Monday, August 15, 2011

Understanding e-Discovery Data Types and Collection Costs

About two years ago, I discovered this article on the different types of electronic discovery & forensic collections and associated costs.  I recently referred a client to this article and wanted to share it with those who may not have come across it.  Corporate Technology Counsel for Fios, Mary Mack, is the author of the book, A Process of Illumination: The Practical Guide to Electronic Discovery."  This excerpt from her book was posted at the FindLaw blog.  Great read that puts into perspective the different types of collections, and it also clarified some of the jargon used among e-discovery and forensics professionals.

Read More

Wednesday, July 20, 2011

‘Nuff Said on Imagining a Laptop

The Bow Tie Law blog blogged about a case involving the issue of self-collection (and targeted collection) vs. the complete forensic imaging of a laptop.  In this concise article, many very relevant issues are touched including naming a few targeted collection tools.  This is a great read for attorneys and forensics guys, especially ones who believe that a complete forensic image is the only way.


Wednesday, June 1, 2011

More breach consideration regarding law firms

The Ride the Lightning blog poses a thoughtful, and hopefully introspective, question:  Does a leaked email from HBGary suggest that a large law firm sustained a breach itself?  You can view the article here and see the email that Sharon refers to.  Come to your own conclusions and think about how your firm might deal with this type of situation.

Monday, May 23, 2011

Meet and Confer - Getting it Right

The May edition of the Digital Detectives podcast discusses the practical way to dealing with the events associated with the Meet and Confer.  Texas attorney, David Chaumette helps answer a lot of questions regarding what is expected of attorneys from the litigation hold to the production of ESI.

As a bonus prize, here is a link to one of Craig Ball's resources on the Meet and Confer, including a list of 50 questions which could be considered.  I had the pleasure of speaking with Craig during my recent trip to the Computer Enterprise and Investigations Conference in Orlando, Florida.  If you have a week to blow off, you can explore the other resources at

Wednesday, April 27, 2011

Judge in British High Court ordered police to pay for false child pornography charges

The Register reported on a Judge's ruling in the Britain's High Court in which the defendant "was awarded damages for malicious prosecution and misfeasance in public office."  The Hertfordshire Constabulary discovered 10 thumbnail images depicting child pornography, in a computer's temporary Internet files folder. The Court's opinion was influenced once it found out that the arresting officer had been told by a computer forensics expert that the images were insufficient to charge. 
I came across the article at DFINews, where another summary of the story can be found.

The Five Hottest Topics in E-Discovery

Once again, the latest Digital Detectives podcast left me charged up and on the edge of my seat.  Sharon and John were joined by California attorney and author of the Bow Tie Blog, Josh Gilliland, to discuss some of the hot topics in E-Discovery.  While those heavily involved in E-Discovery may find the dialog to be the standard chatter among the listservs, forums and conferences, the forensic examiner and small-to-midsized law firms can particularly benefit from listening.

Two of the topics I was most interested in were: the mention of several affordable desktop review platforms for sole practitioner or small law firms; and the talk about third-party subpoenas to ISPs (Yahoo, Google) and the stringent protections of the SCA.

Once again, Bravo! to all participants.

Monday, April 11, 2011

Law Firms Under Seige

From, Kelly Jackson Higgins presents the case that law firms are increasingly targeted for digital attacks.  Why so?  Mergers, bankruptcies, trade secrets, criminal defense of prominent figureheads or celebrities, intellectual property... these are all some of the first reasons that pop into my head.  Think, for a minute, about the types of data which might be housed on law firms' servers.  This article gives a laundry list of reasons and examples, particularly mentioning the APT (or Advance Persistent Threat).  Higgins continues to showcase examples of technical reasons why many law firms are targeted, including a soft security culture.  Not surprisingly, most companies/persons make security a priority once they've had an incident.  Good read.

Click here for the full article.

