FROM THE BENCH: JUDGE DENIES SUMMARY JUDGMENT MOTION IN LIGHT OF CONFLICTING COMPUTER FORENSIC EXPERT TESTIMONY
	THE BRILL FILES: CRACKING DOWN ON KEYLOGGING CATASTROPHIES
	TECHNOLOGY YOU SHOULD KNOW: SUCCESSFUL DATA MANAGEMENT STRATEGIES CAN HELP DEFEAT DATA HACKING
	KROLL ONTRACK NEWS & EVENTS

FROM THE BENCH: JUDGE DENIES SUMMARY JUDGMENT MOTION IN LIGHT OF CONFLICTING COMPUTER FORENSIC EXPERT TESTIMONY

Fowler v. Bell Helicopter Textron, Inc., 2005 WL 548076 (N.D.Tex. Mar. 9, 2005). The plaintiff filed suit against the defendant claiming copyright infringement, breach of contract, and trade secret theft. The plaintiff claimed he wrote a computer software program prior to his employment with the defendant and was promised compensation for the program by the defendant. The defendant failed to pay and developed a similar program after the plaintiff terminated his employment. The defendant claimed the plaintiff wrote the program during his employment, counterclaimed with similar allegations, and sought a declaratory judgment and partial summary judgment. Contending summary judgment was inappropriate, the plaintiff argued that date and time stamps on floppy discs containing the code proved he created the program prior to working for the defendant. The plaintiff presented a computer forensic expert’s affidavit that indicated it would have been an “enormous task” to change the date and time stamps associated with the files on the floppy discs. The defendant offered an opinion by another expert who stated it would be “relatively easy to doctor the time and date stamps on the floppy discs containing [the plaintiff's] original code.” Declining to grant the defendant’s motion for summary judgment, the court found a genuine issue of material fact existed and declared, “[a]ny determination as to which expert to believe…belongs to the jury.”

THE BRILL FILES: CRACKING DOWN ON KEYLOGGING CATASTROPHIES

*** Written by Alan Brill, Senior Managing Director for Kroll Ontrack, The Brill Files reflects his work in the field with clients who have encountered some not-so-pleasant events and what was done to remedy the situation. With more than 25 years of consulting experience, Mr. Brill has assisted organizations with a wide range of technology security issues and is an internationally recognized speaker and instructor. ***

In a recent Kroll Ontrack case, a large insurance company called on our team to investigate suspicions of computer hacking. Passwords, client account information, and other confidential data had been tampered with, and the company could not figure out how the data was being stolen. Upon investigation, our team discovered an individual had planted a “keylogger” on several computers in order to pilfer confidential data from the insurance company. After discovering the keylogger, we removed it, effectively preventing the hacker from obtaining further confidential information.

Keyloggers are hardware devices or software programs that run in the background and record every keystroke a user makes while typing on a computer. After logging the keystrokes, the keylogger hides the data in the machine for later retrieval or ships the information to the computer hacker. The hacker then sifts through the information searching for confidential data – usually login names, passwords, security questions, confidential customer information, online bank accounts, or secure Web sites. However, unscrupulous individuals are not the only ones using keystroke logging software. Corporations may also use them to monitor employees. In other cases, individuals may use them to monitor Web sites their spouses or children are surfing.

Keyloggers come in both hardware and software formats. Hardware keyloggers plug into a PC port and record everything done on a computer while the keylogger is attached to the computer. Software keyloggers, on the other hand, infect the computer from the inside and can be more difficult to detect. For instance, computers infected with spyware may show up with unwanted keyloggers. Even some computer viruses – such as Mydoom and Gaobot – have built-in keylogging programs, allowing them to gather personal information from infected operating systems.

Regardless of whether an individual has used keylogging hardware or software to obtain confidential data, you must be aware of how to handle unwanted keylogging activity. Once a hacker has stolen data, it can be difficult – if not impossible – to undo the damage they may have caused by releasing the information. Below are some tips on how to prevent and manage unauthorized keylogging.

• Maintain corporate security systems. Most corporate security systems, gateways or firewalls will be able to thwart data theft attempts from keyloggers hidden in spyware or viruses. Ensuring these security systems are up-to-date is crucial.
• Consider alternate keylogging formats. Rather than capture individual keystrokes, some keyloggers capture entire screens. Not all keylogging detection products are able to discover these keyloggers.
• Search for hidden keyloggers. Keyloggers may hide data on a network in remote places (i.e. printer spools) making the heisted information difficult to uncover. Thoroughly searching for keyloggers will ensure they are detected and your operating system is protected. If a cursory inspection does not yield any results, you may need to perform a more complete examination of the operating system. Some software keyloggers can hide themselves from every Windows operating system, making their use undetectable.

Most importantly, act quickly! As soon as you suspect an individual has installed a keylogger on your operating system without authorization, you must find it and have it removed immediately. If necessary, contact an expert who can help detect and remove difficult-to-uncover keylogging software or viruses.

