Thursday, December 16, 2010

Defending the Defense of Child Pornography

The crew at Sensei Enterprises wrote an article in 2009 presenting the argument for defending those accused of child pornography-related crimes.  The article also lays out what can and can't be determined through computer forensic analysis. 

Perhaps one of the most relevant parts is on pages 5-6; they describe the mitigation that occurs between law enforcement/prosecution and the defense counsel/experts regarding the manner in which the defense will conduct its analysis.  Since law enforcement cannot simply send the evidence to the defense, as it is considered contraband, the defense must travel to the site of law enforcement in order to conduct an examination.

This process can go smoothly or be complicated by conflicting views on having to assist the defense with their case.  I've had cases where law enforcement has provided a computer and a fully-processed case for me to conduct my review on.  Even then, I still had to travel 300 miles and spend the night in order to do so.  When law enforcement is less cooperative, the costs increase considerably.

If you investigate or defend cases involving child pornography, this article is a must-read.

Friday, November 5, 2010

What is Wrong, or Right, with e-Discovery in America?

Ralph Losey recently put together a concise and balanced article presenting the good and bad of e-Discovery in America.  The article presents both sides of the argument for the status of e-Discovery with regard to education, sanctions, and technology's impact on our courts.

Wednesday, October 13, 2010

The difference between e-Discovery and Computer Forensics?

Having come down the digital forensics track, it took me a while to come to grips with the idea of e-Discovery.  I remember thinking, "So let me get this straight... A write blocker is unnecessary and data in unallocated space is not important?"  While that is not always the case with e-discovery, it is more often than in a case calling for computer forensics.

It is important to differentiate whether an engagement calls for e-discovery or forensics from the beginning in order to establish goals and pricing.  For example, forensics work is generally billed by the hour, whereas e-discovery processing is often charged by the amount of data. It is also not uncommon for a typical e-discovery case to require forensics processes after, let's say, the initial e-discovery production seems to be missing emails expected to have been produced.

Yesterday, I read a fantastically concise explanation for differentiating e-discovery and computer forensics by Bill Dean at Sword & Sheild's blog. Our communities need articles like this to help bridge the verbiage gap between attorneys, litigation support personnel, and e-discovery and computer forensics practitioners.  I highly recommend spending five minutes to take a look.

Friday, October 1, 2010

The “I was on MySpace” Alibi

In the age of social media, it is not surprising to see its increased presence in court.  Bow Tie Law's Blog has an article highlighting one such case, People v. Calderon, 2010, in which the Defendant claimed to be playing poker on MySpace during the time a crime was committed.  As I was reading, it was if Mr. Gilliland read my mind with this comment:
There is a courtroom drama waiting to erupt in a brutal cross-examination over whether someone was on Facebook on their iPhone or at home when the “Social Media” alibi is next offered. 
He continues accurately to suggest forensics would need to be done on both the home PC and the mobile device in order to find the truth.


Monday, September 20, 2010

Cybercrime Newsletter for Attorneys

I came across a fantastic resource for attorneys dealing with crybercrime or interested in technology laws.  Through a joint effort between the National Center for Justice and the Rule of Law and the National Association of Attorneys General, a well-organized and pertinent newsletter has been produced.  The newsletter describes current developments, including timely articles, legislative action, corporate initiatives, and court cases.  Since 2002, I estimate between three to six issues released each year. 
You can sign up to subscribe or just to view the articles at:
http://www.olemiss.edu/depts/ncjrl/CyberCrimeInitiative/cci_newsletter.html.  This is truly a top-shelf publication.

Wednesday, September 15, 2010

EFF Says Violating Company Policies Is Not a Computer Crime

The Electronic Frontier Foundation (EFF) urged a federal appeals court Tuesday to dismiss charges that would turn any employee use of company computers in violation of corporate policy into a federal crime.

