| In This Issue:
FROM
THE BENCH: COURTS EVALUATE DELIBERATE DATA DELETION
Deliberate Deletion of E-mails Increases Prison Sentence
United States v. Tamez, 2006 WL 2854336 (S.D.N.Y. Oct. 5, 2006). A judge’s sentence for a defendant convicted of embezzlement, inter alia, was increased by two levels for obstruction of justice -- namely the defendant’s deliberate deletion of e-mail from a workplace-issued laptop. A computer forensic expert determined the defendant, a high-ranking official with the U.S. Drug Enforcement Administration (DEA), deleted incriminating e-mails and files from his government computer shortly after the agency placed him on administrative leave for suspicion of embezzlement. The defendant filed a motion asking the court to set aside the upward departure from the sentencing guidelines because the e-mails were not deleted deliberately. He argued he deleted the files because department policy required departing employees to return laptops in the same condition in which they were issued. The defendant further argued his personal America Online log-in information was only deleted to prevent others from obtaining his personal information. The court found the defendant’s arguments “patently absurd”. There was no doubt the defendant was “intentionally seeking to destroy this evidence to interfere with the investigation. By deleting the files--some of which have not been recovered in usable form or at all--he impeded the Government’s investigation.” The upward departure of two levels in sentencing was affirmed by the court.
Hard Drive Wiping Warrants Default Judgment
Arista Records v. Tschirhart, 2006 WL 2728927 (W.D. Tex. Aug. 23, 2006). In a copyright infringement case involving the illegal downloading of music from the Internet, the plaintiff motioned the court to award default judgment against the defendant for deletion of key computer records. The defendant was required to produce her computer for inspection two times to determine if songs were illegally downloaded from the Internet. However, once the defendant eventually produced her computer, a computer forensic expert determined wiping software was run shortly before and after production was ordered. The defendant argued she ran a defragmentation program which comes installed on most computers and is run automatically. The plaintiff argued the defragmentation was performed at key moments in the litigation and was not indicative of a program running a monthly or weekly scan. The court held the timeliness of the data deletion was consistent with intent to destroy. The defendant argued the sanctions should be sufficient to prevent the destruction of any more evidence in the case. The court found no other relevant evidence existed that the defendant could destroy. Therefore, the court held that only an order for default judgment would be fair since key evidence was missing and without it, only piecemeal evidence would remain which greatly prejudiced the plaintiff in presenting its case.
THE BRILL FILES: COMPUTER FORENSIC EXAMINATION PUTS FEARS TO REST IN LAPTOP THEFT
*** Written by Alan Brill, Senior Managing Director for Kroll Ontrack, The Brill Files reflects his work in the field with clients who have encountered some not-so-pleasant events and what was done to remedy the situation. With more than 25 years of consulting experience, Mr. Brill has assisted organizations with a wide range of technology security issues and is an internationally recognized speaker and instructor. ***
Laptop computers are designed to be portable and convenient yet powerful enough to handle several business applications. However, for some companies, laptops have become too portable and convenient. The diminishing size of laptops only increases the likelihood that an employee will have a laptop stolen, misplaced or damaged while traveling on business or just going home from a long day at work. You have likely seen the surplus of news stories relating to laptop theft and data loss.
Recently, Kroll Ontrack worked with a client who had a laptop stolen that contained confidential medical information of over 250,000 of its customers. An employee wanting to burn the midnight oil decided to download some files onto his computer so he could work from home one night. On the way home, he stopped at a coffee shop to sit down for a cappuccino and work on the laptop. When he stepped out to go to the bathroom for a few moments a thief had stolen the laptop.
Fortunately for our client, the laptop was recovered less than two weeks later. The company’s worst fears were that their customers’ confidential information was stolen, accessed and used for identity fraud. This is where Kroll Ontrack’s team of forensic experts put their skills to work.
Using computer forensic techniques to access the laptop’s hard drive, we produced a log of all activity on the computer during the two weeks when it was gone. Happily for our client, the laptop was never accessed and the confidential information was not breached by the thief. This was one of the first times computer forensics has been used in responding to a reported breach of confidential information.
Our client took great care in properly informing their clients that their information may have been compromised. However, everyone’s concerns were abated after our computer forensics results were communicated.
*** If you would like to explore the opportunity
of Alan Brill speaking at a conference you are supporting
or organizing, please contact Amanda Karls at (952)
516-3637or at akarls@krollontrack.com.
***
TECHNOLOGY YOU SHOULD KNOW: CELL PHONE FORENSICS
From person-to-person communication, to address book organization and on-the-go computing, cell phones are powerful, highly mobile devices. The set of features and capabilities can vary depending on the make and model of the phone. However, one aspect unifies all cell phone technologies. With the push of a button or the touch of a screen, digital trails are created, ripe for the picking by computer forensic investigators in litigation or internal investigations.
Recently, the Computer Security Resource Center of the U.S. National Institute of Standards and Technology (NIST) released a new piece of research entitled, “Guidelines on Cell Phone Forensics.” This document outlines general principles and provides technical information intended to aid organizations evolve policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones. These guidelines (available at http://csrc.nist.gov/publications/drafts/Draft-SP800-101.pdf) are in draft form, and computer forensic specialists and members of the law enforcement community are encouraged to provide feedback.
As outlined in the NIST research, potential cell phone evidence may include:
• Subscriber/Device Identifiers - These entries are helpful in identifying the owner of the phone, and other background information such as date/time/language settings, billing and usage information, and location tracking.
• Phonebook Entries - Phonebook entries may contain more than just names and phone numbers, it also may include e-mail and postal addresses.
• Call Logs - Phone logs capture recent calls attempted from the phone, received by the phone, and missed by the phone.
• Message Entries - Message entries include voice, text, and e-mail received and sent by the phone. Undelivered messages also may be recoverable.
• Calendar Items - Similar to a paper-based date-planner, electronic calendar entries may provide dates, times, and locations of scheduled events.
• Photographs/Video - Many mobile phones have a built-in camera and video devices and can receive messages containing photos or videos.
• Other File/Website Content - Some cell phones can navigate the Internet or display word processing documents, graphic files, spreadsheets, presentation slides, and other similar electronic documents.
If a cell phone might be a source of crucial evidence in your next case or investigation, seek the assistance of a qualified computer forensic expert, skilled in cell phone investigation best practices.
KROLL ONTRACK NEWS & EVENTS
Meet Kroll Ontrack Representatives at the Following
Events:
Visit http://www.krollontrack.com/upcomingevents/
for more information on these events and others.
KROLL ONTRACK REQUESTS YOUR INPUT
Our legal consultants, project managers, and technology
experts strive to stay on top of electronic discovery
law. If you are aware of any additional local court
rulings or new cases in this area of the law, please
contact us by writing to mlange@krollontrack.com.
This newsletter is written by Michele C.S. Lange, staff
attorney with Kroll Ontrack. Ms. Lange has published
numerous articles and speaks regularly on the topics
of electronic discovery, computer forensics, and technology's
role in the law. She can be contacted by writing to
mlange@krollontrack.com.
For more information about electronic discovery and
computer forensics services, contact Kroll Ontrack at
1-800-347-6105 or http://www.krollontrack.com/.
|
