Mobile device forensics most of the time runs by connecting to cables and adapters to let the suite/center catch out the inside data for evidence. If not necessary the devices do net get opened but this is a risk. The more components like drives, flash memory cards and SIM-modules get 'embedded' the more we risk to not recognize from the outside, that the inside was manipulated. Think about iPhones e.g. if the two Pentalobe srews were replaced by new ones, you would not expect, that the device was opened if not visible from outside. The more used a device the more non visible one can say. If mobile devices like the Apple line are getting expensive, the more they get repaired or memory expanded. So will miss the fact that inside are maybe 2nd-hand parts or cheap spare parts with different levels of quality and processing inside manufacturing.
So do we risk to build evidence by not recognizing that inside things changed?
Funny you should mention devices that may have been changed internally from noticing changes to the outside casing. I found this document useful on a case where it was said no one had touched the Tower and laptop since they were purchased yet both had different screws that were found not used by the Tower and laptop manufacturers. Identifying the proper name of the screws and their spec adds a small but nice touch to an investigator's report. Shows the investigator takes a thorough approach to his/her work during examination.
https://