In U.S. v. Nosal, an ex-employee is being prosecuted on the claim that he induced current company employees to use their legitimate credentials to access the company's proprietary database and provide him with information, in violation of corporate computer-use policy. The government claims that the violation of this private policy constitutes a violation of the Computer Fraud and Abuse Act (CFAA). Following a decision issued just last year by the U.S. Court of Appeals for the 9th Circuit, the District Court ruled against the government, holding that violations of corporate policy are not equivalent to violations of federal computer crime law. The government appealed to the 9th Circuit.

Read the full article here.

Friday, August 27, 2010

Computer Forensics and Personal Computers in Business Cases

Sharon D. Nelson at Ride The Lightning responds and adds her comments regarding personal computers being brought into business cases.  She is responding to a very thorough discussion of Genworth Fin. Wealth Mgmt. v. McMullan (2010 U.S. Dist. LEXIS 53145 (18-19) (D. Conn. June 1, 2010) at the Bow Tie Law's Blog, in an article titled "How to Get a Judge to Overcome the Guilt of Ordering the Forensic Examination of a Personal Computer." This is becoming more of a hot topic, as more workers I encounter are technologically connected to their workplace.  Both articles are must-reads and should be bookmarked for the archives.

Wednesday, August 11, 2010

It Is Necessary to Have Proper Legal Authority to Conduct a Forensic Examination of Cell Phones

DFI News has a three paragraph excerpt from Don L. Lewis' article, Examining Cellular Phones and Handheld Devices.  The excerpt and the full article present, amongst other more technical items, case law and discussion regarding the legal authority of searching and conducting a forensic examination of cell phones and handheld devices.  With the exception of the man whose car I jump-started this week, just about everyone else I know over the age of twelve carries at least one smartphone or wireless handheld device (such as an iPod, iPad, PDA, etc).  Chances are that whether you are prosecuting, defending, or involved in commercial litigation, it is important to make sure examination of these devices is handled properly.
Article Link:  It Is Necessary to Have Proper Legal Authority to Conduct a Forensic Examination of Cell Phones

Wednesday, July 28, 2010

Facebook can make or break your case

Facebook and other social networking sites are continuing to produce evidence, so it would be wise to be ahead of the curve on this front, as an attorney or business leader. Eric B. Meyer at The Legal Intelligencer Blog put together one of the most informative articles I've seen on this topic.  You'll find several links worth bookmarking, including a list of internet service provider mailing addresses for service of subpoenas and a link to a recent case in which a federal court permitted an employer to obtain discovery of an employee's social networking activity that, through privacy settings, the employee had made "private" and not available to the general public.
Article Link: How Facebook Can Make or Break Your Case

Saturday, July 24, 2010

Supreme Court rejects appeal in child pornography case.

Earlier this year, The Christian Science Monitor reported on the The Supreme Court's rejection of an appeal to overturn a conviction for producing child pornography. The defendant argued that the images – of children's faces morphed on adults – did not involve sexual activity by minors and so were protected by the First Amendment. The prevalence of child pornography cases should continue to send more cases to the Supreme Court, and The Court will continue to clarify the technicalities that arise.

Article Link: Supreme Court rejects appeal in child pornography case

Dr. Bob DeYoung, my partner at Forensic Recovery, authored a paper that discusses "virtual" vs. "reality" with regard to child pornography. While the article is focused on the technical and forensic aspects of virtual or altered images, Dr. DeYoung stresses the need for the courts to define what is virtual and what is real. The article cited above from The Christian Monitor is one of such cases.

Article Link: Virtual - Reality: A Preliminary Forensic Assessment Relating to Child Pornography in the Prosecutorial/Defense Effort

The most recent story involving child pornography will be closely followed. The Boston Globe reported yesterday on a recent federal investigation which identified several dozen Pentagon officials and contractors who allegedly purchased and downloaded child pornography. Many of the accused maintained high-level security clearances.


Article Link: Pentagon workers tied to child porn.

Tuesday, July 20, 2010

Internet luring case in Canada finds 19-year-old man guilty

CBC News reported the guilty verdict of a 19-year-old man in Canada convicted of Internet luring involving a teenager.  This case went to the Supreme Court of Canada on the matter of whether the accused has to intend to meet the victim in order to be found guilty; the Court decided that the accused only has to make a meeting possible.