Wednesday, March 30, 2011

E-Discovery Holds Strategies for Criminal Defense

Warren Kruse (@warren_kruse) tweeted a link to an article which should be of particular interest to criminal defense attorneys. The / New York Law Journal article is subtitled, "Clarifying the government's obligations for the preservation and production of ESI," and it comments on the recent decisions in United States v. Suarez.  Below is an excerpt from the article that might draw your attention:

Although only the Suarez jury will know the impact of the adverse inference instruction, the October 2010 acquittal of Suarez of all the charges, and his co-defendant of some, may indicate that it was quite significant. Notably, Suarez was the first acquittal on federal corruption charges in New Jersey in over a decade. Suarez may signal that civil retention and preservation obligations apply in the criminal context.
Click here to read full article.

Tuesday, March 29, 2011

Digital Detectives Podcast - Subscribe Now!

I cannot express enough how pleased I am with the Digital Detectives Podcast, hosted by John and Sharon of Sensei Enterprises. Listening as a digital forensics professional, I find myself thinking about the insight my clients could gain by listening. The show surfs the barrel of the proverbial e-Discovery wave, speaking with many of the most well-known experts about real and current issues involving electronic discovery and computer forensics. Whether an attorney, e-Discovery or forensics professional, or CEO/CTO/CIO of a corporation, this is a great investment of your time. The knowledge gained from these discussions can help you or your clients save time and money.

Since the majority of our readership is law firms, I want to present two episodes I found to be particularly relevant to you:

The Deplorable State of Law Firm Security

Current Issues in Computer Forensics

Friday, March 25, 2011

Virginia Law Signed Exempting Computer Forensics from Private Investigator Licensing

Bravo! to Sharon Nelson and company for getting this bill off the ground. This is HUGE for the forensics community, as several states have been requiring computer forensics professionals to obtain (an often impossible) Private Investigator's license to operate.

Summary of the bill as introduced: "Computer and digital forensic services; exempt from regulation as a private security service business. Exempts from regulation as a private security service business any individual engaged in (i) computer or digital forensic services or in the acquisition, review, or analysis of digital or computer-based information, whether for purposes of obtaining or furnishing information for evidentiary or other purposes or for providing expert testimony before a court, or (ii) network or system vulnerability testing, including network scans and risk assessment and analysis of computers connected to a network."

Thursday, March 24, 2011

Integrating Forensic Investigation Methodology into eDiscovery

I just came across a fantastic paper by Colin Chisholm and Jeff Groman, submitted as a GIAC Gold Certification paper to the SANS Institute in January 2010. As the title, Integrating Forensic Investigation Methodology into eDiscovery, would suggest, it lays out the implementation of forensic methodology to the eDiscovery process (limited to the Collection & Preservation phases of the EDRM). This paper is a great read for the three camps: Forensicators operating in the eDiscovery space, members of the legal community, and eDiscovery professionals who would benefit from some more insight into the mentality of traditional forensic investigators. It is extremely helpful for members of each group to understand the terminology, methodology, and (most importantly) the basis of thought of each of the other counterparts. This paper does a stellar job at bridging that gap.

Wednesday, February 23, 2011

Kevin Rippa talks about law enforcement's handling of child pornograhy cases

Kevin Ripa, a forensics expert with Computer Evidence Recovery in Canada, was interviewed in November on the CyberJungle Radio podcast, episode 188. He very eloquently gave his perspective on how law enforcement handles child pornography (CP) cases. One of the show's co-hosts, Ira Victor, was nice enough to host the 10-minute clip of Mr. Ripa's interview here, in case you do not with to hear the entire CyberJungle show.

CEIC 2011 in Orlando - Get your CPE/CLEs in e-Discovery

Attention forensic examiners, security professionals, e-Discovery personnel and attorneys: CEIC 2011 in Orlando is getting closer!! The agenda was posted yesterday, and it looks great. Since much of the CF Informer audience are attorneys, I wanted to reinforce that you can pickup some great understanding of e-Discovery practices/software/case law/procedures/etc while collecting CPE/CLEs*. Guidance Software puts on a great event and is significantly less expensive than other 3-day conferences. Use discount code Cginesi2011 for $100 off. Email me if you're attending so I can say hello.

Conference website:

*NOTE: make sure to check with Guidance to determine which courses are applicable to receive credits

Tuesday, January 18, 2011

Supreme Court of California holds that warrantless search of text messages is valid.

