As the litigation support administrator for Fredrickson & Byron, consisting of more than 200 attorneys in four offices, I lead the firm's litigation support department and manage a team of four litigation support professionals. I am the primary driver of litigation support technology and responsible for the implementation and maintenance of the litigation technology infrastructure.
INEFFICIENCIES IN TODAY'S E-DISCOVERY PROCESS
Because of an expanding caseload, we needed to integrate a variety of media -- including paper and electronic files -- into a centralized management system. Each person on the case also required up-to-date information on case schedules, correspondence completed or needed, and pleadings filed.
To support this caseload, we, like many firms, developed a homegrown manual and paper-based approach; with people printing out and filing information in physical cabinets and storage facilities. Because much of today's information is digitized, we also incorporated electronic files into this process.
While this approach was viable for our current needs and the firm's traditional approach to working on cases, it wasn't strategic for our growing needs. Our approach significantly increased our costs without giving us the features and functionality we needed: Our costs increased when attorneys communicated to the litigation support staff about the technology; project requirements and related phone and e-mail conversations were located in different places; individual files had numerous duplicate documents; errors that should have been caught unfortunately ended up in pleadings and motions; important deadlines were missed or met at the last minute; and manual processes that could have been automated by computer only increased our work.
Furthermore, our system support costs were high. I spent an inordinate amount of time, sometimes up to 90 minutes a day, on phone calls between the litigation support team and vendors taking a "real-time" pulse check of all active projects. My team also managed support calls assisting attorneys, paralegals and other staff members with technical support on how to use the system.
Because our cases weren't centrally organized, attorneys often couldn't find the documents they were searching for. We tried point solutions -- such as case management software, administrative software and Westlaw -- but none gave us an integrated view.
Faced with an overworked litigation support department, as well as an inefficient manual- and paper-based approach, I hunted for an automated platform to help my team streamline our current inefficient processes and more effectively manage the discovery process. The platform needed to set up repeatable processes, facilitate both internal and external collaboration, disseminate information and establish business rules and pricing for vendors.
To view entire article: click here
---------------------------------------
Source: Law.com
Monday, April 30, 2007
Microsoft Calls E-Discovery, Records Management Inseparable Halves
What’s the worst that could happen when your records go unmanaged? Ask Microsoft, which spends an average of US$ 20 million for e-discovery per litigation, according to one company exec.
E-discovery made headlines last year when the US Federal Rules of Civil Procedure were amended to require that certain e-discovery issues must be brought up and agreed-upon at the beginning of legal proceedings. Issues include the format of documents, how they’re preserved and who receives access to them.
Microsoft records management analysis manager Rachaele Heade describes e-discovery and records management as two sides of the same coin.
“When someone says they can’t find the return on investment (on a records management process), I so disagree,” she said at the CA World 2007 panel discussion in Las Vegas. She adds that the success of a company’s e-discovery strategy relies on the strength of its records management function.
While this news may register as unsurprising, it does not come unaccompanied with a certain degree of pain. A recent AIIM survey shows businesses are still not savvy to records management. Recently, Gerry McGovern noted even critical data properly filed may reflect shoddy quality because enterprises lack experience managing content.
James Daley, litigation attorney and founding member of Minneapolis, Minnesota-based Redgrave, Daley, Ragan & Wagner LLP, agrees with Heade’s two-sides characterization. Organizations should think proactively about records management if they want to pave the way for stress-free e-discovery down the road, he notes.
“You’ve got to treat the disease, not the symptom. E-discovery risk and sanctions are a symptom of unmanaged electronic information, particularly e-mail and office content,” Daley adds.
Responding to what has become an expensive backlog of cases that need attention, Microsoft integrated records management into the annual job review of its executive VP’s, tying it intimately to their bonuses.
Daley agrees with this effort. Large companies ought to create a position or a multi-disciplined team that can allocate attention specifically to records management. That way they can create a process that is systematic, uniform and repeatable, he explained.
At present Microsoft’s staff can measure the degree of their compliance with self-assessment tools designed for different tiers within the organization. Heade notes that successful implementation of a solution also involves a certain manner of training, with face-to-face training preferred over online styles.
To view entire article click here
---------------------------------------
Source: CMSNewswire
By Angela Natividad
E-discovery made headlines last year when the US Federal Rules of Civil Procedure were amended to require that certain e-discovery issues must be brought up and agreed-upon at the beginning of legal proceedings. Issues include the format of documents, how they’re preserved and who receives access to them.
Microsoft records management analysis manager Rachaele Heade describes e-discovery and records management as two sides of the same coin.
“When someone says they can’t find the return on investment (on a records management process), I so disagree,” she said at the CA World 2007 panel discussion in Las Vegas. She adds that the success of a company’s e-discovery strategy relies on the strength of its records management function.
While this news may register as unsurprising, it does not come unaccompanied with a certain degree of pain. A recent AIIM survey shows businesses are still not savvy to records management. Recently, Gerry McGovern noted even critical data properly filed may reflect shoddy quality because enterprises lack experience managing content.
James Daley, litigation attorney and founding member of Minneapolis, Minnesota-based Redgrave, Daley, Ragan & Wagner LLP, agrees with Heade’s two-sides characterization. Organizations should think proactively about records management if they want to pave the way for stress-free e-discovery down the road, he notes.
“You’ve got to treat the disease, not the symptom. E-discovery risk and sanctions are a symptom of unmanaged electronic information, particularly e-mail and office content,” Daley adds.
Responding to what has become an expensive backlog of cases that need attention, Microsoft integrated records management into the annual job review of its executive VP’s, tying it intimately to their bonuses.
Daley agrees with this effort. Large companies ought to create a position or a multi-disciplined team that can allocate attention specifically to records management. That way they can create a process that is systematic, uniform and repeatable, he explained.
At present Microsoft’s staff can measure the degree of their compliance with self-assessment tools designed for different tiers within the organization. Heade notes that successful implementation of a solution also involves a certain manner of training, with face-to-face training preferred over online styles.
To view entire article click here
---------------------------------------
Source: CMSNewswire
By Angela Natividad
Court Defers Ruling on Motion to Compel and Allows Rule 30(b)(6) Deposition of IT Designee Regarding Defendant's Email Deletion Policy and Procedures
Wells v. Xpedx, 2007 WL 1200955 (M.D. Fla. Apr. 23, 2007)
In this employment discrimination case, plaintiff sought the production of email of seven Xpedx employees during various time periods. Plaintiff contended that defendant implemented a new email deletion policy in 2003, under which emails were deleted within 90 days of creation, unless designated for retention. Plaintiff asserted that, under defendant's policy, an email "that is automatically deleted by the system can not be restored except with the expressed consent of a member of the company's legal or tax departments." Plaintiff further contended that defendant's archive system, "legal hold" folders, and defendant's permanent back-up computer system may contain copies of the requested emails. Thus, plaintiff sought permission to take the deposition of defendant's corporate representative for information technology regarding defendant's email deletion policy and procedures for retrieving deleted emails. Plaintiff argued that this would allow the parties to determine the existence of deleted emails and if defendant destroyed any evidence relating to plaintiff's claims.
In response, defendant argued that it had produced all relevant emails. Defendant also stated that, as a result of its email policy, any emails that were not specifically preserved within 90 days of their creation were deleted. Defendant further argued that a deposition to inquire about its email deletion policy would be redundant and unnecessary because defendant had already provided plaintiff with a copy of its email deletion policy.
The court observed that electronic data, such as emails, are discoverable, and that “[d]eleted emails are, in most cases, not irretrievably lost.” The court noted that “[d]eleted emails may remain on a computer hard drive, servers or retained on back-up tapes.” Citing Peskoff v. Faber, 240 F.R.D. 26 (D.D.C. 2007), the court stated: “The producing party has the obligation to search available electronic systems for deleted emails and files.”
The court found that the record was insufficient to determine whether defendant had produced all responsive documents to plaintiff's requests, and whether responsive documents existed elsewhere in defendant's records which might be accessed electronically:
Although Defendant alleges that all responsive emails have been produced to Plaintiff, Defendant has not provided an affidavit or other specific evidence regarding the scope of Defendant's search of its electronic depositories for responsive documents, including information concerning the source of the electronically stored information by category and type. Nor has Defendant provided adequate information regarding Defendant's email deletion policy, or the procedures for storage and retrieval of deleted emails, files, hard drives, archives and backup tape systems to allow Plaintiff to evaluate the likelihood of finding responsive information. Thus, the court will grant Plaintiff's request to take the deposition of Defendant's corporate representative for information technology, not to exceed four hours. To minimize costs, Plaintiff shall conduct this deposition telephonically and within the next 30 days.
The court further directed that, after the deposition, the parties should confer in good faith in an effort to resolve their disputes. If, after conferring, the parties were unable to resolve the issues raised in plaintiff’s motion concerning the email discovery requests, plaintiff was directed to file a notice with the court describing the remaining disputes.
To view entire decision: click here
---------------------------------------
Source: eDiscoveryLaw.com
In this employment discrimination case, plaintiff sought the production of email of seven Xpedx employees during various time periods. Plaintiff contended that defendant implemented a new email deletion policy in 2003, under which emails were deleted within 90 days of creation, unless designated for retention. Plaintiff asserted that, under defendant's policy, an email "that is automatically deleted by the system can not be restored except with the expressed consent of a member of the company's legal or tax departments." Plaintiff further contended that defendant's archive system, "legal hold" folders, and defendant's permanent back-up computer system may contain copies of the requested emails. Thus, plaintiff sought permission to take the deposition of defendant's corporate representative for information technology regarding defendant's email deletion policy and procedures for retrieving deleted emails. Plaintiff argued that this would allow the parties to determine the existence of deleted emails and if defendant destroyed any evidence relating to plaintiff's claims.
In response, defendant argued that it had produced all relevant emails. Defendant also stated that, as a result of its email policy, any emails that were not specifically preserved within 90 days of their creation were deleted. Defendant further argued that a deposition to inquire about its email deletion policy would be redundant and unnecessary because defendant had already provided plaintiff with a copy of its email deletion policy.
The court observed that electronic data, such as emails, are discoverable, and that “[d]eleted emails are, in most cases, not irretrievably lost.” The court noted that “[d]eleted emails may remain on a computer hard drive, servers or retained on back-up tapes.” Citing Peskoff v. Faber, 240 F.R.D. 26 (D.D.C. 2007), the court stated: “The producing party has the obligation to search available electronic systems for deleted emails and files.”
The court found that the record was insufficient to determine whether defendant had produced all responsive documents to plaintiff's requests, and whether responsive documents existed elsewhere in defendant's records which might be accessed electronically:
Although Defendant alleges that all responsive emails have been produced to Plaintiff, Defendant has not provided an affidavit or other specific evidence regarding the scope of Defendant's search of its electronic depositories for responsive documents, including information concerning the source of the electronically stored information by category and type. Nor has Defendant provided adequate information regarding Defendant's email deletion policy, or the procedures for storage and retrieval of deleted emails, files, hard drives, archives and backup tape systems to allow Plaintiff to evaluate the likelihood of finding responsive information. Thus, the court will grant Plaintiff's request to take the deposition of Defendant's corporate representative for information technology, not to exceed four hours. To minimize costs, Plaintiff shall conduct this deposition telephonically and within the next 30 days.
The court further directed that, after the deposition, the parties should confer in good faith in an effort to resolve their disputes. If, after conferring, the parties were unable to resolve the issues raised in plaintiff’s motion concerning the email discovery requests, plaintiff was directed to file a notice with the court describing the remaining disputes.
To view entire decision: click here
---------------------------------------
Source: eDiscoveryLaw.com
Friday, April 27, 2007
Microsoft reveals its e-discovery strategy
Vendor spends average of US$20M per lawsuit, exec says
It's not difficult establishing the benefit of proper records management, when a company such Microsoft Corp. spends an average of US$20 million for e-discovery per litigation, said a company executive.
"When someone says they can't find the return on investment (on a records management process), I so disagree," said Rachael Heade, Microsoft's records management analysis manager, at a CA World 2007 panel discussion in Las Vegas, Nevada.
And there currently exists a backlog of cases to be handled, she added.
Records management and e-discovery are two sides of the same coin, believes Heade, because the success of a company's e-discovery strategy relies on the strength of its records management foundation.
Microsoft has integrated records management into the annual job review of executive vice-presidents, directly tying their perfomance in this area to their bonus, said Heade.
Other staff can measure their own adherence to the records management process by using self-assessment tools designed for various levels in the organization, she added.
To view entire article click here
---------------------------------------
Source: itbusiness.ca
It's not difficult establishing the benefit of proper records management, when a company such Microsoft Corp. spends an average of US$20 million for e-discovery per litigation, said a company executive.
