Kroll Ontrack's Newly Redesigned Web Site

Visit www.krollontrack.com where you can now navigate better, faster and more efficiently to get the information you need. Our new resource library www.krollontrack.com/resources/ is one click away and includes case law summaries, publications, state e-discovery rules and statutes, additional newsletters and podcasts. Upcoming events and event materials are also available at: www.krollontrack.com/events/

	From the Bench: Court Orders Forensic Inspection of Opposing Party's Computer Systems
	The Brill Files: If You Are Going To Do Forensics, Don't Shoot Your Credibility in the Foot
	Technology You Should Know: Preservation Considerations When Forensically Collecting PDAs
	News & Events

From the Bench: Court Orders Forensic Inspection of Opposing Party's Computer Systems

Court Orders Forensic Inspection But Denies Default Judgment Sanctions
Square D. Co. v. Scott Elec. Co., 2008 WL 2779067 (W.D.Pa. July 15, 2008). In this intellectual property litigation, the parties filed cross motions for sanctions based on the execution of a previous forensic inspection of the defendant's computer systems. The plaintiff requested a forensic inspection of the defendant's remaining computer systems, the removal of imaged data from the defendants' premises, and for a default judgment sanction. The defendant requested the plaintiff be required to complete its forensic inspection on the defendant's premises, that further inspection of certain computers be prohibited, and sanctions for the plaintiff's intentional disregard for previous orders. Determining the defendant's imposition of limitations to be untimely, the court granted the plaintiff access to the defendant's computer workstations. However, the court denied the plaintiff's motion for default judgment as the defendant's conduct "falls just shy of conduct befitting default judgment, i.e., 'flagrant bad faith' and 'callous disregard'". The court ordered the defendant to bear all costs related to the forensic inspection, consistent with past orders and warned that future "baseless barriers impeding the completion of discovery will be met with sanctions" and cautioned that future discovery disputes may require the utilization of a special master with costs borne by the parties.

The Brill Files: If You Are Going To Do Forensics, Don�t Shoot Your Credibility in the Foot

Whether you are in the public or private sector, if you're involved in any way in digital or multimedia forensics or the investigation of network incidents, you may find yourself in either a courtroom or deposition situation. When that happens, two of the factors that frequently arise are your background and your credibility.

Although it doesn't happen universally (yet), there are many reports of opposing counsel taking the time to search for negative information on experts they will be deposing or cross examining. So here's the relevant question — what's out there about you?

One of the easiest places to do research is on a social network site. Do you have a page on sites like MySpace or Facebook? You're not alone if you do. Between these two sites, there are over 200,000,000 active members. And some of the pages can be very interesting. That photo of you passed out in a drunken stupor may have seemed funny at first, but how are you going to react when it's placed into evidence concerning your credibility in a case where you were called as an expert witness, along with what seemed at the time to be an equally funny note you wrote suggesting that a friend make up evidence in a matter if the facts don't support the case.

So my first suggestion is to see what's out there about you on these social network sites. Remember that if a friend posted a photo of you that you find embarrassing, you might find that the operators of the network can't do anything about it. If this happens, you should ask the person who posted it — hopefully someone you're friendly with — to remove it. At the very least, you should be able to remove your name from the photo and de-link it to your profile on the site

Second, get out there and see what a Google or Copernic search shows about you. You may not like everything that you find, but if you know about it, you and your counsel can be prepared to deal with it.

Third, set up a Google alert for your name so that if something new is put out on the web that is about you, you'll know about it.

Obviously, this is just an introduction to the subject of understanding your "public persona." Take the time to do these simple things — your professional reputation and credibility are too important to ignore.

If you would like to explore the opportunity of world-renowned forensics expert, Alan Brill, speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.

Technology You Should Know: Preservation Considerations When Forensically Collecting PDAs

Personal Digital Assistants ("PDAs") house a treasure trove of information for forensic investigators — call logs, calendars, electronic documents, text messages, e-mail, internet cache, photographs, audio, video and more. PDAs are mini-computers with micro-processors and operating systems; as with their larger counterparts, valuable information (including deleted information) can often be retrieved by computer forensic experts. However, forensic collection of PDAs presents several unique challenges that raise special considerations to ensure proper data preservation.

Power Status Considerations: PDAs and other handheld devices rely on batteries for continued operation. Turning off a PDA or allowing it to revert to "sleep" mode can alter data and also risks the possibility that password protection or data encryption measures will activate.

