| In This Issue:
 FROM THE BENCH: APPELLATE COURT AFFIRMS ORDER
TO PERFORM
COMPUTER FORENSIC INVESTIGATION ON HARD
DRIVE
In a
patent infringement action, First USA Bank v.
PayPal, Inc., 2003 WL 22071558 (Fed.Cir. Aug. 21,
2003), the Plaintiff subpoenaed the Defendant’s former
chief executive officer, specifically requesting
the
court to compel his deposition and to require him to
produce his laptop computer for forensic inspection. The
former-CEO had used the computer while employed by the
Defendant and subsequently purchased it from the
Defendant when he left its employ. Despite objection,
the magistrate judge ordered the former-CEO to be
available for deposition and approved a search protocol.
The search protocol allowed electronic evidence
consultants to create a forensic copy of the computer's
hard drive, identify any potentially relevant documents,
and, if such documents were found and identified, allow
the former-CEO to create a privilege log. The district
court affirmed the magistrate's order and former-CEO
appealed. The appellate court dismissed the former-CEO’s
appeal of the lower court’s non-final interlocutory
discovery order.
THE BRILL FILES:
TOOLS FOR YOUR INFORMATION SECURITY AWARENESS
PROGRAM
*** Written by Alan Brill, Senior Managing
Director for Kroll Ontrack, The Brill Files reflect his
work in the field with clients who have encountered some
not-so-pleasant events and what was done to remedy the
situation. With more than 25 years of consulting
experience, Mr. Brill has assisted organizations with a
wide range of technology security issues and is an
internationally recognized speaker and
instructor.***
When
it comes to setting up and running an information
security awareness program, it can be difficult (and
expensive) to find good training materials. Fortunately,
there is a little-known solution. Some of the
best
material -- including training videos and courses on CDs
-- are available to you on request, at no
cost.
The
U.S. Department of Defense (DoD) has one of the biggest
challenges in the information security area, having to
provide constantly updated training to hundreds of
thousands management and operational personnel, both
civilian and military. They have developed great
programs, and most of them are available to U.S. firms.
From government-developed video presentations on
subjects ranging from the "Executive's Role in
Information Security" to "Protecting Against Identity
Theft," and CD-based training ranging from "UNIX
Security for Systems Administrators" to "Web Security,"
there are sure to be courses you can use or adapt to
meet your training needs.
To order material you
can use to improve your Information Security Awareness
Program, log onto http://iase.disa.mil/eta/index.html.
TECHNOLOGY YOU
SHOULD KNOW: IRRETREIVABLE COMPUTER
DATA
***As technology continues to play a larger
role in litigation and internal company investigations,
lawyers and investigators are expected to comprehend the
inner workings of computers and how they relate to any
computer conduct at issue. ***
Some
of the most common questions attorneys ask computer
forensic experts
are:
- “How much data is recoverable if my client has
already redeployed the computer to another employee?”
- “How much data is recoverable if my client has
reformatted, defragmented, or wiped the hard drive?”
- “How much data is recoverable if the hard drive
was damaged due to fire, water, or other physical
damage?”
While the amount of data recoverable from a
computer hard drive or other media varies on a
case-by-case basis, there are some methods for
permanently destroying computer data. These methods
include:
- Complete Overwriting – Every
time a computer is utilized, the user inevitably
overwrites something. When a computer is redeployed to
a new user, the new user may - through continued use
of the computer - unintentionally overwrite data from
the old user. Users can also intentionally overwrite
computer data by saving “garbage files” to the hard
drive to overwrite older data, or they can purchase
overwriting/wiping software that returns a drive to
the original
factory condition (a blank disk
drive).
- Physical Destruction –
Computer data can be permanently destroyed by damaging
beyond repair the media containing the data. Some
common examples of physical destruction that will
likely cause permanent data deletion include:
shredding the hard drive platters by manually breaking
them into several small pieces, utilizing a drive
shredder, shooting several holes through the platters,
or throwing the computer media into the depths of the
ocean. It is important to note, that some physical
destruction attempts are not 100% effective and some
data may still be recovered from undestroyed portions
of the drive.
- Heat - Exposing the media to
extreme heat, usually in excess of 300 degrees
Fahrenheit, will likely cause permanent data
loss.
- Magnetic Destruction – Using a
degaussing device with a magnetic field strong enough
to disrupt the magnetic orientation of the data on the
platters. Simply holding a magnet to the hard drive
case will not likely destroy computer data contained
therein because most hard drive assemblies are
designed to shield the drive from disruptive
magnetic fields. It takes a very powerful commercial
grade magnetic field to penetrate the hard drive
enclosure to actually impact the platters inside.
However, some people may be successful in destroying
computer evidence by opening the
drive and placing
a strong magnet next to the exposed platters.
Even
if counsel suspects permanent data loss, it is best to
contact a computer forensics expert to determine if any
data is retrievable from the computer media at issue. In
many cases, even if data is rendered unrecoverable, a
computer forensic expert often can provide counsel with
significant details about how and when the data was
destroyed, which may be deemed more damaging to the
defendant than the actual evidence destroyed.
KROLL ONTRACK NEWS AND
EVENTS:
Kroll Acquires U.K. Market Leader in Litigation
Support Technologies
LONDON and NEW YORK, 4 December, 2003 -- Kroll
Inc., (NASDAQ: KROL), the global risk consulting
company, announced today that it has acquired Oyez Legal
Technologies Limited (OLT), the U.K market leader in
litigation support and legal information management
services, from the OyezStraker Group Limited. The
acquisition, which was completed today, was effective 1
December and is expected to be accretive in 2004. OLT,
which is based in London and has approximately 120
employees, had revenues of £6.1 million (US$ 10.4
million) for its fiscal year 2003, which ended 31
August.
For
more information, please visit:
http://www.krollontrack.com/AboutUs/PressReleasesArchive/index.asp?getPressRelease=8733
Visit our Upcoming Events section at http://www.krollontrack.com/upcomingevents/
to learn about these presentations and more.
KROLL ONTRACK REQUESTS
YOUR INPUT
Our
legal consultants, project managers, and technology
experts strive to stay on top of electronic discovery
law. If you are aware of any additional local court
rules or new cases in this area of the law, please do
not hesitate to contact us by writing to mlange@krollontrack.com.
For
more information about electronic discovery and computer
forensics services,
contact Kroll Ontrack at
1-800-347-6105 or www.krollontrack.com.
|