"When someone says they can't find the return on investment (on a records management process), I so disagree," said Rachael Heade, Microsoft's records management analysis manager, at a CA World 2007 panel discussion in Las Vegas, Nevada.
And there currently exists a backlog of cases to be handled, she added.
Records management and e-discovery are two sides of the same coin, believes Heade, because the success of a company's e-discovery strategy relies on the strength of its records management foundation.
Microsoft has integrated records management into the annual job review of executive vice-presidents, directly tying their perfomance in this area to their bonus, said Heade.
Other staff can measure their own adherence to the records management process by using self-assessment tools designed for various levels in the organization, she added.
To view entire article click here
---------------------------------------
Source: itbusiness.ca
Grid Vendors Roll On
Whether you call it virtualization or grid computing, grid vendors continue to win over customers.
DataSynapse, United Devices and Platform Computing were just some of the vendors announcing customer wins in recent weeks.
Platform announced that Gaselys, a joint venture created in 2001 by Société Générale and Gaz de France, has implemented Symphony, Platform's financial services software for real-time complex price and risk calculations.
The energy trading firm uses Symphony for precise snapshots of market exposure and competitive pricing and to provide a number of indicators requiring compute-intensive, complex and high-volume calculations every day.
"Gaselys' ability to do business is based on the production of accurate risk analyses," stated Gaselys Managing Director Philippe Vedrenne. "When the installation was completed, calculations that were previously too compute-intensive to run more than once per day on one dedicated server were available in real time. Platform's Symphony offers sustainable competitive advantage of superior grid computing."
United Devices, meanwhile, said that Bristol-Myers Squibb has engaged the company to build a high performance computing (HPC) grid to manage the global pharmaceutical and healthcare products company’s HPC clusters and desktop grid.
Bristol-Myers Squibb selected UD after running an extensive feature-function test plan that demonstrated the capability of UD’s solutions across its most important use cases.
United Devices said it has already completed initial installation at Bristol-Myers Squibb and will deliver additional capabilities to meet specific requirements over the next several months.
UD now boasts seven of the top 10 global pharmaceutical companies as customers.
DataSynapse, which now bills itself as a virtualization firm, said Applied Discovery has implemented its GridServer application service software that virtualizes and distributes application workload and executes in a guaranteed, scalable manner over existing computing resources.
To view entire article click here
---------------------------------------
Source: enterpriseitplanet.com
DataSynapse, United Devices and Platform Computing were just some of the vendors announcing customer wins in recent weeks.
Platform announced that Gaselys, a joint venture created in 2001 by Société Générale and Gaz de France, has implemented Symphony, Platform's financial services software for real-time complex price and risk calculations.
The energy trading firm uses Symphony for precise snapshots of market exposure and competitive pricing and to provide a number of indicators requiring compute-intensive, complex and high-volume calculations every day.
"Gaselys' ability to do business is based on the production of accurate risk analyses," stated Gaselys Managing Director Philippe Vedrenne. "When the installation was completed, calculations that were previously too compute-intensive to run more than once per day on one dedicated server were available in real time. Platform's Symphony offers sustainable competitive advantage of superior grid computing."
United Devices, meanwhile, said that Bristol-Myers Squibb has engaged the company to build a high performance computing (HPC) grid to manage the global pharmaceutical and healthcare products company’s HPC clusters and desktop grid.
Bristol-Myers Squibb selected UD after running an extensive feature-function test plan that demonstrated the capability of UD’s solutions across its most important use cases.
United Devices said it has already completed initial installation at Bristol-Myers Squibb and will deliver additional capabilities to meet specific requirements over the next several months.
UD now boasts seven of the top 10 global pharmaceutical companies as customers.
DataSynapse, which now bills itself as a virtualization firm, said Applied Discovery has implemented its GridServer application service software that virtualizes and distributes application workload and executes in a guaranteed, scalable manner over existing computing resources.
To view entire article click here
---------------------------------------
Source: enterpriseitplanet.com
Wednesday, April 25, 2007
'Going Native' With E-Discovery Provides Greater Cost Efficiency, Accuracy for Trial Lawyers, Says K&F Consulting's Greg Fordham
For years most e-discovery has been performed by converting native or original electronic documents into TIFF or PDF documents for trial attorneys to review prior to trial and perhaps even present to the jury.
"This approach is somewhat akin to showing the jury a picture of a pistol instead of the actual murder weapon," says Greg Fordham, a founder of K&F Consulting Inc., and an expert witness in many state and federal cases involving e-discovery and computer forensics.
"There are two major drawbacks associated with converting native electronic documents into other formats," Fordham notes. "First, the cost associated with transforming original digital evidence into a different format, and second, the resulting data loss that takes places with the transformation," he said.
Continuing with his picture analogy, Fordham said the lost data could be compared to not having supporting fingerprints, ballistics, chemical analysis, sales records, ownership, registration and other relevant analyses.
While Fordham notes that there is some resistance to using native data, the courts are increasingly recognizing its value.
In Williams v Sprint, 230 F.R.D. 640, (2005) the access to metadata was the essence of the discovery dispute, he said. And he said that the increased efficiency and accuracy of native data was persuasive in compelling its production in United States v Davy, 543 F.2d 996, (1976).
To view entire article click here
---------------------------------------
Source: PRNewswire
"This approach is somewhat akin to showing the jury a picture of a pistol instead of the actual murder weapon," says Greg Fordham, a founder of K&F Consulting Inc., and an expert witness in many state and federal cases involving e-discovery and computer forensics.
"There are two major drawbacks associated with converting native electronic documents into other formats," Fordham notes. "First, the cost associated with transforming original digital evidence into a different format, and second, the resulting data loss that takes places with the transformation," he said.
Continuing with his picture analogy, Fordham said the lost data could be compared to not having supporting fingerprints, ballistics, chemical analysis, sales records, ownership, registration and other relevant analyses.
While Fordham notes that there is some resistance to using native data, the courts are increasingly recognizing its value.
In Williams v Sprint, 230 F.R.D. 640, (2005) the access to metadata was the essence of the discovery dispute, he said. And he said that the increased efficiency and accuracy of native data was persuasive in compelling its production in United States v Davy, 543 F.2d 996, (1976).
To view entire article click here
---------------------------------------
Source: PRNewswire
JOLT Shines Legal Light on eDiscovery
Student-run law publication Richmond Journal of Law and Technology (JOLT) is on a mission to rain lightning-bright clarity on the topic of Electronic Discovery (eDiscovery).
As of December 1, 2006, changes to existing eDiscovery rules require companies to have clear policies and keep track of employee e-mail, instant messages and other electronic documents or communications delivered through or stored via the Internet.
The requirement of compliance is stringent, with non-compliant companies facing charges of adverse inference (shiver), which means that amid a litigation, a jury may assume the data that was not presented contained incriminating information.
The problem is the fluid nature of electronic information and the relative naivety of many of those who must manage the email compliance issue. This is where JOLT steps in.
Once a year, JOLT publishes an issue dedicated solely to emerging matters in eDiscovery. The most current volume covers the December rule changes and contains the following six resources:
Managing Preservation Obligations After The 2006 Federal E-Discovery Amendments, by Thomas Y. Allman
Information Inflation: Can The Legal System Adapt?, by George L. Paul and Jason R. Baron
In Pursuit Of FRCP 1: Creative Approaches To Cutting And Shifting The Costs Of Discovery Of Electronic Information, by Mia Mazza, Emmalena K. Quesada, and Ashley L. Sternberg
The Two-Tier Discovery Provision Of Rule 26(B)(2)(B) - A Reasonable Measure For Controlling Electronic Discovery?, by Theodore C. Hirt
Backup Tapes, You Can’t Live With Them and You Can’t Toss Them: Strategies for Dealing with the Litigation Burdens Associated with Backup Tapes Under the Amended Federal Rules of Civil Procedure, by Grant J. Esposito and Thomas M. Mueller
At a glance, Creative Approaches To Cutting And Shifting The Costs Of Discovery Of Electronic Information makes for a particularly interesting read because of the way it addresses the problematic nature of electronically-stored information: it moves quickly, is easily changed, may be difficult to trace, and occasionally proves impossible to delete entirely.
It also presents solutions to cutting compliance costs, thereby shifting the burden to yield the benefits of organizing digital information. One positive characteristic of getting your online act together is that, “[when] properly employed, ‘electronic discovery allows a party to organize, identify, index, and even authenticate documents in a fraction of the time and at a fraction of the cost of paper discovery while virtually eliminating costs of copying and transport.’”
To view entire article click here
---------------------------------------
Source: CMSNewswire
As of December 1, 2006, changes to existing eDiscovery rules require companies to have clear policies and keep track of employee e-mail, instant messages and other electronic documents or communications delivered through or stored via the Internet.
The requirement of compliance is stringent, with non-compliant companies facing charges of adverse inference (shiver), which means that amid a litigation, a jury may assume the data that was not presented contained incriminating information.
The problem is the fluid nature of electronic information and the relative naivety of many of those who must manage the email compliance issue. This is where JOLT steps in.
Once a year, JOLT publishes an issue dedicated solely to emerging matters in eDiscovery. The most current volume covers the December rule changes and contains the following six resources:
Managing Preservation Obligations After The 2006 Federal E-Discovery Amendments, by Thomas Y. Allman
Information Inflation: Can The Legal System Adapt?, by George L. Paul and Jason R. Baron
In Pursuit Of FRCP 1: Creative Approaches To Cutting And Shifting The Costs Of Discovery Of Electronic Information, by Mia Mazza, Emmalena K. Quesada, and Ashley L. Sternberg
The Two-Tier Discovery Provision Of Rule 26(B)(2)(B) - A Reasonable Measure For Controlling Electronic Discovery?, by Theodore C. Hirt
Backup Tapes, You Can’t Live With Them and You Can’t Toss Them: Strategies for Dealing with the Litigation Burdens Associated with Backup Tapes Under the Amended Federal Rules of Civil Procedure, by Grant J. Esposito and Thomas M. Mueller
At a glance, Creative Approaches To Cutting And Shifting The Costs Of Discovery Of Electronic Information makes for a particularly interesting read because of the way it addresses the problematic nature of electronically-stored information: it moves quickly, is easily changed, may be difficult to trace, and occasionally proves impossible to delete entirely.
It also presents solutions to cutting compliance costs, thereby shifting the burden to yield the benefits of organizing digital information. One positive characteristic of getting your online act together is that, “[when] properly employed, ‘electronic discovery allows a party to organize, identify, index, and even authenticate documents in a fraction of the time and at a fraction of the cost of paper discovery while virtually eliminating costs of copying and transport.’”
To view entire article click here
---------------------------------------
Source: CMSNewswire
Why email matters: The science behind the US Attorneys scandal
Email, which is more and more in the news these days, is close to the center of the current US Attorney firing scandal, and for good reason. A substantial amount of communication flows via email, which is nearly instantaneous, costs almost nothing, and has in large part replaced the paper memo.
Email also provides a path of inquiry that previously was unavailable to investigators. A paper document can be shredded or burned, while email leaves a trail even when deleted. Furthermore, unlike a piece of paper, the email itself reveals who sent it and who received it, when and where. As Senator Patrick Leahy says, “You can't erase e-mails, not today…They've gone through too many servers. Those e-mails are there –”
There are three kinds of email systems in common use. The most familiar is the email client program, a genre that includes Microsoft Outlook Express, Mozilla Thunderbird, Macintosh Mail, and Netscape Mail. These programs store data mainly in text form, rather than in cryptic computer language. Generally all of the individual emails in a single mailbox (such as the “In” or “Sent” mailbox) are stored together as a single file. Each mailbox file is then represented by an entry in an index that functions something like a table of contents.
When a single email is deleted, it is truncated from the mailbox file, but its data is not actually removed from the computer. Even when an entire mailbox is deleted, its entry is removed from the file index, but the actual body of the file does not disappear from the computer. The area on the computer’s hard disk that holds the file is marked as available to be reused, but the file’s contents will not immediately be overwritten and hence may be recoverable for a considerable period of time.
The computer forensics specialist is able to search the ostensibly unused portion of the hard drive for text that may have been part of an email. The expert can look for names, phrases, places, or actions that might have been mentioned in an email. The email also contains additional internal data that tells where it has been and who it has been sent to.
As an example of such data, I just sent my wife a 17-word message titled, “Where’s this email from?” She replied, “Darling, Surely you must mean, ‘From where is this email?’ Love, Your grammatically correct wife.” Her reply is only 15 words, yet when I look underneath what is displayed on the screen, I see the email actually contains 246 words. Where did the rest of it come from?
The extra information includes a return path with my beloved’s America Online (AOL) email address, her computer’s IP address, the IP addresses of three other computers, both email addresses repeated another three times each, the names of three or four mail servers, and four date / time stamps. Oh, and lest I forget, there’s an ad for AOL at the end. (“IP” stands for Internet Protocol.” Every computer that is hooked up to a network has an IP address.)