The National Institute of Standards and Technology ("NIST") published guidelines on PDA forensics for the purpose of "providing technical leadership." Jansen, W. & Ayers, R., Guidelines on PDA Forensics, 31, National Institute of Standards and Technology (November 2004). According to the NIST, a PDA, upon collection, should not be switched on if it is found in the "off" mode. However, if a PDA is found in the "on" mode, then the power level should be maintained; there are two primary means to accomplish this. First, you can replace the PDA's batteries. With regard to this option, the NIST cautions, "[P]ulling the batteries out and installing replacement batteries changes the state of the device; therefore, the technician should take note of the current state of the device beforehand . . .� Second, and preferably, you can charge the PDA by plugging the PDA into its cradle or power source. The cradle should be first disconnected from the computer to avoid any alteration of the PDA's data via electronic communication with the computer.

Additionally, if a forensic image is to be conducted at a lab rather than onsite, the power level should be maintained during transportation. Lastly, it may be necessary to periodically tap a blank section of the PDA's screen or take other measures to prevent a PDA from falling into "sleep" mode. If a means to maintain the PDA's power until a forensic copy is made cannot be achieved, you may want to consider powering down the PDA to prevent its battery from draining.

Wireless Considerations: The majority of PDAs today have wireless capabilities to allow Internet access. The receipt of wireless information can cause deleted information on your PDA to be overwritten; therefore, you should eliminate the wireless connection to ensure data preservation. Turning the PDA off is not the proper method to eliminate the connection for the reasons discussed above as well as for the simple fact that many PDAs can continue to receive wireless information even when turned off. Rather, the PDA should be isolated from the wireless network by placing the device in a shielded room, portable tent or container such as a radio frequency isolation bag. If you chose to use a shielded container, it should also be anti-static so the PDA is not damaged. Moreover, if a power cable goes into the container to ensure the power level remains stable, the cables must be fully shielded to effectively block the wireless network. Lastly, note that a PDA's battery life will decrease more rapidly than normal when it is isolated from a network because it is exerting extra power to search for a connection. Therefore, take extra care to ensure the device remains properly charged so as to not alter or lose data.

The bottom line is that the special nature of PDAs requires forensic investigators take special care to ensure the data they contain is properly preserved. The best practices, such as forensic imaging and chain of custody, which apply to all forensic investigations, also apply with equal strength to PDAs. Considering the valuable information contained on PDAs along with the volatile nature of the data they contain, anyone needing to obtain information contained on a PDA should retain the assistance of an experienced computer forensic expert.

Back To Top

NEWS & EVENTS

Kroll Ontrack Offers Redesigned Certification Course for 2008
The industry's legal technology thought leader has revamped its E-Discovery Certification Course for 2008 with updated topics, additional speakers, and dual track, customizable sessions to appeal to beginner, intermediate and advanced learners. The redesigned course curriculum is ideal for legal and technical professionals of all levels, including in-house counsel, law firm attorneys, litigation support professionals, paralegals and IT staff. For more information and to register, visit: http://www.krollontrack.com/certification-courses/.

Kroll Ontrack Issues Another "ESI Report" on the Legal Talk Network
Kroll Ontrack has partnered with the Legal Talk Network to discuss cutting-edge issues and judicial opinions relating to electronically stored information. Michele Lange, Director of the Legal Technologies product line for Kroll Ontrack, hosts the radio show entitled "The ESI Report." The show's segments: the Spotlight, the Buzz and Bits and Bytes Legal Analysis, concentrate on hot topics in the area of electronic discovery and give listeners a snapshot into important issues facing practitioners, including rapidly evolving case law. The upcoming edition will bring to light important issues relating to data security in the healthcare industry. Additionally, listeners will be briefed by Kroll Ontrack's legal correspondent on the important order issued in the case of Keithley v. Homestore.com, Inc. regarding spoliation sanctions. Become a part of the over 18,000 listeners to date by visiting: http://www.krollontrack.com/legal-technologies-podcasts/.

Meet our representatives at the following events:

Visit http://www.krollontrack.com/upcoming-events/ for more information on these events and others.

Back To Top

We Request Your Input

Our legal consultants, project managers and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to jshogren@krollontrack.com.

This newsletter was written by Gina Jytyla and Joni Shogren, Kroll Ontrack Staff Attorneys, with assistance from Kelly Kubacki and Meredith Socha, Kroll Ontrack Law Clerks. Ms. Shogren can be contacted by writing to jshogren@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or http://www.krollontrack.com.