 |
In This Issue:
 From the Bench: Courts Determine Sufficiency of Computer Forensics Evidence
Court Rejects Argument that a Missing E-Mail is Proof of Non-Receipt
Am. Boat Co., Inc. v. Unknown Sunken Barge, 2008 WL 1821599 (E.D.Mo. April 22, 2008). In this negligence action, the plaintiffs moved to reopen the time to file an appeal claiming the plaintiffs’ attorney did not receive the electronic notice of the court order. The defendants’ computer forensic expert imaged the computer hard drive belonging to the plaintiffs’ counsel and found no evidence the notice had ever been on the computer system. Based on his investigation, the expert opined the notice was successfully sent, but was removed from the server after the attorney’s secretary accessed the e-mail from a remote computer using the internet Post Office Protocol. The court found that proof an e-mail is not in a recipient’s possession is insufficient to rebut the presumption that a generally reliable, properly dispatched e-mail reached its intended recipient.
Court Issues Forensics Protocol for Hard Drive Examination
Ferron v. Search Cactus, L.L.C., 2008 WL 1902499 (S.D.Ohio April 28, 2008). In this case involving an alleged violation under the Ohio Consumer Sales Practices Act, the court ordered a protocol for viewing the information contained on the plaintiff’s home and office computers. In considering the protocol, the court identified three categories of information contained on the plaintiff’s hard drives: confidential personal information, attorney-client privileged information, and information relating to e-mail and website advertisements. The court ordered the plaintiff’s computer forensic expert to mirror image the hard drives, removing information deemed personal and confidential that could not lead to the discovery of relevant information. Additionally, the court ordered the defendant’s computer forensic expert to meet with the plaintiff to identify for deletion information that is irrelevant and create a privilege log of any relevant information which is privileged. Finally, the court ordered both parties to share the costs associated with their chosen computer forensic expert.
Computer Forensic Evidence Insufficient to Grant Preliminary Injunction
Maxpower Corp. v. Abraham, 2008 WL 1925138 (W.D.Wis. April 29, 2008). In this litigation against former employees, the plaintiffs sought a preliminary injunction requiring the defendants to return information allegedly deleted from the plaintiffs’ servers, in addition to spoliation sanctions. The plaintiffs’ computer forensic expert examined the defendants’ laptops, finding evidence of hard drive wiping software and of “text strings” referring to information about outdated products. The defendants argued the deletions of information from their laptops were done for maintenance purposes and complied with company policy. Finding the plaintiffs’ computer forensic evidence insufficient and ambiguous, the court denied the motion for preliminary injunctive relief. Additionally, the court denied the plaintiffs’ motion for sanctions finding insufficient evidence to support the argument that wiping the hard drive constituted deliberate spoliation.
The Brill Files: Just Because You Install the Software Does Not Mean You Are Secure
On a recent computer forensics engagement, we ran into an interesting question that reminded me of an important technology truism. The security of systems is not simply a matter of having the right technology – it requires the active cooperation of the user as well.
The question involved the security of a laptop computer that had been stolen. The company had installed a “full-disk encryption package” and assumed that everything on the machine – stolen while the employee was traveling -- was secure. We determined that the employee had not shut down the computer before beginning travel. Instead, he simply shut the lid of the machine, which put it into “sleep mode.” We looked at the documentation of the security software, and the particular package only invoked absolute protection when the computer was turned off completely. Fortunately, we also determined that the laptop was set to force the user to log-on after it awoke from sleep mode, so the thief could not simply open the machine and use it. The user also informed us that the password was not easy to guess and included upper and lower-case letters, numbers and symbols.
How often do users assume that because their machine has encryption software installed they do not have to do anything specific to protect it? All too often, I am afraid. It is absolutely vital that users be told exactly what they need to do to make sure their machine is secure. The level of machine security is different if a user shuts it down (as opposed to just closing the cover), and a user needs to know that.
Incorrectly assuming that a laptop’s security is in place and operating can lead to disastrous outcomes. For example, one might assume that a security system makes missing data more secure than it actually is. Another potential disaster could occur if one falsely assumes their controls – including Sarbanes Oxley-related controls for U.S. companies – are operating as intended.
We recommend that your security awareness program take into account the actions that your end-users need to take to maximize the effectiveness of your portable computer encryption software.
If you would like to explore the opportunity of world-renown forensics expert, Alan Brill, speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.
Technology You Should Know: Data Encryption – Advantages & Risks
Encrypting your data may have powerful benefits, but it can also be potentially disastrous. For this reason, it is important to understand the advantages and risks to the various encryption techniques to ensure you are fully protected.
Encryption scrambles the data, rendering it inaccessible without a password. A variety of techniques may be utilized to encrypt data – each containing advantages and risks. Techniques include: file encryption, full disk encryption, virtual disk encryption, database encryption and archive tape/virtual tape encryption.
- File Encryption – File encryption provides granular security and is best used for smaller file sharing needs. The downside is that file encryption falls outside the realm of IT administration and most organization’s security policies.
- Full Disk Encryption – Full disk encryption, unlike file encryption, encrypts the entire hard drive and is a great solution for laptops. An adverse consequence is the possibility of hard drive failure during the encryption process.