To view entire article click here
---------------------------------------
Source: TheRawStory
By: Steve Burgess
Email also provides a path of inquiry that previously was unavailable to investigators. A paper document can be shredded or burned, while email leaves a trail even when deleted. Furthermore, unlike a piece of paper, the email itself reveals who sent it and who received it, when and where. As Senator Patrick Leahy says, “You can't erase e-mails, not today…They've gone through too many servers. Those e-mails are there –”
There are three kinds of email systems in common use. The most familiar is the email client program, a genre that includes Microsoft Outlook Express, Mozilla Thunderbird, Macintosh Mail, and Netscape Mail. These programs store data mainly in text form, rather than in cryptic computer language. Generally all of the individual emails in a single mailbox (such as the “In” or “Sent” mailbox) are stored together as a single file. Each mailbox file is then represented by an entry in an index that functions something like a table of contents.
When a single email is deleted, it is truncated from the mailbox file, but its data is not actually removed from the computer. Even when an entire mailbox is deleted, its entry is removed from the file index, but the actual body of the file does not disappear from the computer. The area on the computer’s hard disk that holds the file is marked as available to be reused, but the file’s contents will not immediately be overwritten and hence may be recoverable for a considerable period of time.
The computer forensics specialist is able to search the ostensibly unused portion of the hard drive for text that may have been part of an email. The expert can look for names, phrases, places, or actions that might have been mentioned in an email. The email also contains additional internal data that tells where it has been and who it has been sent to.
As an example of such data, I just sent my wife a 17-word message titled, “Where’s this email from?” She replied, “Darling, Surely you must mean, ‘From where is this email?’ Love, Your grammatically correct wife.” Her reply is only 15 words, yet when I look underneath what is displayed on the screen, I see the email actually contains 246 words. Where did the rest of it come from?
The extra information includes a return path with my beloved’s America Online (AOL) email address, her computer’s IP address, the IP addresses of three other computers, both email addresses repeated another three times each, the names of three or four mail servers, and four date / time stamps. Oh, and lest I forget, there’s an ad for AOL at the end. (“IP” stands for Internet Protocol.” Every computer that is hooked up to a network has an IP address.)
To view entire article click here
---------------------------------------
Source: TheRawStory
By: Steve Burgess
Tuesday, April 24, 2007
Blended Computing: A Different Mix
Everywhere you go these days, everybody in I.T. is talking about the need to provide better collaboration tools to their end users as part of a general drive to increase the productivity of employees. But when you start to examine the options available to boost collaboration among users, you quickly discover that you're about to take a trip down a very expensive rabbit hole.
The core problem, of course, stems from the very nature of the applications we use today; they were designed as personal productivity tools, not as components of a meaningful collaboration infrastructure. To get around that issue, most companies have been using shared drives to store documents that are then typically shipped around the organization sequentially. This approach creates management headaches because more often than not, there are multiple versions of the same file floating around the enterprise, which in turn leads to version-control problems and increased storage expense.
To try to solve this problem, many organizations have turned to offerings such as Microsoft's SharePoint Services, Lotus Notes and EMC's Documentum because they all offer some sort of document management capability. However, setting up these solutions takes a fair amount of time, energy and cost when most users simply want a relatively easy way to collaborate. And even when you do set up these programs successfully, they still have shortcomings such as a lack of offline client support; in this regard, SharePoint needs to be augmented by a third-party product such as Colligo Networks' Reader or Contributor tools.
Because of these issues, you are also starting to see a growing interest in a number of software-as-a-service offerings such as Google Docs and CommuniClique. The difference in these services boils down to an offering from Google that by its very Web nature is a collaborative application versus CommuniClique, a program that makes it easier to track and share existing Microsoft Office documents. The CommuniClique service is similar in concept to Microsoft's Office Live offering, which is simply a Web-based implementation of SharePoint. But unlike Office Live, CommuniClique provides a higher level of fidelity between documents that exist on your systems and the documents stored in the service, which is something that Microsoft can only promise to deliver with a future iteration of SharePoint.
The problem that I.T. people are having with this trend is that both the Google and CommuniClique services could potentially result in sensitive corporate data residing outside the firewall. For that reason, Honeywell's Automation and Control Solutions division mandates that employees use SharePoint for collaboration, and as part of that effort plans to roll out a forthcoming version of SharePoint that will make it easier for employees to collaborate across the company's firewall while still providing a secure environment.
To view entire article click here
---------------------------------------
Source: BaseLineMag
By: Michael Vizard
Data classification: Use brains, not brawn
Data classification initiatives increasingly rely on business value criteria, necessitating a move toward auto-classification using system-generated metadata.
The current state of data classification is largely a byproduct of historical hierarchical storage management (HSM) implementations where data age is the primary classification criterion. Early visions of classifying data based on business value never fully came to fruition, in large part because the proposed schema effectively required the brute force manual classification of data sets upon creation or use. While all classification efforts require varying degrees of manual intervention (e.g., initial discussions with business lines to define requirements), age-based classification enable automation processes to be more easily introduced to data-classification initiatives and have become the de facto standard.
A new emphasis on compliance, discovery, archiving, and provenance substantially challenges existing data-classification taxonomies. Today's business value drivers include "never delete" retention policies as well as performance, availability, and recovery attributes, which underpin resurgent data-classification efforts. While generally age-based schema still predominate, they must evolve to more aggressively incorporate richer classification attributes.
Importantly, this extension should be accomplished with an eye toward automation by dynamically assigning metadata to data sets upon creation or use. Future data classification efforts will involve much broader perspectives and serve as the mainspring of multiple enterprise initiatives, including information lifecycle management (ILM), tiered storage, e-mail archiving, decision support, data mining, electronic content management and compliance. In short, data classification will serve as the foundation for information value management and without auto-classification there is little chance to succeed in supporting these often complex efforts.
This article puts forth the following premise: IT organizations must break with the past and make business process, not age of data sets the defining criterion for classification schema. Furthermore, in designing value-based classification schema, auto-classification capabilities that assign metadata to data sets at the point of creation or use must be included to accommodate scale and manageability.
New value drivers
The traditional catalyst of data classification from a storage point of view has been improved efficiencies, often by freeing up space and/or migrating data to less-expensive tiers. In the early 1990s, the common belief was that archival status was the last phase for data before deletion or end-of-life. Then, one- to two-year data-retention periods were viewed as a reasonable amount of time to keep digital data in any accessible format. Age-based retention policies predominated.
It is becoming increasingly important to understand that the value of data changes throughout its lifetime and quite often retains or even gains value over time. Where data should optimally reside, how it should be accessed, how it should be managed, and its corresponding metadata attributes all change during the lifespan of information.
Today, there are countless government regulations that dictate the way data is managed and stored throughout its life. As a result, a new value proposition is emerging where proper classification enables the reconstruction of a continuum of organizational activities performed, and decisions made, over a period of time. What this means is that the long-time reliance on "corporate memory" to piece together a series of events, or conduct a cumbersome discovery, has the potential to be supplanted by a much more reliable and auditable system of infrastructure, metadata, applications, and business processes. To general counsels, boards of directors, and risk managers, this can mean billions in loss mitigation and improved business productivity.
To view entire article click here
---------------------------------------
Source: InfoStor.com
The current state of data classification is largely a byproduct of historical hierarchical storage management (HSM) implementations where data age is the primary classification criterion. Early visions of classifying data based on business value never fully came to fruition, in large part because the proposed schema effectively required the brute force manual classification of data sets upon creation or use. While all classification efforts require varying degrees of manual intervention (e.g., initial discussions with business lines to define requirements), age-based classification enable automation processes to be more easily introduced to data-classification initiatives and have become the de facto standard.
A new emphasis on compliance, discovery, archiving, and provenance substantially challenges existing data-classification taxonomies. Today's business value drivers include "never delete" retention policies as well as performance, availability, and recovery attributes, which underpin resurgent data-classification efforts. While generally age-based schema still predominate, they must evolve to more aggressively incorporate richer classification attributes.
Importantly, this extension should be accomplished with an eye toward automation by dynamically assigning metadata to data sets upon creation or use. Future data classification efforts will involve much broader perspectives and serve as the mainspring of multiple enterprise initiatives, including information lifecycle management (ILM), tiered storage, e-mail archiving, decision support, data mining, electronic content management and compliance. In short, data classification will serve as the foundation for information value management and without auto-classification there is little chance to succeed in supporting these often complex efforts.
This article puts forth the following premise: IT organizations must break with the past and make business process, not age of data sets the defining criterion for classification schema. Furthermore, in designing value-based classification schema, auto-classification capabilities that assign metadata to data sets at the point of creation or use must be included to accommodate scale and manageability.
New value drivers
The traditional catalyst of data classification from a storage point of view has been improved efficiencies, often by freeing up space and/or migrating data to less-expensive tiers. In the early 1990s, the common belief was that archival status was the last phase for data before deletion or end-of-life. Then, one- to two-year data-retention periods were viewed as a reasonable amount of time to keep digital data in any accessible format. Age-based retention policies predominated.
It is becoming increasingly important to understand that the value of data changes throughout its lifetime and quite often retains or even gains value over time. Where data should optimally reside, how it should be accessed, how it should be managed, and its corresponding metadata attributes all change during the lifespan of information.
Today, there are countless government regulations that dictate the way data is managed and stored throughout its life. As a result, a new value proposition is emerging where proper classification enables the reconstruction of a continuum of organizational activities performed, and decisions made, over a period of time. What this means is that the long-time reliance on "corporate memory" to piece together a series of events, or conduct a cumbersome discovery, has the potential to be supplanted by a much more reliable and auditable system of infrastructure, metadata, applications, and business processes. To general counsels, boards of directors, and risk managers, this can mean billions in loss mitigation and improved business productivity.
To view entire article click here
---------------------------------------
Source: InfoStor.com
From Web 2.0 To E-Discovery 2.0
If there’s one idea that has captivated Silicon Valley in the past 3 years, it is Web 2.0. People may debate its meaning and definition, but the gist of it is clear: a handful of powerful forces have coalesced to make the internet of today fundamentally different to what it was 5 years ago. Opinions vary on which of these forces is most important: the growth of broadband to the home; open source, ajax and other technologies which lower the cost and increase the functionality of web applications; the power of community in a world where more people are on the web. Whichever you choose, there is no doubt that collectively these forces have had a huge impact, powering the growth of now-household names such as Google, MySpace, and YouTube.
I believe that an analogous set of changes is transforming the way companies do e-discovery. Ten years ago, e-discovery was an after-thought – a necessary, but incidental, part of corporate legal expenses. Today, it is a huge line-item in the legal budget, a headache for corporate IT, and the foundation upon which many cases are built.
E-discovery 1.0 was an ad hoc activity; e-discovery 2.0 is a core business process. E-discovery 1.0 was barely noticed; e-discovery 2.0 is driving the news cycle, affecting everyone from Intel to the US Attorney General. In the legal world, e-discovery 2.0 has had every bit as big an impact on enterprises as Web 2.0 has had on the dating lives of teenagers.
What happened? A series of fundamental changes have made e-discovery far more important, expensive, and complex than it was in the 1990s. Chief among these changes are:
1. Email, Not Voicemail: In the past 10 years, companies have switched from voicemail to email as the primary way they communicate. This has created a written record where none previously existed. Just as oral histories eventually die out, every voicemail eventually gets deleted; but emails and the written word live forever. Whatsmore, the convenience and time-efficiency of email makes it addictive, with the result that every meaningful conversation is captured, time-stamped, and attached to a person’s name. Given that many legal cases turn on intent, and proving who knew what when, this makes email a virtual treasure trove for anyone building a case.
2. Electronic Files, Not Paper: Electronic files are fundamentally different to paper documents: they reproduce like rabbits and are far cheaper to store. For example, one laptop is the equivalent of 2,000 boxes of paper; one server corresponds to 8,000-40,000 boxes of paper. The number of servers and laptops holding vast quantities of email is only increasing as the cost of hard disk storage falls, down from $2.04 per GB in 2004 to $0.77 per GB in 2006. Net net: going electronic has vastly increased the amount of data that must be analyzed as part of the discovery process.
3. Sooner, Not Later: Recent changes to the FRCP guidelines have moved e-discovery up in the process, forcing companies to have an e-discovery plan within 99 days of a suit being filed. Since disputes rarely settle that quickly, that means enterprises must now incur the expense of e-discovery on every case, not just the small number that actually make it to court. The result is a massive increase in e-discovery expenses and workload.
To view entire article click here
---------------------------------------
Source: ClearwellSystemsBlog
By: Aaref Hilaly
I believe that an analogous set of changes is transforming the way companies do e-discovery. Ten years ago, e-discovery was an after-thought – a necessary, but incidental, part of corporate legal expenses. Today, it is a huge line-item in the legal budget, a headache for corporate IT, and the foundation upon which many cases are built.
