It is important to write-block a phone before doing forensic analysis to make certain data is not copied to the phone.

Preventing any writes to the device during analysis is essential to preserve evidence integrity. A write blocker stops data from being written to the phone, so the device’s state remains exactly as it was at seizure. Even just opening or accessing data can trigger the phone or its OS to update logs, timestamps, or other artifacts, which would alter the evidence and undermine the admissibility of the findings. By ensuring no writes occur, you maintain a defensible chain of custody and produce a forensic image that truly reflects the original data. While some devices or situations may limit perfect blocking or require different acquisition methods, the principle remains: write-blocking helps guarantee that nothing on the phone changes during examination.