- Virtual Disk Encryption – Virtual disk encryption is an additional technique for small file sharing and security needs that allows complete user control and local implementation, but carries performance risks.
- Database Encryption – Database encryption assimilates to the IT security model, providing both database level encryption and column level encryption. However this technique may lead to database corruption and other performance issues.
- Archive Tape/Virtual Tape Encryption – Tape archive encryption protects backup tapes and archive systems by allowing for both software level and hardware level encryption. This dual encryption may affect performance and should be tested with the established environment. Additionally, this decryption may only work with original tape machines and may lead to archive corruption and tape media failure.
After choosing a technique – or combination of techniques – thorough planning for encryption policy rollout is a must. An essential first step is planning who the user/group encryption candidates are, in addition to any department and user requirements. Another essential step is creating a key management policy that addresses how keys should be stored and who has access to the keys. Additionally, implement a data recovery policy. This policy determines vendor identification and qualification, whether recovered data should be encrypted and destruction of a failed hard drive. Some additional encryption policy considerations include: IT support, backup/archive policies, user training and follow-up and how to handle failures.
If a data loss disaster occurs during the encryption process, utilize a data recovery service provider. Look for secure protocols, scalable operations, research and development, and consider reputation. Thousands of data recovery services exist, so find one that meets your standards of security, quality and professionalism. Data loss happens every day – be aware, be prepared and have a strategy!
Back To Top
NEWS & EVENTS
Kroll Ontrack Offers Redesigned Certification Course for 2008
The industry’s legal technology thought leader has revamped its E-Discovery Certification Course for 2008 with updated topics, additional speakers, and dual track, customizable sessions to appeal to beginner, intermediate and advanced learners. The redesigned course curriculum is ideal for legal and technical professionals of all levels, including in-house counsel, law firm attorneys, litigation support professionals, paralegals and IT staff. For more information and to register for an upcoming course, visit: www.krollontrack.com/2008courses.
Kroll Ontrack Issues Another “ESI Report” on the Legal Talk Network
Kroll Ontrack has partnered with the Legal Talk Network to discuss cutting-edge issues and judicial opinions relating to electronically stored information. Michele Lange, Director of the Legal Technologies product line for Kroll Ontrack, hosts the radio show entitled “The ESI Report.” The show’s segments, the Spotlight, the Buzz and Bits and Bytes Legal Analysis, concentrate on hot topics in the area of electronic discovery and give listeners a snapshot into important issues facing practitioners, including rapidly evolving case law. The upcoming edition will bring to light important issues relating to multilingual discovery and data privacy faced by attorneys and businesses engaged in litigation, compliance and regulatory matters. Additionally, listeners will be briefed by Kroll Ontrack’s legal correspondent on the important order issued in the case of Flagg v. City of Detroit regarding protocol to discover text messages. Become a part of the over 10,000 listeners to date by visiting: http://www.krollontrack.com/legalresources/podcasts.aspx.
Meet our representatives at the following events:
6/24/2008/ - 6/25/2008 |
Legalworks A-Z |
Cleveland, OH |
6/26/2008 - 6/27/2008 |
LegalTech West |
Los Angeles, CA |
7/15/2008 - 7/16/2008 |
Legalworks A-Z |
Washington, D.C. |
7/16/2008 - 7/19/2008 |
Utah Bar Annual Convention |
Sun Valley, ID |
7/25/2008 |
NFPA (National Federation of Paralegal Associates) |
Aurora, CO |
8/7/2008 - 8/8/2008 |
Kroll Ontrack Electronic Discovery Certification Course |
Eden Prairie, MN |
8/25/2008 - 8/28/2008 |
ILTA Annual Convention |
Grapevine, TX |
9/11/2008 - 9/12/2008 |
Kroll Ontrack Electronic Discovery Certification Course |
Eden Prairie, MN |
10/16/2008 - 10/17/2008 |
Masters Conference for Legal Professionals |
Washington, D.C. |
10/16/2008 - 10/17/2008 |
Kroll Ontrack Electronic Discovery Certification Course |
Eden Prairie, MN |
10/19/2008 - 10/22/2008 |
ACC Annual Meeting |
Seattle, WA |
10/23/2008 |
DRI Annual Meeting |
New Orleans, LA |
10/27/2008 - 10/29/2008 |
Techno Forensics |
Gaitersburg, MD |
10/27/2008 - 10/30/2008 |
GTEC Conference |
Ottawa, Ontario |
11/10/2008 - 11/13/2008 |
Fall Connections |
Las Vegas, NV |
11/21/2008 |
Utah Bar Fall Forum |
Salt Lake City, UT |
Visit www.krollontrack.com/upcomingevents for more information on these events and others.
Back To Top
We Request Your Input
Our legal consultants, project managers and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to gjytyla@krollontrack.com.
This newsletter is written by Joni Shogren and Gina Jytyla, Kroll Ontrack staff attorneys, with assistance from Kelly Kubacki and Meridith Socha, law clerks. Ms. Jytyla can be contacted by writing to gjytyla@krollontrack.com.
.For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.
|
|