E-discovery 1.0 was an ad hoc activity; e-discovery 2.0 is a core business process. E-discovery 1.0 was barely noticed; e-discovery 2.0 is driving the news cycle, affecting everyone from Intel to the US Attorney General. In the legal world, e-discovery 2.0 has had every bit as big an impact on enterprises as Web 2.0 has had on the dating lives of teenagers.
What happened? A series of fundamental changes have made e-discovery far more important, expensive, and complex than it was in the 1990s. Chief among these changes are:
1. Email, Not Voicemail: In the past 10 years, companies have switched from voicemail to email as the primary way they communicate. This has created a written record where none previously existed. Just as oral histories eventually die out, every voicemail eventually gets deleted; but emails and the written word live forever. Whatsmore, the convenience and time-efficiency of email makes it addictive, with the result that every meaningful conversation is captured, time-stamped, and attached to a person’s name. Given that many legal cases turn on intent, and proving who knew what when, this makes email a virtual treasure trove for anyone building a case.
2. Electronic Files, Not Paper: Electronic files are fundamentally different to paper documents: they reproduce like rabbits and are far cheaper to store. For example, one laptop is the equivalent of 2,000 boxes of paper; one server corresponds to 8,000-40,000 boxes of paper. The number of servers and laptops holding vast quantities of email is only increasing as the cost of hard disk storage falls, down from $2.04 per GB in 2004 to $0.77 per GB in 2006. Net net: going electronic has vastly increased the amount of data that must be analyzed as part of the discovery process.
3. Sooner, Not Later: Recent changes to the FRCP guidelines have moved e-discovery up in the process, forcing companies to have an e-discovery plan within 99 days of a suit being filed. Since disputes rarely settle that quickly, that means enterprises must now incur the expense of e-discovery on every case, not just the small number that actually make it to court. The result is a massive increase in e-discovery expenses and workload.
To view entire article click here
---------------------------------------
Source: ClearwellSystemsBlog
By: Aaref Hilaly
Monday, April 23, 2007
ALLEVIATING HIGH STORAGE COSTS WHILE COMPLYING WITH E-DISCOVERY LAWS
Many small to mid-sized companies face a seemingly insoluble problem-new eDiscovery laws that mandate they be able to capture and reproduce email traffic, but they cannot afford to comply. They either lack sophisticated archiving software, or simply cannot afford additional storage area network (SAN) storage for Microsoft Exchange. However, new email solutions are emerging that take a very different, and far less expensive, approach to storage.
Exchange's architecture is hard on storage systems because it requires about five systems operations for one send. All these writes, rewrites, and commands clog I/O, and each of those operations is stored in Microsoft's Jet database. As a result, Exchange requires storage with many fast, expensive disks-a requirement that is out of the price range of most small and medium-sized businesses.
To get around these limitations-and to deal with the need for backup windows-Exchange administrators limit the amount of storage available to users and employ fiber-channel-driven, dedicated SANs. While SANs are great storage appliances, they can drive the cost per TB of storage well above $15,000. To compound matters the growth in message storage requirements, and the resulting increase in backup and restore times, is the most serious problems facing messaging management.
To view entire article click here
---------------------------------------
Source: wwpi.com
Exchange's architecture is hard on storage systems because it requires about five systems operations for one send. All these writes, rewrites, and commands clog I/O, and each of those operations is stored in Microsoft's Jet database. As a result, Exchange requires storage with many fast, expensive disks-a requirement that is out of the price range of most small and medium-sized businesses.
To get around these limitations-and to deal with the need for backup windows-Exchange administrators limit the amount of storage available to users and employ fiber-channel-driven, dedicated SANs. While SANs are great storage appliances, they can drive the cost per TB of storage well above $15,000. To compound matters the growth in message storage requirements, and the resulting increase in backup and restore times, is the most serious problems facing messaging management.
To view entire article click here
---------------------------------------
Source: wwpi.com
Complexity, Legal Demands Plague Storage Us
Storage complexity and interoperability continue to be big concerns for end users, according to storage managers at last week's Storage Networking World conference.
Interoperability, managing in an age of complexity and diminishing resources, and establishing stronger communications with peers and manufacturers were just some of the concerns expressed by storage users both in a survey and at the conference.
The survey of more than 300 users by the Storage Networking Industry Association's End User Council (EUC) released at the conference found that only 5 percent did not value interoperability, and 62 percent of respondents indicated they would be willing to pay more for a supported interoperable multi-vendor solutions than for single vendor proprietary solutions.
EUC survey chair Norman Owens said in a conference session that interoperability issues affected all respondents, although specifics varied by business size or type. Users worried more about upgrades than about integrating new hardware or dealing with outdated management software. They said that only half of vendor upgrades fix problems, and a quarter of the time make the problem worse. Forced upgrades for legacy systems plague large businesses, while medium businesses are concerned with software upgrades and small businesses struggle with firmware upgrades.
To view entire article click here
---------------------------------------
Source: enterprisestorageforum.com
Interoperability, managing in an age of complexity and diminishing resources, and establishing stronger communications with peers and manufacturers were just some of the concerns expressed by storage users both in a survey and at the conference.
The survey of more than 300 users by the Storage Networking Industry Association's End User Council (EUC) released at the conference found that only 5 percent did not value interoperability, and 62 percent of respondents indicated they would be willing to pay more for a supported interoperable multi-vendor solutions than for single vendor proprietary solutions.
EUC survey chair Norman Owens said in a conference session that interoperability issues affected all respondents, although specifics varied by business size or type. Users worried more about upgrades than about integrating new hardware or dealing with outdated management software. They said that only half of vendor upgrades fix problems, and a quarter of the time make the problem worse. Forced upgrades for legacy systems plague large businesses, while medium businesses are concerned with software upgrades and small businesses struggle with firmware upgrades.
To view entire article click here
---------------------------------------
Source: enterprisestorageforum.com
Thursday, April 19, 2007
E-mail Archiving: Lots of Solutions for a Real Problem
Continuing yesterday’s discussion of archiving systems, there certainly has been a lot of press lately regarding one of the more crucial data sets that need to be archived: e-mail.
Our own Carl Weinschenk recently pointed out that the White House’s troubles locating its own missing e-mails offer a great case study when trying to convince the money people at your organization to invest in a good e-mail archiving solution. But the onus is on you to find the appropriate hardware, software and/or services needed to handle what is likely to be an ever-expanding mountain of data.
According to one survey by Osterman Research, the average user sends and receives upwards of 170 e-mails per day, with more than a third using their own personal accounts to conduct business – a practice that increases when enterprise networks go down.
The good news is that, on the hardware side at least, storage is both cheaper and easier to set up than ever before, according to a recent article in Processor. So the trick is on the management side. What e-mail is to be preserved? For how long? How is to be retrieved? And so on.
To view entire article click here
---------------------------------------
Source: itbusinessedge.com
Our own Carl Weinschenk recently pointed out that the White House’s troubles locating its own missing e-mails offer a great case study when trying to convince the money people at your organization to invest in a good e-mail archiving solution. But the onus is on you to find the appropriate hardware, software and/or services needed to handle what is likely to be an ever-expanding mountain of data.
According to one survey by Osterman Research, the average user sends and receives upwards of 170 e-mails per day, with more than a third using their own personal accounts to conduct business – a practice that increases when enterprise networks go down.
The good news is that, on the hardware side at least, storage is both cheaper and easier to set up than ever before, according to a recent article in Processor. So the trick is on the management side. What e-mail is to be preserved? For how long? How is to be retrieved? And so on.
To view entire article click here
---------------------------------------
Source: itbusinessedge.com
Making Forensics Elementary at Your Firm
Decrypting e-discovery's up-and-coming science
The electronic-discovery phenomenon is here to stay -- and the industry is still exploding.
The percentage of electronically-stored-information evidence in the standard case has increased exponentially, and all signs on the information superhighway and on roads leading to court indicate that ESI in litigation will escalate as time goes by. Along with e-discovery, the field of computer forensics is becoming evermore central to the discovery process. The need for computer forensics analysis is appearing frequently at the state and federal level, and the field's influence and demands are permeating civil and criminal cases, both large and small.
Attorney and e-discovery expert Tom O'Connor, with the Washington, D.C.-based nonprofit Legal Electronic Document Institute, says that judges in the cases he consults on are ordering e-discovery and computer-forensics investigation much more frequently than ever before. O'Connor is seeing the effect of this change on all kinds of cases.
"Even a small business has a 20 GB hard drive these days," he notes. "We can't think of e-discovery as an issue only relevant to large or complex litigation anymore. Nearly everyone has at least one computer at work and one at home, not to mention a cell phone, PDA, GPS system and wireless Internet connection. With all these potential evidence sources for each individual, it's no wonder that the amount of electronic evidence to be vetted is skyrocketing."
O'Connor adds that with large criminal cases, huge amounts of electronic data must be harvested and analyzed. In many instances, suspects' PCs are immediately seized and "imaged" -- a euphemism for "cloned" or "copied" -- so that their contents can be examined at a later date without the risk of tampering. This kind of work generally needs to be done by a computer-forensics expert who is trained and qualified to do a professional-caliber job.
Besides the usual information sources of hard drives, server data and e-mails, O'Connor is seeing requests for digital surveillance-camera footage and electronic audio recordings. In many cases, law enforcement provides this e-discovery to the defense on CDs or DVDs in its entirety -- hundreds of hours of video consolidated on a few disks that the attorney team then watches and sifts through to find the few segments relevant to the case. Parties on both sides agree that searching for, or finding, a needle in a haystack at $400 an hour doesn't serve the attorneys' or the clients' purposes very well.
To view entire article click here
---------------------------------------
Source: law.com
The electronic-discovery phenomenon is here to stay -- and the industry is still exploding.
The percentage of electronically-stored-information evidence in the standard case has increased exponentially, and all signs on the information superhighway and on roads leading to court indicate that ESI in litigation will escalate as time goes by. Along with e-discovery, the field of computer forensics is becoming evermore central to the discovery process. The need for computer forensics analysis is appearing frequently at the state and federal level, and the field's influence and demands are permeating civil and criminal cases, both large and small.
Attorney and e-discovery expert Tom O'Connor, with the Washington, D.C.-based nonprofit Legal Electronic Document Institute, says that judges in the cases he consults on are ordering e-discovery and computer-forensics investigation much more frequently than ever before. O'Connor is seeing the effect of this change on all kinds of cases.
"Even a small business has a 20 GB hard drive these days," he notes. "We can't think of e-discovery as an issue only relevant to large or complex litigation anymore. Nearly everyone has at least one computer at work and one at home, not to mention a cell phone, PDA, GPS system and wireless Internet connection. With all these potential evidence sources for each individual, it's no wonder that the amount of electronic evidence to be vetted is skyrocketing."
O'Connor adds that with large criminal cases, huge amounts of electronic data must be harvested and analyzed. In many instances, suspects' PCs are immediately seized and "imaged" -- a euphemism for "cloned" or "copied" -- so that their contents can be examined at a later date without the risk of tampering. This kind of work generally needs to be done by a computer-forensics expert who is trained and qualified to do a professional-caliber job.
Besides the usual information sources of hard drives, server data and e-mails, O'Connor is seeing requests for digital surveillance-camera footage and electronic audio recordings. In many cases, law enforcement provides this e-discovery to the defense on CDs or DVDs in its entirety -- hundreds of hours of video consolidated on a few disks that the attorney team then watches and sifts through to find the few segments relevant to the case. Parties on both sides agree that searching for, or finding, a needle in a haystack at $400 an hour doesn't serve the attorneys' or the clients' purposes very well.
To view entire article click here
---------------------------------------
Source: law.com
Wednesday, April 18, 2007
Defense: Defendant did not conduct Internet searches
Someone was on William and Melanie McGuire's home desktop computer searching the words "undetectable poisons" and "how to purchase a gun without a permit" and that person, the defense contends, was not Melanie McGuire.
Jesse Lindmar, the director in the computer forensic division at Miles Computer Forensics in Moorestown, testified that he extracted everything from the hard drive of the McGuires' home computer.
"The Internet history is stored in the form of a database," said Lindmar. "There were 485,000 rows of information. I took what [Jennifer Seymour, a computer forensics expert who was working at the New Jersey State digital technology unit at the time] did and extracted a few more entries. I concentrated on six particular days."
On April 11, 2004, at 7:32 p.m., Lindmar said it appears someone logged on to an an e-mail account under the name William T. McGuire at njlincs.net and at 7:34 p.m. someone typed in the words "undetectable poisons" into a Google search engine.
