Today the iPod is the most popular music device in the United States. Newer versions of the device act more like a PDA (Personal Desktop Assistant) than just a music player. They allow users to store such items as contact, calendar items, data files and the newest version allows for the storage of photos on a color screen. In 2004 Duke University gave out iPods to all incoming freshman and encouraged them to store their files, academic calendars, contacts and their homework assignments on the device.
The iPod connects via Universal Serial Bus (USB) or FireWire to the computer making it easy for users to copy the contents of an entire computer to their device. There are two versions of the iPod: a Macintosh version which uses the HFS+ file system and the Windows version that uses the FAT file system. With iPods storing up to 60GB’s of information it also makes it a very appealing tool for criminals. In 2001 and 2002 a gang of criminals in London defrauded auto dealers of luxury cars by hijacking someone’s identity and using the information to make loan free purchases. Authorities raided a home where some of these vehicles were parked. The incriminating evidence found at the scene was an iPod with stolen identities and contact information of criminal associates. This poses a threat to corporate IT Departments because it’s difficult to disable USB ports because most new peripheral devices (mouse, keyboard, printer, etc.) require the uses of these ports.
Secret Service records show that 80 percent of cybercrime cases involve an internal element, whether intentional or unintentional. Along with their use for information theft, iPods and other portable media storage devices can be used to spread viruses and child pornography. Chris Marsico and Marcus Rodgers from Purdue University’s Cyber Forensic Lab wrote a paper titled “IPOD Forensics” in 2005. This is one of the first documents on the subject available on the use of forensics with the iPod. They also tested commercial tools such as EnCase, Forensic Toolkit (FTK) and BlackBag's MAC Forensic Software. These tools were successful at the extraction of latent deleted files from the iPods. They were also successful even after the device had been reformatted once or several times between file systems. EnCase proved to be the most efficient at data recovery for the different versions of the iPod.
This is encouraging for corporate network security departments and forensic examiners. Now CIO’s and IT Managers will have to determine how to monitor and handle iPods as well as other portable storage devices such as CD’s and USB thumb drives within their organizations. I think it’s just a matter of time before an iPod or thumb drive holds the smoking gun in an e-discovery case. While the advancement of technology is good we must also realize the same technology will be used by criminals.
Sunday, August 20, 2006
Thursday, August 17, 2006
Native Production: An Efficient Manner of Producing Documents or a Pandora's Box?
As the landscape of electronic discovery continues to evolve, so to are the ways in which you can produce documents. Increasingly I am beginning to see a number of requests where opposing counsel is asking for all files or some files to be produced in their native format to review. Typically these requests at minimum will ask for Excels, Databases, and Power Points to be delivered in their native form. The reason being these types of programs don’t lend themselves to be easily reviewed outside of their native application. I am sure that a significant number of people reading this post have seen or have been involved in the nightmares of printing these types of files. I believe that native review is here to stay but before you begin handing over all of your native files to opposing counsel you will want to keep a few things in mind.
Typically one of the most asked for native documents are Excel spreadsheets. These files can be printed to TIFF but in most cases when you encounter a large spreadsheet following the flow of the columns and rows becomes a monumental undertaking. When producing natively you must keep in mind that you have the ability to assign a number to the actual file in the database but you will not have the ability to endorse the actual spreadsheet pages without altering the metadata and running the risk of spoliation. In addition, spreadsheets can typically have a lot of a company’s intellectual property embedded within the cells in the form of formulas used to do massive calculations. In its native form this information is readily accessible to the parties that you are producing to which can cause inside counsel to reach for the Mylanta.
On the other hand if you are opposing counsel and you are asking for native file production there are a few things that you will want to keep in mind. When electronic discovery providers print Excel files they typically expand all cells, show hidden rows and columns, and display all hidden text. When reviewing a native Excel file you may find that none of these things are evident and valuable information may be missed due to lack of expertise in manipulating Excel. Throughout my career I have seen spreadsheets that in their native form a fifth of the worksheet looks empty because the text is white on white. Without knowing that this was the case this information may have slipped through the cracks had the spreadsheet not been converted to TIFF.
In my opinion there are a few things that need to be addressed from a technology perspective in order to make native production a better method. The first would be the ability to lock down the native file to prevent IP from being readily accessible to opposing counsel in review. The second would be software that could be run on a native file to show hidden items, expand all cells, and display all hidden text. Finally, some type of software that would frame a native file with unalterable confidentiality language that can only be changed on an administrator level. Native file production will evolve with technology and will allow for less review time and more efficient production of documents. That being said, until technology evolves you will want to weight out the pros and cons of native production before agreeing to the production terms of your next matter in the 26(f) meeting.
Typically one of the most asked for native documents are Excel spreadsheets. These files can be printed to TIFF but in most cases when you encounter a large spreadsheet following the flow of the columns and rows becomes a monumental undertaking. When producing natively you must keep in mind that you have the ability to assign a number to the actual file in the database but you will not have the ability to endorse the actual spreadsheet pages without altering the metadata and running the risk of spoliation. In addition, spreadsheets can typically have a lot of a company’s intellectual property embedded within the cells in the form of formulas used to do massive calculations. In its native form this information is readily accessible to the parties that you are producing to which can cause inside counsel to reach for the Mylanta.
On the other hand if you are opposing counsel and you are asking for native file production there are a few things that you will want to keep in mind. When electronic discovery providers print Excel files they typically expand all cells, show hidden rows and columns, and display all hidden text. When reviewing a native Excel file you may find that none of these things are evident and valuable information may be missed due to lack of expertise in manipulating Excel. Throughout my career I have seen spreadsheets that in their native form a fifth of the worksheet looks empty because the text is white on white. Without knowing that this was the case this information may have slipped through the cracks had the spreadsheet not been converted to TIFF.
In my opinion there are a few things that need to be addressed from a technology perspective in order to make native production a better method. The first would be the ability to lock down the native file to prevent IP from being readily accessible to opposing counsel in review. The second would be software that could be run on a native file to show hidden items, expand all cells, and display all hidden text. Finally, some type of software that would frame a native file with unalterable confidentiality language that can only be changed on an administrator level. Native file production will evolve with technology and will allow for less review time and more efficient production of documents. That being said, until technology evolves you will want to weight out the pros and cons of native production before agreeing to the production terms of your next matter in the 26(f) meeting.
Subscribe to:
Posts (Atom)