Article Link:  New Brunswick man guilty of internet luring

The Vancouver Sun reported on the Supreme Court's decision in May 2010, prior to the final ruling on the case.  This article looks a little closer at the considerations of the Court and the law that was the crux of consideration.

Article Link:  P.E.I. cyber-sex case to test Internet luring law (Vancouver Sun)

Wednesday, July 14, 2010

What Can Happen When Lawyers Delegate Their e-Discovery Duties to a Client

The e-Discovery Team blog discusses a recent bankruptcy case in which the e-discovery duties are over-delegated to their client, bringing up issues of spoliation and sanctions. 

Article Link: What Can Happen When Lawyers Delegate Their e-Discovery Duties to a Client

Tuesday, July 13, 2010

The Attorney/Forensic Examiner Language Barrier

I have spent much of my life explaining technical issues to less tech-savvy people, so I know first-hand how important it is.  As with most specializations, the mentality and language is simply different than how most people think and speak.  I know when I put on my general ledger thinking cap, the word debit has a different meaning than it does to most debit-card using consumers.  This article at the ExForensics blog explains and helps clarify some of the verbiage that is often misunderstood when a computer forensics type communicates with a member of the attorney or e-discovery party.  I highly recommend this article for both attorneys and computer forensics people.  At the very least, you need to know that some words (i.e. "copy") need clarification.

Article Link: Attorneys are from Mars, Computer Forensics People are from Pluto

Ethics Regarding Lawyers Gathering Evidence From Social Networking Sites

This article at the Ride The Lightning blog presents some considerations regarding the methods and issues relating to attorneys gathering evidence from social networking sites, specifically Facebook.  Sharon comments from the Divorce/Family Law perspective about the ethical predicament lawyers could be faced with if their retrieval methods walk the line.

Article Link: No, No, You Can't Do That: Lawyers Surreptitiously Friending on Facebook

E-discovery Implications of Social Networking

Sharon D. Nelson, Esq., of the Ride The Lightning blog, discusses the risk management issues and smoking guns that can be associated with social networking sites such as Facebook, Myspace and Foursquare.  The article points out that many employees are shifting their social media interactions to personal cellphones in order to circumvent restrictions found on company-provided equipment and networks.

Article Link: Facebook More Popular Than Google: E-discovery Implications

Three Keys to e-Discovery

Ralph Losey is a lawyer, writer and educator based in Central Florida.  He is an adjunct professor of law at the University of Florida.  This article describes his three keys to successful e-discovery, each of which involve fundamental changes to the way most lawyers practice. 

Article Link: One Minute Summary of My Three Keys to e-Discovery

Monday, July 12, 2010

Documenting both child and porn can delay cases

Gordon Dritschilo wrote an article that touches on some of the main issues law enforcement faces when investigating child pornography, including age determination, unintended downloads, file verification and backlogs.  The article was later discussed on the Cyberspeak podcast on April 4th, 2010.

Article Link: Documenting both child and porn can delay cases

What is the meaning of this?

With only 24 hours in a day and plenty of responsibilities, most new projects have a reason for being started; nd this blog is no exception.

I find myself engulfed in a ever-increasing catalog of fantastic blogs, podcasts, listservs and discussion forums serving up content about digital forensics, e-discovery, law, computer security, and incident response.  Much of it is incredibly technical (some even over my head), and other material would be considered common knowledge amongst my peers.  But, every so often I read an article that falls right down the middle.

This recurring thought has transpired into this blog.  Its primary purpose is to act as a liaison to the digital forensics world I live in, filtering content that fit the perspectives of clients, friends, colleagues and others who might be just outside the scope of it all.  I anticipate that audience to be attorneys, CTOs, security analysts, computer science and law students, technology enthusiasts, and anyone else curious.

I also hope to provide a launchpad for those helplessly becoming as entranced as I am with the issues and personalities on the forefront of these fields.  If this you, help yourself to the Blog List.  But beware -- there is no turning back.

Thanks for stopping by.
Aaron