On April 18, 2004, at 5:44 p.m., someone typed in the words "how to commit suicide" into a Google search engine. At 6:49 p.m., someone typed in the word "chloroform," which can be used as a sedative, into an MSN search engine. At 7:02 p.m., someone logged on to an e-mail account for William T. McGuire at njlincs.net. At 7:06 p.m., someone searched the year 1982 on the Web site www.classmates.com.
On April 26, 2004, Melanie McGuire purchased a Taurus Model 85 .38-caliber handgun and a box of bullets from John's Gun and Tackle Room gun shop in Easton, Pa. In one of the wiretaps captured by the state police in 2005, McGuire told her friend, James Finn, that she purchased the gun for her husband.
To view entire article click here
---------------------------------------
Source: gmnews.com
Jesse Lindmar, the director in the computer forensic division at Miles Computer Forensics in Moorestown, testified that he extracted everything from the hard drive of the McGuires' home computer.
"The Internet history is stored in the form of a database," said Lindmar. "There were 485,000 rows of information. I took what [Jennifer Seymour, a computer forensics expert who was working at the New Jersey State digital technology unit at the time] did and extracted a few more entries. I concentrated on six particular days."
On April 11, 2004, at 7:32 p.m., Lindmar said it appears someone logged on to an an e-mail account under the name William T. McGuire at njlincs.net and at 7:34 p.m. someone typed in the words "undetectable poisons" into a Google search engine.
On April 18, 2004, at 5:44 p.m., someone typed in the words "how to commit suicide" into a Google search engine. At 6:49 p.m., someone typed in the word "chloroform," which can be used as a sedative, into an MSN search engine. At 7:02 p.m., someone logged on to an e-mail account for William T. McGuire at njlincs.net. At 7:06 p.m., someone searched the year 1982 on the Web site www.classmates.com.
On April 26, 2004, Melanie McGuire purchased a Taurus Model 85 .38-caliber handgun and a box of bullets from John's Gun and Tackle Room gun shop in Easton, Pa. In one of the wiretaps captured by the state police in 2005, McGuire told her friend, James Finn, that she purchased the gun for her husband.
To view entire article click here
---------------------------------------
Source: gmnews.com
Forensic Tool Kit v 1.70
AccessData is one of the venerable developers of computer forensic software. The company’s biggest strength is that it is — and has been since its inception — the go-to supplier of password recovery tools. AccessData has packaged its complete tool set in one product called the Ultimate Toolkit. In addition to the Forensic Tool Kit, referred to by forensic analysts simply as FTK, the Ultimate Toolkit contains the full suite of password recovery tools, drive and media wipers, a registry viewer and other useful products.
Some of the tools interface nicely with FTK giving it a lot of power. At its core, however, FTK is the same computer forensic tool that it was last year and, while its biggest strength is its ability to take advantage of other AccessData tools, this product is pure computer forensics. Although its user interface is somewhat different from other products in its class, it still provides most of the same functions one would expect in a straightforward computer forensics tool.
FTK does not handle all of the types of media we would expect. However, it is strong in Windows files systems and does handle Linux file systems. This puts it at a bit of a disadvantage when compared with products that can acquire and analyze more file system types. FTK reads the most common types of images, including DD, EnCase and older versions of SafeBack, among others.
The product is easy to use if you are familiar with typical computer forensic tools. In addition, its terminology is consistent with the rest of the industry, a refreshing practice in a market that does not necessarily always use the same buzzwords from product to product. Installation is quick and straightforward, and it is up and ready to go in no time.
To view entire article click here
---------------------------------------
Source: scmagazine.com
Some of the tools interface nicely with FTK giving it a lot of power. At its core, however, FTK is the same computer forensic tool that it was last year and, while its biggest strength is its ability to take advantage of other AccessData tools, this product is pure computer forensics. Although its user interface is somewhat different from other products in its class, it still provides most of the same functions one would expect in a straightforward computer forensics tool.
FTK does not handle all of the types of media we would expect. However, it is strong in Windows files systems and does handle Linux file systems. This puts it at a bit of a disadvantage when compared with products that can acquire and analyze more file system types. FTK reads the most common types of images, including DD, EnCase and older versions of SafeBack, among others.
The product is easy to use if you are familiar with typical computer forensic tools. In addition, its terminology is consistent with the rest of the industry, a refreshing practice in a market that does not necessarily always use the same buzzwords from product to product. Installation is quick and straightforward, and it is up and ready to go in no time.
To view entire article click here
---------------------------------------
Source: scmagazine.com
EnCase Forensic v. 6
Of the straight (i.e., not over-the-network) computer forensic tools we examined, EnCase has made the most noticeable changes since last year. However, a few changes simply are cosmetic. That said, we liked EnCase better this year than last for one important reason: it has kept pace well with the needs of users.There are some familiar things missing in this release. For example, the DOS version no longer is supported, but imaging a computer can now use a Linux boot disk that you must create by downloading a Linux distribution and creating a bootable CD.
However, in a production computer forensics lab, we usually see direct disk acquisition, and that is supported in EnCase using the recommended Fast Block write blocker. This approach clearly is targeted at supporting the way computer forensics is being done in today’s labs. Field imaging, computer-to-computer, is slow and cumbersome. Most forensic analysts prefer the controlled conditions of the lab.
Among the useful new capabilities in this release are additional content extractors, indexing and the ability to parse Microsoft Exchange files. A useful piece of evidence management, documentation of the hard drive serial number for acquired drives, also is new. Generally, we see EnCase returning to its roots.
To view entire article click here
---------------------------------------
Source: scmagazine.com
However, in a production computer forensics lab, we usually see direct disk acquisition, and that is supported in EnCase using the recommended Fast Block write blocker. This approach clearly is targeted at supporting the way computer forensics is being done in today’s labs. Field imaging, computer-to-computer, is slow and cumbersome. Most forensic analysts prefer the controlled conditions of the lab.
Among the useful new capabilities in this release are additional content extractors, indexing and the ability to parse Microsoft Exchange files. A useful piece of evidence management, documentation of the hard drive serial number for acquired drives, also is new. Generally, we see EnCase returning to its roots.
To view entire article click here
---------------------------------------
Source: scmagazine.com
Exterro Gets E-Discovery Down to Business
Exterro isn't the first software vendor to apply a business-process-management approach to the legal discovery process, but with the launch of its flagship product Fusion, it is breaking new ground with a solution that combines BPM with collaboration capabilities and centralized management in an integrated environment.
Aimed at law firms and corporate legal departments, Exterro's newly unveiled Fusion is essentially a portal for controlling the discovery process. However, Exterro's chairman and CEO, Bobby Balachandran, prefers to call it a litigation-support-management platform, from which his customers can monitor progress, track costs, set and manage schedules, and evaluate vendor performance.
"During complex litigation, negotiations or time-intensive governmental investigations, the process of managing legal teams needs some automation, otherwise it all just gets away from them," Balachandran says. "We're trying to bring reliable management control and predictability to a process that is typically loaded with surprises and unexpected costs."
The company catchphrase here is "centralized management of litigation lifecycles," which describes what the product does pretty well. Fusion combines standard BPM functions -- collaboration, requirements management, issue tracking, vendor management -- into a comprehensive BPM system for legal discovery.
---------------------------------------
Source: law.com
Oracle Case E-Discovery Fight Heats Up
Dispute centers on author's audio files of interview with CEO
A major fight over alleged spoliation of evidence and the potential for sanctions over electronic discovery may be shaping up in San Francisco federal court for the Oracle Corp. securities class action.
The dispute centers on a British author's audio files of interviews with Oracle CEO Larry Ellison for "Softwar: An Intimate Portrait of Larry Ellison and Oracle" that now seem to have vanished. The digital recordings were made during the very period of class claims in In re Oracle Corp. Securities Litigation, No. C01-988MJJ.
Wrangling could come to a head during a May 1 hearing before U.S. District Judge Martin Jenkins, who will decide if a noncitizen with the only contemporaneous audio interviews of Ellison can be compelled to testify, or if a noncitizen may assert a Fifth Amendment right and refuse to discuss the fate of the files.
ACCUSATIONS ABOUND
The securities fraud suit accuses Oracle, Ellison and other top executives of falsifying software sales to mislead investors during the 2000 to 2001 period of the dot-com bubble burst.
It accuses Ellison of selling $900 million of his own stock before bad news hit the market.
The suit raises the issue of whether a party to a suit has an obligation to alert nonparties to save evidence, said Robert Brownstone, an intellectual property attorney in Mountain View, Calif.-based Fenwick & West's San Francisco office.
For third parties, the new electronic discovery rules that took effect on Dec. 1, 2006, do not have as strict a standard. "Companies are not obligated to scour the globe for third parties," he said.
The new amendments to the Federal Rules of Civil Procedure make clear that electronic data is subject to discovery if they are relevant and not too burdensome to produce.
To view entire article click here
---------------------------------------
Source: law.com
A major fight over alleged spoliation of evidence and the potential for sanctions over electronic discovery may be shaping up in San Francisco federal court for the Oracle Corp. securities class action.
The dispute centers on a British author's audio files of interviews with Oracle CEO Larry Ellison for "Softwar: An Intimate Portrait of Larry Ellison and Oracle" that now seem to have vanished. The digital recordings were made during the very period of class claims in In re Oracle Corp. Securities Litigation, No. C01-988MJJ.
Wrangling could come to a head during a May 1 hearing before U.S. District Judge Martin Jenkins, who will decide if a noncitizen with the only contemporaneous audio interviews of Ellison can be compelled to testify, or if a noncitizen may assert a Fifth Amendment right and refuse to discuss the fate of the files.
ACCUSATIONS ABOUND
The securities fraud suit accuses Oracle, Ellison and other top executives of falsifying software sales to mislead investors during the 2000 to 2001 period of the dot-com bubble burst.
It accuses Ellison of selling $900 million of his own stock before bad news hit the market.
The suit raises the issue of whether a party to a suit has an obligation to alert nonparties to save evidence, said Robert Brownstone, an intellectual property attorney in Mountain View, Calif.-based Fenwick & West's San Francisco office.
For third parties, the new electronic discovery rules that took effect on Dec. 1, 2006, do not have as strict a standard. "Companies are not obligated to scour the globe for third parties," he said.
The new amendments to the Federal Rules of Civil Procedure make clear that electronic data is subject to discovery if they are relevant and not too burdensome to produce.
To view entire article click here
---------------------------------------
Source: law.com
Monday, April 16, 2007
Who believes White House emails were lost?
Writing in ComputerWorld, Steve Duplessie attacks the "lost" White House emails surrounding the US Attorneys flap. He says the claims that the emails were lost is just a "smokescreen."
If the White House is telling (Congress) it lost those questionable e-mails, that means the mail client that authored the mail, the e-mail server that sent the e-mail, the e-mail server that received the e-mail and the e-mail client on the other end all lost the same e-mail — a rather unlikely scenario, I think.)
He goes on to urge Congress to "legislate the obvious." But don't lose sight of the laws that already exist: destruction of evidence is a crime. Nixon resigned over erasing 12 minutes of audiotape (essentially).
E-mail records, required by law to be produced as evidence, are no longer able to be produced. Electronic discovery is not possible. If this were a business, or a civil trial, the fines would be huge and the possibilities of other penalties would loom large.
This is thousands of emails. Here are Steve's proposals:
1. Any business or legal record created shall be kept in immutable form (meaning it doesn't change, and any change to it creates a new version with new metadata time stamps and authoring information) in accordance with stated, published policy regarding the expiration of that data. In other words, you create it, you keep it until you nuke it, and you make sure that you treat all similar data the exact same way.
For US government personnel, he says the time limit should be 50 years, same as for Wall Street.
2. If you keep any consumer data at all, you will keep it encrypted, and you will never keep any financial account information at all.
Because time after time, we hear the same story from federal agencies. We lost track of the laptops. The data wasn't encrypted, but don't worry because we have no indication that it's been misused. So we won't pay for credit monitoring. OK - we'll pay.
To view entire article click here
---------------------------------------
Source: zdnet.com
If the White House is telling (Congress) it lost those questionable e-mails, that means the mail client that authored the mail, the e-mail server that sent the e-mail, the e-mail server that received the e-mail and the e-mail client on the other end all lost the same e-mail — a rather unlikely scenario, I think.)
He goes on to urge Congress to "legislate the obvious." But don't lose sight of the laws that already exist: destruction of evidence is a crime. Nixon resigned over erasing 12 minutes of audiotape (essentially).
E-mail records, required by law to be produced as evidence, are no longer able to be produced. Electronic discovery is not possible. If this were a business, or a civil trial, the fines would be huge and the possibilities of other penalties would loom large.
This is thousands of emails. Here are Steve's proposals:
1. Any business or legal record created shall be kept in immutable form (meaning it doesn't change, and any change to it creates a new version with new metadata time stamps and authoring information) in accordance with stated, published policy regarding the expiration of that data. In other words, you create it, you keep it until you nuke it, and you make sure that you treat all similar data the exact same way.
