced than either “produce everything” or “produce nothing.” Attorneys who understand that nuance generally get better results than those who don’t.

The starting principle in most jurisdictions is proportionality. Discovery requests, including requests for forensic examination of a device, are generally supposed to be tailored to what’s relevant to the claims and defenses in the case—not a fishing expedition through someone’s entire digital existence.

Courts have increasingly pushed back on requests for complete forensic images of phones and computers, particularly when narrower methods can capture the relevant evidence without exposing unrelated personal material.

A request for “all text messages with this specific person during this specific time period” tends to fare much better than “give me the phone.”

After all, if someone sued you over a fender-bender, you probably wouldn’t give them your garage door opener and let them check every shelf and rag just in case they find something useful.

This is where forensic protocols come in, and they’re more sophisticated than most non-experts assume.

A forensic examination doesn’t have to mean someone reading every photo and message on a device. Searches can be scoped by date range, keyword, contact, application, file type, or a combination of all of these. Privileged or clearly irrelevant material can be filtered before opposing counsel ever sees the results.

Courts will sometimes appoint a neutral third-party examiner—someone retained by neither side—specifically to address privacy concerns. The examiner produces only responsive material under a protocol agreed upon in advance. I’ve worked within that structure many times, and it tends to satisfy both the legitimate discovery need and the legitimate privacy objection, which is no small trick. Getting two opposing attorneys to agree on anything is occasionally harder than recovering data from a damaged hard drive.

There’s also a category of information that receives special treatment regardless of relevance concerns: health information, financial account credentials, privileged attorney communications, and in some jurisdictions, location data tied to sensitive activities. Courts are generally more protective of these categories, and a request that sweeps them in without specific justification is likely to draw a motion to quash—and probably deserves to.

The practical lesson for attorneys on either side of this issue is the same: be specific.

If you’re requesting examination of a device, define the scope as narrowly as the case allows. You’ll encounter fewer objections, spend less time arguing, and generally get faster compliance.

If you’re objecting to a request, propose an alternative that addresses the actual relevance concern rather than simply saying no. “No” by itself rarely survives a motion to compel for very long. Unless of course, it’s that aforementioned teenager.

Privacy and discovery aren’t really opposites. They’re both trying to answer the same underlying question: What information is actually necessary to resolve this dispute fairly?

The cases that move most smoothly are usually the ones where both sides—and their experts—keep that question in view instead of treating discovery as an opportunity to rummage through someone’s entire digital sock drawer.

And trust me, after examining thousands of devices over the years, I can assure you that most digital sock drawers contain exactly what you’d expect: lots of clutter, a few surprises, a number of screenshots of questionable provenance whose purpose has been lost to history, and almost never the thing you were originally looking for.

So, as an attorney, where do you usually draw that line when negotiating the scope of a forensic examination?

Steve Burgess is a digital forensics expert witness with more than 40 years of experience and over 20,000 devices and digital media examined. He is the principal of Burgess Forensics, founded in 1984.

Don’t miss a single issue of our informative newsletter … Subscribe!