Filed on 1/3/2011, the Supreme Court of California held that a warrantless search of a cellphone is valid as being incident to a lawful arrest.  While the case did not discuss the type of phone, I began thinking about the type of data stored on my cellphone.  In a broad respect, I imagined an officer searching a smartphone (iPhone or Android-based phone).  What website passwords are stored?  Could a law enforcement officer read emails which had been previously unread by the suspect simply because the had authority to search the phone?  What about applications which may have used GPS-technology to track where the suspect had been?  Facebook? Foursquare? Dropbox?Apparently, Judge Werdegar has similar concerns.  His dissenting opinion, on page 24, expresses great concern over the applicability to such smartphones.  I would not be surprised if a case addresses these issues in the not-too-distant future.

Thursday, December 16, 2010

Defending the Defense of Child Pornography

The crew at Sensei Enterprises wrote an article in 2009 presenting the argument for defending those accused of child pornography-related crimes.  The article also lays out what can and can't be determined through computer forensic analysis. 

Perhaps one of the most relevant parts is on pages 5-6; they describe the mitigation that occurs between law enforcement/prosecution and the defense counsel/experts regarding the manner in which the defense will conduct its analysis.  Since law enforcement cannot simply send the evidence to the defense, as it is considered contraband, the defense must travel to the site of law enforcement in order to conduct an examination.

This process can go smoothly or be complicated by conflicting views on having to assist the defense with their case.  I've had cases where law enforcement has provided a computer and a fully-processed case for me to conduct my review on.  Even then, I still had to travel 300 miles and spend the night in order to do so.  When law enforcement is less cooperative, the costs increase considerably.

If you investigate or defend cases involving child pornography, this article is a must-read.

Friday, November 5, 2010

What is Wrong, or Right, with e-Discovery in America?

Ralph Losey recently put together a concise and balanced article presenting the good and bad of e-Discovery in America.  The article presents both sides of the argument for the status of e-Discovery with regard to education, sanctions, and technology's impact on our courts.

Wednesday, October 13, 2010

The difference between e-Discovery and Computer Forensics?

Having come down the digital forensics track, it took me a while to come to grips with the idea of e-Discovery.  I remember thinking, "So let me get this straight... A write blocker is unnecessary and data in unallocated space is not important?"  While that is not always the case with e-discovery, it is more often than in a case calling for computer forensics.

It is important to differentiate whether an engagement calls for e-discovery or forensics from the beginning in order to establish goals and pricing.  For example, forensics work is generally billed by the hour, whereas e-discovery processing is often charged by the amount of data. It is also not uncommon for a typical e-discovery case to require forensics processes after, let's say, the initial e-discovery production seems to be missing emails expected to have been produced.

Yesterday, I read a fantastically concise explanation for differentiating e-discovery and computer forensics by Bill Dean at Sword & Sheild's blog. Our communities need articles like this to help bridge the verbiage gap between attorneys, litigation support personnel, and e-discovery and computer forensics practitioners.  I highly recommend spending five minutes to take a look.

Friday, October 1, 2010

The “I was on MySpace” Alibi

In the age of social media, it is not surprising to see its increased presence in court.  Bow Tie Law's Blog has an article highlighting one such case, People v. Calderon, 2010, in which the Defendant claimed to be playing poker on MySpace during the time a crime was committed.  As I was reading, it was if Mr. Gilliland read my mind with this comment:
There is a courtroom drama waiting to erupt in a brutal cross-examination over whether someone was on Facebook on their iPhone or at home when the “Social Media” alibi is next offered. 
He continues accurately to suggest forensics would need to be done on both the home PC and the mobile device in order to find the truth.

Monday, September 20, 2010

Cybercrime Newsletter for Attorneys

I came across a fantastic resource for attorneys dealing with crybercrime or interested in technology laws.  Through a joint effort between the National Center for Justice and the Rule of Law and the National Association of Attorneys General, a well-organized and pertinent newsletter has been produced.  The newsletter describes current developments, including timely articles, legislative action, corporate initiatives, and court cases.  Since 2002, I estimate between three to six issues released each year. 
You can sign up to subscribe or just to view the articles at:  This is truly a top-shelf publication.