For US government personnel, he says the time limit should be 50 years, same as for Wall Street.
2. If you keep any consumer data at all, you will keep it encrypted, and you will never keep any financial account information at all.
Because time after time, we hear the same story from federal agencies. We lost track of the laptops. The data wasn't encrypted, but don't worry because we have no indication that it's been misused. So we won't pay for credit monitoring. OK - we'll pay.
To view entire article click here
---------------------------------------
Source: zdnet.com
EMC taps users to expedite e-discovery
User input and full-text indexing fuel upgrades to company’s archiving governance initiative
Seeking to improve enterprise governance of e-mail and file archiving systems, EMC today announced upgrades to its EmailXtender e-mail management and DiskXtender file archiving products.
EMC says the updates will make it easier to comply with strict governance rules, such as the e-discovery provisions of the Federal Rules of Civil Procedures, and tap users' knowledge of legal and business e-mail.
“A lot of companies are just drowning in the volume of e-mail they have. Getting ahead of it, managing it, and not having to react after you’re hit with a lawsuit, those are all the kinds of things we’re trying to help our customers with,” said Kelly Ferguson, senior product marketing manager at EMC.
Slated for availability May 21, EmailXtender 4.8 allows administrators to push out archiving folders with predefined retention periods to users of Microsoft Exchange and Lotus Domino. Users can drag and drop messages they deem business-critical to these folders. The messages will appear in their inbox and can be shared among multiple users according to project needs.
“In the past, the form of archiving was automation,” Ferguson said. “What we’re adding is the ability for users to determine, based on their intimate knowledge of the content, what is a business record and, therefore, should be archived.”
“In some cases, particularly in parts of Europe, for example,” Ferguson added, “we see that [user-directed archiving] may replace automated capture and that users will be the drivers for the archive.”
To view entire article click here
---------------------------------------
Source: infoworld.com
Seeking to improve enterprise governance of e-mail and file archiving systems, EMC today announced upgrades to its EmailXtender e-mail management and DiskXtender file archiving products.
EMC says the updates will make it easier to comply with strict governance rules, such as the e-discovery provisions of the Federal Rules of Civil Procedures, and tap users' knowledge of legal and business e-mail.
“A lot of companies are just drowning in the volume of e-mail they have. Getting ahead of it, managing it, and not having to react after you’re hit with a lawsuit, those are all the kinds of things we’re trying to help our customers with,” said Kelly Ferguson, senior product marketing manager at EMC.
Slated for availability May 21, EmailXtender 4.8 allows administrators to push out archiving folders with predefined retention periods to users of Microsoft Exchange and Lotus Domino. Users can drag and drop messages they deem business-critical to these folders. The messages will appear in their inbox and can be shared among multiple users according to project needs.
“In the past, the form of archiving was automation,” Ferguson said. “What we’re adding is the ability for users to determine, based on their intimate knowledge of the content, what is a business record and, therefore, should be archived.”
“In some cases, particularly in parts of Europe, for example,” Ferguson added, “we see that [user-directed archiving] may replace automated capture and that users will be the drivers for the archive.”
To view entire article click here
---------------------------------------
Source: infoworld.com
Can 5 Million E-Mails Just Disappear?
On Friday, a White House spokeswoman admitted that as many as 5 million e-mails sent through a Republican Party-sponsored e-mail system may have been lost. Among those e-mails is correspondence between Karl Rove and other high-ranking Bush administration officials, which may reference the firing of eight U.S. prosecutors. "I don't believe that," said Patrick Leahy, D-Vt., on the Senate floor. "You can't erase e-mails, not today." In an "Explainer" column published in 2005 and reprinted below, Daniel Engber wondered if you really can get rid of an e-mail message just by pressing delete.
It's not easy. When you delete a file from a standard desktop computer, the file first gets moved to the "recycle bin" or the "trash," which means only that you've placed the intact data in a new directory. You erase the file when you empty your recycle bin. But even then, much of the information remains on the hard disk. Exactly how much depends on the type of computer you're using and which operating system you have.
Here's how it works: The information in each file you create gets stored on your computer's hard disk, where it's spread across multiple "data clusters," or chunks of space that each have a particular address. The computer keeps track of where to look for each file; pieces of a single document, for example, might be stored in clusters all over the disk. If possible, a computer will store files in contiguous clusters, so all the information is kept close together.
To view entire article click here
---------------------------------------
Source: slate.com
It's not easy. When you delete a file from a standard desktop computer, the file first gets moved to the "recycle bin" or the "trash," which means only that you've placed the intact data in a new directory. You erase the file when you empty your recycle bin. But even then, much of the information remains on the hard disk. Exactly how much depends on the type of computer you're using and which operating system you have.
Here's how it works: The information in each file you create gets stored on your computer's hard disk, where it's spread across multiple "data clusters," or chunks of space that each have a particular address. The computer keeps track of where to look for each file; pieces of a single document, for example, might be stored in clusters all over the disk. If possible, a computer will store files in contiguous clusters, so all the information is kept close together.
To view entire article click here
---------------------------------------
Source: slate.com
Forensic tools 2007
Corporate needs driven by regulatory necessity and incident management are beginning to call the shots in the forensic arena, reports Peter Stephenson.
This month we looked at a wide variety of digital forensic tools. This category has been growing rapidly, diversifying and maturing in the past two years. However, there are some interesting aspects to those growth phenomena. First, we are beginning to see real innovation in tool sets, but virtually none of it is in traditional computer forensics tools. In that class, we saw, essentially, nothing new since we reviewed them last year. If anything, they are becoming more alike.
In many respects, the computer forensics product leaders are indistinguishable from each other. Advances that have come at all have been in areas that are intended to keep pace with emerging forensic requirements, such as the increasing number of media types that need to be analyzed. In fact, the old designation of "computer forensics" almost seems to be giving way to a newer and more relevant class of "media forensics."
This year our observation is that there really is very little difference among the leaders beyond a feature here or there. The verdict from the users’ perspective almost always comes down to personal favorites which, if our mail is any indicator, users defend with religious zeal.
Since many organizations use multiple computer forensic tools, which one is "best" almost no longer matters. If you can afford the tool, it meets your needs, it produces acceptable results in the venue in which you are using it, and you have training and experience on it, then that tool probably is your best buy.
Where we are beginning to see real innovation is in what we refer to as digital forensic support tools. These specialized tools really are bringing digital forensics into the mainstream of complicated digital investigation, and investigations with difficult digital elements. We broke that ground last year when we looked at such non-traditional tools as link analyzers. This year we see several products that address specific forensic problems, such as live forensic captures. Innovation, then, is our focus for this year’s Group Test.
To view entire article click here
---------------------------------------
Source: scmagazine.com
This month we looked at a wide variety of digital forensic tools. This category has been growing rapidly, diversifying and maturing in the past two years. However, there are some interesting aspects to those growth phenomena. First, we are beginning to see real innovation in tool sets, but virtually none of it is in traditional computer forensics tools. In that class, we saw, essentially, nothing new since we reviewed them last year. If anything, they are becoming more alike.
In many respects, the computer forensics product leaders are indistinguishable from each other. Advances that have come at all have been in areas that are intended to keep pace with emerging forensic requirements, such as the increasing number of media types that need to be analyzed. In fact, the old designation of "computer forensics" almost seems to be giving way to a newer and more relevant class of "media forensics."
This year our observation is that there really is very little difference among the leaders beyond a feature here or there. The verdict from the users’ perspective almost always comes down to personal favorites which, if our mail is any indicator, users defend with religious zeal.
Since many organizations use multiple computer forensic tools, which one is "best" almost no longer matters. If you can afford the tool, it meets your needs, it produces acceptable results in the venue in which you are using it, and you have training and experience on it, then that tool probably is your best buy.
Where we are beginning to see real innovation is in what we refer to as digital forensic support tools. These specialized tools really are bringing digital forensics into the mainstream of complicated digital investigation, and investigations with difficult digital elements. We broke that ground last year when we looked at such non-traditional tools as link analyzers. This year we see several products that address specific forensic problems, such as live forensic captures. Innovation, then, is our focus for this year’s Group Test.
To view entire article click here
---------------------------------------
Source: scmagazine.com
Sunday, April 15, 2007
With Updated E-Discovery Regulations, Employers Must Face New Battle
Recent amendments to the Federal Rules of Civil Procedure relating to electronically stored information raise the bar for what will be expected of e-discovery in terms of employers’ monitoring and policies. Employers will ultimately feel the brunt of these sweeping changes, with dramatic changes to the way discovery will be conducted in federal court, where most discrimination suits are filed.
With more than 80 percent of electronic documents never printed and 60 billion plus e-mail messages sent every day, e-discovery has been an important issue for some time.
However, the new amendments to the Federal Rules of Civil Procedure relating to electronically stored information (ESI)—which went into effect December 1, 2006—raise the bar for what will be expected of e-discovery in terms of employers’ monitoring and policies. Employers will ultimately feel the brunt of these sweeping changes, with dramatic changes to the way discovery will be conducted in federal court, where most discrimination suits are filed.
And, because the typical individual plaintiff in an employment lawsuit has very little ESI to preserve, search and disclose during discovery, employers face an additional burden in obtaining information under new regulations.
The key is to prepare for compliance, including setting up systems, protocols and policies. Employers will ultimately have the best position in preserving, searching and producing relevant ESI in the most efficient manner when hit with a suit.
Waiting for a lawsuit is not an option. Due to the costs of searching and producing ESI, employers will be forced to settle numerous lawsuits because the expense associated with discovery alone will make the case too steep to defend. And good plaintiffs’ lawyers know this as they prepare to use the ESI sword against employers. Companies should be formulating their strategy now.
Discovering new amendments and responsibilities
Before the new amendments, ESI was treated as a subset of documents under the Federal Rules of Civil Procedure. But the revised rules create a new category of discovery.
One of the major changes clarifies that ESI will almost always need to be produced in its electronic form. It is no longer good enough to print out hundreds of e-mails and produce them to the other side (unless your adversary agrees or the judge lets you do it). This alone is a major change and challenge.
To view entire article click here
---------------------------------------
Source: workforce.com
With more than 80 percent of electronic documents never printed and 60 billion plus e-mail messages sent every day, e-discovery has been an important issue for some time.
However, the new amendments to the Federal Rules of Civil Procedure relating to electronically stored information (ESI)—which went into effect December 1, 2006—raise the bar for what will be expected of e-discovery in terms of employers’ monitoring and policies. Employers will ultimately feel the brunt of these sweeping changes, with dramatic changes to the way discovery will be conducted in federal court, where most discrimination suits are filed.
And, because the typical individual plaintiff in an employment lawsuit has very little ESI to preserve, search and disclose during discovery, employers face an additional burden in obtaining information under new regulations.
The key is to prepare for compliance, including setting up systems, protocols and policies. Employers will ultimately have the best position in preserving, searching and producing relevant ESI in the most efficient manner when hit with a suit.
Waiting for a lawsuit is not an option. Due to the costs of searching and producing ESI, employers will be forced to settle numerous lawsuits because the expense associated with discovery alone will make the case too steep to defend. And good plaintiffs’ lawyers know this as they prepare to use the ESI sword against employers. Companies should be formulating their strategy now.
Discovering new amendments and responsibilities
Before the new amendments, ESI was treated as a subset of documents under the Federal Rules of Civil Procedure. But the revised rules create a new category of discovery.
One of the major changes clarifies that ESI will almost always need to be produced in its electronic form. It is no longer good enough to print out hundreds of e-mails and produce them to the other side (unless your adversary agrees or the judge lets you do it). This alone is a major change and challenge.
To view entire article click here
---------------------------------------
Source: workforce.com
Friday, April 13, 2007
Expert: 'Flasher' technology digs deeper for digital evidence
New cybersleuthing technology, already solving crimes in Europe, has the potential to unlock valuable information in thousands of crimes every year in the United States, says a Purdue University expert.
The "flasher boxes" provide deeper access to data -- complete extraction and examination of all the information on a wide range of cell phones. Rick Mislan, an assistant professor of computer and information technology, has integrated the flasher boxes into coursework for a digital forensics class in Purdue's College of Technology.
"The fact is that cell phones are ubiquitous in today's world, and nearly all crimes have a digital component to them," Mislan said. "To be savvy at solving these crimes, we must be one step ahead of criminals in terms of finding, retrieving and interpreting evidence they may be trying to hide in digital devices.
"To get ahead, we must think out of the box, and that is just what we've found that our European counterparts are doing."
The difference between a flasher box and methods now used to retrieve information from digital devices is that the flasher technology allows direct access to everything stored in memory, such as incoming and outgoing calls, text messages and deleted files.
