Re: Let me get this right
When I did my XRY cert (one of the other less worrisome mobile forensic tools since you need the passcode for the device for it to work) it could do an extraction from an iPhone without changing any data (except what is changed by the device itself in the normal operation) but Android devices had to change data on the device to extract data from it.
The legal side of this is done with the documentation of the steps taken and the impact that has on the device. As long as you're following a good process, they'll accept the changing of the device data as a consequence. The way XRY and other tools work prevent investigators from being able to write anything to the device while it was plugged in to the XRY box. The rest of your assurance is from the process with exact time stamps of where the device was etc. The police guidelines are not fit for purpose but they're usable. XRY is also idiot proof whereas the other Mobile Forensic Tools are not. As long as you can follow very simple instructions, you can use XRY.