*** If you would like to explore the opportunity of Alan Brill speaking at a conference you are supporting or organizing, please contact Michele Lange at (952) 906-4927 or at mlange@krollontrack.com. ***

TECHNOLOGY YOU SHOULD KNOW: SUCCESSFUL DATA MANAGEMENT STRATEGIES CAN HELP DEFEAT DATA HACKING

*** As technology continues to play a larger role in litigation and internal company investigations, lawyers and investigators are expected to understand the inner workings of computers and how they relate to any computer conduct at issue. ***

From Paris Hilton’s cell phone to the massive Bank of America data theft, recent news has been full of stories uncovering computer hacking into personal, proprietary and financial data. Stolen data certainly is not a novel concept, and computer forensic experts are frequently called on to investigate these incidents and find out what happened and who was involved.

Of course, there is no such thing as 100% incident prevention. Incidents occur and will continue to happen. However, an organization can take steps to mitigate the risks of certain types of incidents as well as damages stemming from an incident. Failing to examine and mitigate these risks can expose companies to bad publicity, increased regulation, and even costly litigation.

Sensitive data – the kind that is a ripe target for data theft – typically fits into one of several categories:

• Unnecessary Data. When is the last time your company checked each and every data field relating to customers, transactions, employees, and processes to determine if it was necessary? Storing unnecessary data results in spending money needlessly as well as creating a risk that the unneeded data might be stolen or misused. Given the risks a company faces today relating to data loss, it is important to sort through data warehouses and determine if a good reason for storing the data exists.
• Data that was needed, but should never be stored. Many on-line retailers that accept credit cards ask the customer for the “Card Verification Value” (the three or four digit code printed on the signature strip of a Visa or MasterCard, or the 4-digit number printed on the front of an American Express card). These security codes verify that the person making the transaction actually has the card and not just the account number. Once the transaction is validated, the vendor no longer needs the code and storing it only provides a thief with the ability to be a more effective crook. Companies should check their file structures to see if they contain anything that was needed during a transaction but is no longer necessary.
• Data that was needed, but has outlived its usefulness. Data that has outlived its usefulness presents a potential liability for companies. After the defined useful life of data has expired, ensure it is deleted in a way that precludes its recovery. This includes information stored on off-site backup media.
• Data that is needed, but should be encrypted. Encryption technology is readily available and it is not difficult to implement software that ensures sensitive data elements are stored in a strongly encrypted form. While some data must be stored in a retrievable format, other data can be stored in a form that can be validated but not necessarily retrieved in its original form. For example, a credit card number should always be stored in an encrypted format, using an encryption technology that permits retrieval when needed.

While focusing on storage technology, speed, transfer rates, and storage network architecture is important, an IT department must also consider data storage practices. Examining when it is appropriate to store data, whether it is being stored for an appropriate period, and whether it is being stored in a sufficiently secure fashion is just as important. Doing so can reduce the risk, aggravation, expense, and negative publicity that occurs when data is compromised.

KROLL ONTRACK NEWS & EVENTS

Kroll Ontrack Honors Thought Leaders in Electronic Discovery

On March 17, 2005, Kroll Ontrack honored top legal professionals and law firms with its annual Electronic Evidence Thought Leadership Awards. The 2005 awards marked the third consecutive year Kroll Ontrack has recognized law firms, litigators, practice support professionals and scholars who have shown excellence and leadership in the field of electronic discovery and computer forensics. Recipients of the 2005 Electronic Evidence Thought Leadership Awards include:

• Thought Leading Law Firm: Wilmer Cutler Pickering Hale and Dorr LLP (Boston, Mass.)
  
• Thought Leading Litigator: Jeffrey D. Brown, Esq., Principal, Wright, Robinson, Osthimer & Tatum (Richmond, Va.)
  
• Thought Leading Antitrust Practitioner: Jeane Thomas, Esq., Partner, Crowell & Morning (Washington, D.C.)
  
• Thought Leading Litigation Support: Michael Bawden, Litigation Support Manager, Sidley, Austin, Brown & Wood LLP (Chicago, Ill.)
  
• Thought Leading Scholar: The Hon. Richard E. Best (ret.), private judge and discovery referee (San Francisco, Calif.)
  
• Thought Leading Electronic Discovery Case of the Year: Toshiba Am. Elec. Components, Inc. v. The Superior Court of Santa Clara County, 21 Cal. Rptr. 3d. 532 (Cal. Ct. App. 2004)
  
• Thought Leading Computer Forensic Case of the Year: LeJeune v. Coin Acceptors, Inc., 2004 849 A.2d 451 (Md. 2004)

Meet Kroll Ontrack Representatives at the Following Events:

Visit http://www.krollontrack.com/upcomingevents/ for more information on these events and others.

KROLL ONTRACK REQUESTS YOUR INPUT

Our legal consultants, project managers, and technology experts strive to stay on top of electronic discovery law. If you are aware of any additional local court rulings or new cases in this area of the law, please contact us by writing to mlange@krollontrack.com.

This newsletter is written by Michele C.S. Lange, staff attorney with Kroll Ontrack, with assistance from Charity J. Delich, a Kroll Ontrack law clerk. Ms. Lange has published numerous articles and speaks regularly on the topics of electronic discovery, computer forensics, and technology's role in the law. She can be contacted by writing to mlange@krollontrack.com.

For more information about electronic discovery and computer forensics services, contact Kroll Ontrack at 1-800-347-6105 or http://www.krollontrack.com/.