"Currently, investigators are relying upon software that allows them only to issue a specific command and receive only that information," he said. "With the flasher box technology, investigators can plug the cell phone into the box and the entire contents ? including contacts, call history, and deleted images and videos ? spill out into the computer.
"Having direct access to everything that may have existed in the phone is extremely important in criminal cases."
Mislan, a former U.S. Army electronic warfare officer, said another advantage of this method is that some cell phone models don't respond to current command-based forensics methods, but the direct memory access method would eliminate most of those problems.
To view entire article click here
---------------------------------------
Source: physorg.com
The "flasher boxes" provide deeper access to data -- complete extraction and examination of all the information on a wide range of cell phones. Rick Mislan, an assistant professor of computer and information technology, has integrated the flasher boxes into coursework for a digital forensics class in Purdue's College of Technology.
"The fact is that cell phones are ubiquitous in today's world, and nearly all crimes have a digital component to them," Mislan said. "To be savvy at solving these crimes, we must be one step ahead of criminals in terms of finding, retrieving and interpreting evidence they may be trying to hide in digital devices.
"To get ahead, we must think out of the box, and that is just what we've found that our European counterparts are doing."
The difference between a flasher box and methods now used to retrieve information from digital devices is that the flasher technology allows direct access to everything stored in memory, such as incoming and outgoing calls, text messages and deleted files.
"Currently, investigators are relying upon software that allows them only to issue a specific command and receive only that information," he said. "With the flasher box technology, investigators can plug the cell phone into the box and the entire contents ? including contacts, call history, and deleted images and videos ? spill out into the computer.
"Having direct access to everything that may have existed in the phone is extremely important in criminal cases."
Mislan, a former U.S. Army electronic warfare officer, said another advantage of this method is that some cell phone models don't respond to current command-based forensics methods, but the direct memory access method would eliminate most of those problems.
To view entire article click here
---------------------------------------
Source: physorg.com
All forensics are the same
Evidence is evidence and digital forensics are not different from the more traditional kind
The point about the confusion surrounding police forces’ contracting of digital forensic analysis is not to cast aspersions on the competence of the contractors.
Nor is it even a question of there being a genuine lack of security.
The point is that it takes only the suggestion that irregular practices may be possible to derail a trial. And to proceed on any other basis is simple negligence.
The situation unearthed by Computing emphasises, yet again, the police service tendency, when faced with anything involving computers, to either ignore it completely or behave as if none of the usual rules applies.
Police forces have been contracting out forensic analysis for as long as such work has existed. Why the security of digital evidence should not fall under the same procedures as any other kind of evidence is a question with no logical answer.
Apologists for the inconsistencies may suggest that the criminal role of computers is so recent, and the digital forensics industry so young, that the mature procedures applied to traditional forensics have not yet had time to be established.
But, from the police perspective, evidence is evidence and digital forensics are no different from the more traditional kind.
Sadly, the mistaken distinction comes as little surprise.
E-crime as a whole is still often treated as a baffling novelty, even though it is growing exponentially and already costs its victims an estimated £3bn a year.
To view entire article click here
---------------------------------------
Source: computing.co.uk
The point about the confusion surrounding police forces’ contracting of digital forensic analysis is not to cast aspersions on the competence of the contractors.
Nor is it even a question of there being a genuine lack of security.
The point is that it takes only the suggestion that irregular practices may be possible to derail a trial. And to proceed on any other basis is simple negligence.
The situation unearthed by Computing emphasises, yet again, the police service tendency, when faced with anything involving computers, to either ignore it completely or behave as if none of the usual rules applies.
Police forces have been contracting out forensic analysis for as long as such work has existed. Why the security of digital evidence should not fall under the same procedures as any other kind of evidence is a question with no logical answer.
Apologists for the inconsistencies may suggest that the criminal role of computers is so recent, and the digital forensics industry so young, that the mature procedures applied to traditional forensics have not yet had time to be established.
But, from the police perspective, evidence is evidence and digital forensics are no different from the more traditional kind.
Sadly, the mistaken distinction comes as little surprise.
E-crime as a whole is still often treated as a baffling novelty, even though it is growing exponentially and already costs its victims an estimated £3bn a year.
To view entire article click here
---------------------------------------
Source: computing.co.uk
Don’t discover that you haven’t e-archived too late
When Philip Morris was sued, the judge considered the inadvertent deletion of e-mail as if it were purposeful destruction of evidence.
In a case involving Morgan Stanley, the company did not have a central repository for e-mails, and didn’t know where records were stored.
These storage problems — combined with updated federal civil litigation rules — are causing businesses more headaches and increasing the costs of complying with legal discovery rules and electronic records storage regulations.
The federal civil litigation rules mandate a conference between parties to discuss ways to deal with archived data. After the documentation needs are presented, a business is expected to disclose what information is available and where it is stored, how the files can be accessed and why any relevant data might be missing.
The rules require companies to store electronic records — including e-mails — in the event of a lawsuit. An IT technician who re-uses a back-up tape could be guilty of “virtual shredding” under the law, according to legal analysts.
Businesses must have a detailed inventory of their data assets, systems, retention policies and back-up strategies.
But the rules don’t say what should be saved — or for how long. And that leaves businesses like Morgan Stanley and Philip Morris in the lurch.
E-compliance firms are a thriving industry, and are expected to grow 30 percent annually during the next three years. One survey estimates that industry revenue will equal $2.7 billion by the end of 2007.
Despite problems with lost e-mails or lack of record back-up and storage, it’s increasingly difficult to hide information, said Mike Goess, the John J. Sullivan professor of free enterprise and chairman of the division of business in graduate programs at Regis University.
E-mails are archived in several places, and employees increasingly keep copies.
To view entire article click here
---------------------------------------
Source: BusinessJournal
In a case involving Morgan Stanley, the company did not have a central repository for e-mails, and didn’t know where records were stored.
These storage problems — combined with updated federal civil litigation rules — are causing businesses more headaches and increasing the costs of complying with legal discovery rules and electronic records storage regulations.
The federal civil litigation rules mandate a conference between parties to discuss ways to deal with archived data. After the documentation needs are presented, a business is expected to disclose what information is available and where it is stored, how the files can be accessed and why any relevant data might be missing.
The rules require companies to store electronic records — including e-mails — in the event of a lawsuit. An IT technician who re-uses a back-up tape could be guilty of “virtual shredding” under the law, according to legal analysts.
Businesses must have a detailed inventory of their data assets, systems, retention policies and back-up strategies.
But the rules don’t say what should be saved — or for how long. And that leaves businesses like Morgan Stanley and Philip Morris in the lurch.
E-compliance firms are a thriving industry, and are expected to grow 30 percent annually during the next three years. One survey estimates that industry revenue will equal $2.7 billion by the end of 2007.
Despite problems with lost e-mails or lack of record back-up and storage, it’s increasingly difficult to hide information, said Mike Goess, the John J. Sullivan professor of free enterprise and chairman of the division of business in graduate programs at Regis University.
E-mails are archived in several places, and employees increasingly keep copies.
To view entire article click here
---------------------------------------
Source: BusinessJournal
Thursday, April 12, 2007
The fine art of data destruction
The issue of what to do with the old tapes came to a head when renovation was scheduled for the building where the vault resided. "We had already moved to another backup system. So, these old tapes didn't work in our current system anyway. Now it was just old data we needed to figure out how to dispose of properly," Jones says.
Her research led her to Data Killers, a media-destruction and computer-recycling firm in Maryland that could shred tapes and hard drives securely , and provide a certificate affirming their destruction. It would even let you stay and watch the shredding process, if you wanted. Then the media's "remains" would be delivered to a smelter for melting and recycling its various metals.
With its 6,600-pound shredder, Data Killers is able to take just about any storage medium, such as the college's tapes, and turn it into particles the size of a thumbnail, owner Elizabeth Wilmot says.
Jones and a co-worker soon found themselves loading the tapes into the back of one of the college's vehicles and driving to Data Killers. After spending what Jones recalls was "a little more than an hour" watching the shredding, they were able to report back that the deed had been done.
Setting policy is the first step
Enterprises such as the College of Southern Maryland can face high stakes when they recycle, donate or throw away end-of-life IT assets.
Amid mounting legislation and a steady flow of horror stories -- about identity theft , lost tapes, stolen credit-card data, and the unintended exposure of private data after used hard drives, cell phones and PDAs are sold on eBay -- it behooves companies to protect sensitive or government-regulated personal information throughout its life cycle.
Experts maintain that, just as it is developed for data in flight and data at rest, policy should be developed for end-stage data disposal or data destruction. Randy Kahn, owner of Kahn Consulting, says data destruction and disposal can be viewed as part of a larger corporate-governance commitment to proper information management.
To view entire article click here
---------------------------------------
Source: InfoWorld
Her research led her to Data Killers, a media-destruction and computer-recycling firm in Maryland that could shred tapes and hard drives securely , and provide a certificate affirming their destruction. It would even let you stay and watch the shredding process, if you wanted. Then the media's "remains" would be delivered to a smelter for melting and recycling its various metals.
With its 6,600-pound shredder, Data Killers is able to take just about any storage medium, such as the college's tapes, and turn it into particles the size of a thumbnail, owner Elizabeth Wilmot says.
Jones and a co-worker soon found themselves loading the tapes into the back of one of the college's vehicles and driving to Data Killers. After spending what Jones recalls was "a little more than an hour" watching the shredding, they were able to report back that the deed had been done.
Setting policy is the first step
Enterprises such as the College of Southern Maryland can face high stakes when they recycle, donate or throw away end-of-life IT assets.
Amid mounting legislation and a steady flow of horror stories -- about identity theft , lost tapes, stolen credit-card data, and the unintended exposure of private data after used hard drives, cell phones and PDAs are sold on eBay -- it behooves companies to protect sensitive or government-regulated personal information throughout its life cycle.
Experts maintain that, just as it is developed for data in flight and data at rest, policy should be developed for end-stage data disposal or data destruction. Randy Kahn, owner of Kahn Consulting, says data destruction and disposal can be viewed as part of a larger corporate-governance commitment to proper information management.
To view entire article click here
---------------------------------------
Source: InfoWorld
Disclosure: How Safe Are EDD Safeguards?
The recent changes to the Federal Rules of Civil Procedure require litigants to have early discussions to address issues relating to the disclosure and production of electronically stored information (ESI). In the last several articles I have used preparing for the "meet and confer" as a model for understanding and addressing your case's e-discovery issues.
Parties at the meet and confer must address four issues: 1) mandatory disclosure of all ESI under Rule 26(a)(1)(B); 2) what will not be produced, or produced only if the requesting party bears some or all of the cost of production, because the ESI is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B); 3) the form of production under Rule 34(b); and, 4) "claw back" agreements under Rule 26(b)(5) to provide for the return of privileged documents inadvertently disclosed.
In the last several articles we have discussed in detail the steps of e-discovery production, from inventorying, preserving and gathering ESI, to culling, searching, processing and producing it as e-discovery, as part of our discussion of how to address the first three meet and confer issues. In this month's column, we will discuss the fourth issue -- guarding against inadvertent disclosure of privileged materials -- as well as some interesting questions raised by the new "undue burden or cost" analysis called for by Rule 26. Next month, we will wrap up our discussion of the new rules with a hypothetical case that will call upon us to draw on all of the legal and technical discussions in this series of articles.
'CLAW BACK' AGREEMENTS
The proliferation of computers as a means of business and personal communication and storage of information led to a problem in civil litigation: discovery production took forever. Several factors contributed to the delays, the most basic of which was that the proliferation of computers led to a vertiginous increase in the volume of data to be reviewed by counsel prior to disclosure.
To view entire article click here
---------------------------------------
Source: law.com
Parties at the meet and confer must address four issues: 1) mandatory disclosure of all ESI under Rule 26(a)(1)(B); 2) what will not be produced, or produced only if the requesting party bears some or all of the cost of production, because the ESI is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B); 3) the form of production under Rule 34(b); and, 4) "claw back" agreements under Rule 26(b)(5) to provide for the return of privileged documents inadvertently disclosed.
In the last several articles we have discussed in detail the steps of e-discovery production, from inventorying, preserving and gathering ESI, to culling, searching, processing and producing it as e-discovery, as part of our discussion of how to address the first three meet and confer issues. In this month's column, we will discuss the fourth issue -- guarding against inadvertent disclosure of privileged materials -- as well as some interesting questions raised by the new "undue burden or cost" analysis called for by Rule 26. Next month, we will wrap up our discussion of the new rules with a hypothetical case that will call upon us to draw on all of the legal and technical discussions in this series of articles.
'CLAW BACK' AGREEMENTS
The proliferation of computers as a means of business and personal communication and storage of information led to a problem in civil litigation: discovery production took forever. Several factors contributed to the delays, the most basic of which was that the proliferation of computers led to a vertiginous increase in the volume of data to be reviewed by counsel prior to disclosure.
