The case of former military advocate general Maj. Gen. (res.) Yifat Tomer-Yerushalmi continues to reverberate through the military and political establishments. After she was found safe and in good health on Sunday following a suicide scare, Tomer-Yerushalmi remains in custody as investigators attempt to determine the full extent of the leak involving abuse footage from the Sde Teiman detention facility — and who else may have known about it and remained silent.
Police believe her personal smartphone, thought to have been discarded at sea, contains key evidence related to the alleged leak of a video showing IDF reservists abusing a detained Palestinian terrorist. According to law enforcement sources, the leak was orchestrated and managed via a WhatsApp group of senior officers in the Military Advocate General’s Office, headed by Tomer-Yerushalmi.
3 View gallery
Former military advocate general Maj. Gen. (res.) Yifat Tomer-Yerushalmi
(Photo: Avigail Uzi, Shutterstock)
A trove of potential evidence
Investigators see the missing smartphone as a potentially critical source of information. While identifying suspects beyond those already named may prove difficult without access to the phone, investigators could still request her passwords for messaging apps and email accounts, which may grant access even without the device itself.
If the former legal chief used an iPhone and enabled WhatsApp’s automatic backup feature, law enforcement could use a court order to access her data. iPhones typically back up WhatsApp chats to Apple’s iCloud, meaning the device’s password could unlock the entire backup, including conversations.
But what happens if a suspect refuses to provide access? Can data still be recovered from a phone submerged at sea for 24 hours or more?
A race against corrosion
The recovery of digital evidence from smartphones is now central to criminal investigations, and forensic labs in Israel, Europe, the U.S. and China are all tackling the challenge of retrieving data from damaged devices. Israeli investigators, too, are racing to determine whether Tomer-Yerushalmi’s phone — if indeed it spent time underwater — can yield actionable intelligence.
While difficult, recovering data from physically damaged phones, even those submerged in water, is technically possible. Israeli labs with ties to law enforcement agencies report high success rates in retrieving information from phones exposed to water, fire or even severe structural damage.
3 View gallery
Volunteers seraching for former military advocate general Maj. Gen. (res.) Yifat Tomer-Yerushalmi's missing phone along Herzliya beach strip
(Photo: Yariv Katz)
If the device won’t power on, specialists may use advanced techniques such as “Chip-Off” (physically removing the memory chip) or “JTAG/ISP” (direct access to the motherboard) to bypass damaged circuits and extract data directly from the flash memory chip.
These methods are part of the global forensic toolkit used to crack encrypted or broken smartphones. Israeli firm Cellebrite, a global leader in mobile forensics, has long been central to this field.
The saltwater challenge
Yet, the phone’s suspected immersion in seawater poses a unique and significant obstacle. Saltwater is a strong conductor and accelerates corrosion, especially through electrochemical processes that degrade circuit boards almost immediately upon contact. Within 24 hours, corrosion can irreparably damage a phone’s motherboard and potentially sever the memory chip from the board.
If the phone was powered on when submerged, an immediate short circuit could have caused rapid and irreversible internal damage. If it was off, the degradation may have been slower — but corrosion still progresses over time.
Unlike traditional hard drives, which could sometimes survive prolonged submersion, flash memory chips are far more sensitive to this kind of destruction.
Still, hope remains. Many modern smartphones, particularly premium models, include water-resistant designs (IP ratings) that may delay water intrusion, especially into the core memory components. Some devices even survive beyond their rated limits; in one documented case, an iPhone thrown from a plane was recovered in working condition.
Encryption: the bigger hurdle
But the real challenge may not be physical damage, but encryption. Modern smartphones, both iOS and Android, are encrypted by default using Full Disk Encryption (FDE). The decryption key is usually not stored on the flash memory itself but in a separate security chip — such as Apple’s Secure Enclave or similar hardware in Android devices.
To access the data, forensic teams must reactivate key components of the original phone so that the chip can release the decryption key. One advanced method used in top-tier forensic labs is “board transplant,” where the memory chip — and sometimes the security module — is transplanted into a matching, functioning donor motherboard. If successful, this allows the system to boot briefly, release the key and retrieve the encrypted data.
Despite the steep technical hurdles, Israeli investigators have some of the world’s most advanced digital forensics tools at their disposal. Whether the phone will yield the evidence they seek — or has already been irreparably destroyed — remains a central question in one of the country’s most sensitive ongoing investigations.