To view entire article click here
---------------------------------------
Source: law.com
Archiving old e-mail a compliance and legal issue
Companies invest in storage, retrieval technologies
Spoliation: it's an ugly piece of legal jargon. But if you haven't put in place an e-mail archiving policy, you may learn its meaning, and it won't be pleasant.
Samsung Electronics found that out a couple of years ago when its failure to produce requested e-mails in a legal dispute with Ottawa's Mosaid Technologies Inc. led a New Jersey judge to conclude the tech giant had engaged in e-mail spoliation (or destruction) to prevent the messages' contents from hurting its case.
"The fact that no technical e-mails were preserved . . . demonstrates, at the least, extremely reckless behaviour," the judge ruled. (Samsung ended up settling the case.) Others, from Philip Morris to Morgan Stanley to a growing number of Canadian firms, have similarly learned that arguing e-mails couldn't be located in time or were automatically deleted by the server gets no more credence today than claiming the dog ate them.
"It's been clear for a long time that legal discovery obligations extend to electronic documents, not just what's in the filing cabinet," says Jennifer Dolman, a partner at Osler Hoskins & Harcourt in Toronto who advises companies on electronic document retention. "Any responsible company has to get its act together, get a retention policy in place, and get ready."
E-mail has traditionally been considered ephemeral, spontaneously created and just as spontaneously erased. Today, however, electronic documents are the lifeblood of corporate life, representing 92 per cent of all business information, according to one U.S. study. In the wake of Enron and other corporate scandals, U.S. and Canadian regulations governing financial record-keeping -- as well as rules covering individual industries -- mandate that some e-mails must be kept for a set number of years, be accessible if requested, even be randomly reviewed for compliance.
To view entire article click here
---------------------------------------
Source: theglobeandmail
Spoliation: it's an ugly piece of legal jargon. But if you haven't put in place an e-mail archiving policy, you may learn its meaning, and it won't be pleasant.
Samsung Electronics found that out a couple of years ago when its failure to produce requested e-mails in a legal dispute with Ottawa's Mosaid Technologies Inc. led a New Jersey judge to conclude the tech giant had engaged in e-mail spoliation (or destruction) to prevent the messages' contents from hurting its case.
"The fact that no technical e-mails were preserved . . . demonstrates, at the least, extremely reckless behaviour," the judge ruled. (Samsung ended up settling the case.) Others, from Philip Morris to Morgan Stanley to a growing number of Canadian firms, have similarly learned that arguing e-mails couldn't be located in time or were automatically deleted by the server gets no more credence today than claiming the dog ate them.
"It's been clear for a long time that legal discovery obligations extend to electronic documents, not just what's in the filing cabinet," says Jennifer Dolman, a partner at Osler Hoskins & Harcourt in Toronto who advises companies on electronic document retention. "Any responsible company has to get its act together, get a retention policy in place, and get ready."
E-mail has traditionally been considered ephemeral, spontaneously created and just as spontaneously erased. Today, however, electronic documents are the lifeblood of corporate life, representing 92 per cent of all business information, according to one U.S. study. In the wake of Enron and other corporate scandals, U.S. and Canadian regulations governing financial record-keeping -- as well as rules covering individual industries -- mandate that some e-mails must be kept for a set number of years, be accessible if requested, even be randomly reviewed for compliance.
To view entire article click here
---------------------------------------
Source: theglobeandmail
Microsoft, Google trade barbs on enterprise search
Microsoft and Google representatives compared each other's enterprise search products at a conference in San Francisco Wednesday.
Officials of Microsoft and Google have traded comparisons of their enterprise search products to their rival's during a technology conference in San Francisco.
To underscore that it was all in fun, lead product manager for Google's search appliance business, Nitin Mangtani, feigned throwing a punch at Jared Spataro, group product manager for Microsoft's enterprise search, as they shared a stage at the Gilbane Conference on enterprise technology issues.
Like Web surfers searching the Internet, enterprises need search engines for their own IT networks for finding important files, digital presentations, databases and other internal information.
Microsoft's Spataro said Google might be the leader in the consumer Internet search market, but that didn't necessarily translate into success in the enterprise market where more sophisticated functionality was needed. He outlined three general markets for enterprise search including entry level commodity search functions where Google was the leader. A middle market offered some additional features enterprises needed and also was scalable as a company grew. The third, high-end market delivered very sophisticated search techniques, such as those designed for e-discovery.
Spataro claimed Microsoft was better positioned than Google to serve those middle and high-end markets.
To view entire article click here
---------------------------------------
Source: ComputerWorld
Officials of Microsoft and Google have traded comparisons of their enterprise search products to their rival's during a technology conference in San Francisco.
To underscore that it was all in fun, lead product manager for Google's search appliance business, Nitin Mangtani, feigned throwing a punch at Jared Spataro, group product manager for Microsoft's enterprise search, as they shared a stage at the Gilbane Conference on enterprise technology issues.
Like Web surfers searching the Internet, enterprises need search engines for their own IT networks for finding important files, digital presentations, databases and other internal information.
Microsoft's Spataro said Google might be the leader in the consumer Internet search market, but that didn't necessarily translate into success in the enterprise market where more sophisticated functionality was needed. He outlined three general markets for enterprise search including entry level commodity search functions where Google was the leader. A middle market offered some additional features enterprises needed and also was scalable as a company grew. The third, high-end market delivered very sophisticated search techniques, such as those designed for e-discovery.
Spataro claimed Microsoft was better positioned than Google to serve those middle and high-end markets.
To view entire article click here
---------------------------------------
Source: ComputerWorld
Wednesday, April 11, 2007
Salesforce gets trendy with Web 2.0 solution
Salesforce.com's announcement that it will offer content management and content collaboration as one of its services raises some interesting questions.
For the full story of what the company is unveiling today read Salesforce.com wants to be a content management player.
In the usual hyperbole that is Salesforce.com's signature stance in its press releases and public pronouncements, Marc Benioff is quoted as saying, "Salesforce Content represents a decisive step toward our vision of managing all information on demand."
"Managing all information" is a pretty big deal.
The release goes on to say that "companies no longer need to buy bloated on-premise document management software to build applications that are based around documents and other content."
I wonder if the folks at Salesforce are aware that a lot of that bloat comes from new Federal regulations for e-discovery of documents? See a story I did on this a few months ago to learn more about it. Content management is not a trivial application. If you don't have the right system, it could cost your company millions of dollars in fines and lawsuits.
To view entire article click here
---------------------------------------
Source: InfoWorld
For the full story of what the company is unveiling today read Salesforce.com wants to be a content management player.
In the usual hyperbole that is Salesforce.com's signature stance in its press releases and public pronouncements, Marc Benioff is quoted as saying, "Salesforce Content represents a decisive step toward our vision of managing all information on demand."
"Managing all information" is a pretty big deal.
The release goes on to say that "companies no longer need to buy bloated on-premise document management software to build applications that are based around documents and other content."
I wonder if the folks at Salesforce are aware that a lot of that bloat comes from new Federal regulations for e-discovery of documents? See a story I did on this a few months ago to learn more about it. Content management is not a trivial application. If you don't have the right system, it could cost your company millions of dollars in fines and lawsuits.
To view entire article click here
---------------------------------------
Source: InfoWorld
Plaintiff's Disposal of "Crashed" Home Computer Warrants Adverse Inference Instruction
Teague v. Target Corp., 2007 WL 1041191 (W.D.N.C. Apr. 4, 2007)
In this employment litigation, defendant had asserted as an affirmative defense plaintiff’s failure to mitigate her damages. During discovery, it was revealed that plaintiff owned a home computer from December 1995 until August 2004, which plaintiff had used to conduct her entire on-line job search after leaving defendant’s employ, including researching job opportunities on the Internet, submitting on-line employment applications, and exchanging emails with prospective employers. Plaintiff also used the computer to send and receive emails regarding her termination and her claims of gender discrimination. The computer was discarded approximately one year after plaintiff had retained regarding her prospective claims and after she filed her charge of discrimination with the EEOC. Plaintiff claimed that she discarded the computer because it "crashed.” Plaintiff admitted that she never took the computer to any type of computer professional to see if it could be repaired.
As a result, the only documented evidence of plaintiff’s post-termination job search was the work search records she submitted to the North Carolina Employment security Commission ("ESC") to substantiate her claim for unemployment benefits. Plaintiff testified in her deposition that the ESC work search records were not necessarily complete, since she only recorded the two job applications she was required to make each week in order to qualify for benefits. Moreover, there were contradictions between the ESC records and plaintiff’s interrogatory answers regarding her job search.
Defendant argued that plaintiff’s complaint should be dismissed as a sanction for spoliation of evidence. The court agreed that plaintiff had committed spoliation, since she discarded the computer after she had retained counsel and filed her EEOC charge, and the computer contained evidence directly related to her lawsuit. The court declined to impose such a harsh sanction, however, noting that dismissal was generally not authorized absent bad faith conduct.
The court observed that another possible sanction would be an adverse inference instruction, and that evidence of bad faith or fraudulent conduct was not required. It described the three elements required for the instruction: (1) the party having control over the evidence had an obligation to preserve it when it was destroyed; (2) the destruction or loss was accompanied by a "culpable state of mind;" and (3) the lost evidence was relevant to the injured party’s claims or defenses. Citing Residential Funding Corp. v. Degeorge Fin. Corp., 306 F.3d 99, 107-08 (2d Cir. 2002), the court stated that a culpable state of mind “could include bad faith/knowing destruction; gross negligence; and ordinary negligence.”
The court found that each of the three elements was present:
Plaintiff clearly had an obligation to preserve her computer because it contained electronic evidence relating to her claims against Target and her efforts to mitigate her damages. As noted earlier, she had already hired counsel and filed an EEOC charge. Under the circumstances the court concludes that there is enough evidence that Plaintiff discarded the computer with a "culpable state of mind." The electronic information contained on the computer was clearly relevant to her claims and to the defenses of the Defendant. Accordingly, the court finds that an adverse inference instruction to the jury is warranted and appropriate.
To view the full decision click here
---------------------------------------
Source: eDiscoveryLaw
In this employment litigation, defendant had asserted as an affirmative defense plaintiff’s failure to mitigate her damages. During discovery, it was revealed that plaintiff owned a home computer from December 1995 until August 2004, which plaintiff had used to conduct her entire on-line job search after leaving defendant’s employ, including researching job opportunities on the Internet, submitting on-line employment applications, and exchanging emails with prospective employers. Plaintiff also used the computer to send and receive emails regarding her termination and her claims of gender discrimination. The computer was discarded approximately one year after plaintiff had retained regarding her prospective claims and after she filed her charge of discrimination with the EEOC. Plaintiff claimed that she discarded the computer because it "crashed.” Plaintiff admitted that she never took the computer to any type of computer professional to see if it could be repaired.
As a result, the only documented evidence of plaintiff’s post-termination job search was the work search records she submitted to the North Carolina Employment security Commission ("ESC") to substantiate her claim for unemployment benefits. Plaintiff testified in her deposition that the ESC work search records were not necessarily complete, since she only recorded the two job applications she was required to make each week in order to qualify for benefits. Moreover, there were contradictions between the ESC records and plaintiff’s interrogatory answers regarding her job search.
Defendant argued that plaintiff’s complaint should be dismissed as a sanction for spoliation of evidence. The court agreed that plaintiff had committed spoliation, since she discarded the computer after she had retained counsel and filed her EEOC charge, and the computer contained evidence directly related to her lawsuit. The court declined to impose such a harsh sanction, however, noting that dismissal was generally not authorized absent bad faith conduct.
The court observed that another possible sanction would be an adverse inference instruction, and that evidence of bad faith or fraudulent conduct was not required. It described the three elements required for the instruction: (1) the party having control over the evidence had an obligation to preserve it when it was destroyed; (2) the destruction or loss was accompanied by a "culpable state of mind;" and (3) the lost evidence was relevant to the injured party’s claims or defenses. Citing Residential Funding Corp. v. Degeorge Fin. Corp., 306 F.3d 99, 107-08 (2d Cir. 2002), the court stated that a culpable state of mind “could include bad faith/knowing destruction; gross negligence; and ordinary negligence.”
The court found that each of the three elements was present:
Plaintiff clearly had an obligation to preserve her computer because it contained electronic evidence relating to her claims against Target and her efforts to mitigate her damages. As noted earlier, she had already hired counsel and filed an EEOC charge. Under the circumstances the court concludes that there is enough evidence that Plaintiff discarded the computer with a "culpable state of mind." The electronic information contained on the computer was clearly relevant to her claims and to the defenses of the Defendant. Accordingly, the court finds that an adverse inference instruction to the jury is warranted and appropriate.
To view the full decision click here
---------------------------------------
Source: eDiscoveryLaw
Subscribe to:
Posts (Atom)
