| In This Issue:
 FROM
THE BENCH: COMPUTER FORENSIC INVESTIGATIONS INFLUENCE JUDICIAL FINDINGS
Court Grants Motions to Quash Subpoenas Seeking Records, Reports, and Electronic Evidence
Trammell v. Anderson Coll, 2006 WL 1997425 (D.S.C. July 17, 2006).
In an employment-termination dispute, the defendant moved to quash a subpoena issued to a computer consultant retained in “anticipation of litigation.” In turn, the plaintiff sought a motion to quash a subpoena requesting “any and all electronic storage media including hard drives, zip drives, thumb drives, CD's, DVD's, etc. from and pertaining to any computer including desk top computers and/or laptops, used by [the plaintiff] from January 1, 2002 to the present.” Before terminating the plaintiff, the defendant hired a computer consultant to analyze the plaintiff’s hard drive to determine the authenticity of certain e-mails. Following this, the defendant retained a computer forensics expert, Kroll Ontrack Inc., to create a forensic image of the hard drive, conduct a more thorough investigation of the computer media, and store the hard drive with the defendant’s law firm for preservation. Although the defendant withheld the computer consultant’s records, the defendant provided the plaintiff with the more in-depth report by Kroll Ontrack Inc., insisting the plaintiff conduct its own forensic analysis if unsatisfied with the investigation. Arguing it had maintained strict chain-of-custody procedures, the defendant submitted affidavits stating that “there has been no change in the data or information on the hard drive from the time it was retrieved…to the present.” Finding the plaintiffs failed to prove that information on the hard drive had been altered, the court granted the defendant’s motion to quash and ruled the plaintiffs had not met their burden in demonstrating substantial need for the computer consultant’s analysis or showing they would suffer undue hardship in obtaining the relevant information through other means. The court continued by granting the plaintiff’s motion to quash, noting a party cannot issue a subpoena to another party under Rule 45, but should have requested production of the plaintiff’s personal computer pursuant to Rule 34.
Court Awards Terminating Sanctions for Spoliation of Crucial E-mail
Covucci v. Keane Consulting Group, Inc., 2006 WL 2004215 (Mass. Super. Ct. May 31, 2006).
In an age-discrimination suit, the court granted the defendant’s motion for terminating sanctions and dismissed the entire suit based on the plaintiff’s intentional spoliation of material evidence relating to a crucial e-mail. Before termination, the plaintiff drafted an e-mail addressed to his employer on a personal laptop and forwarded the document to his company e-mail account. After revising the document on a company computer, the plaintiff sent the e-mail to his employer, and forwarded a copy to an AOL account. During discovery, after the defendant requested permission to conduct a forensic examination of the plaintiff’s laptop, the plaintiff falsely represented to his counsel that he no longer had the computer. Instead, over several months, the plaintiff repeatedly used a wiping software to cleanse the computer hard drive and conversed with AOL in attempt to locate the e-mail. When the defendant was deposed a year later, he admitted to possessing the requested laptop and offered it for examination. Finding the plaintiff intentionally and in bad faith engaged in an elaborate scheme to eliminate relevant evidence concerning the e-mail’s creation, the court ruled dismissal was the only appropriate sanction. In addition, the court found no merit in the plaintiff’s cross-motion for sanctions where the defendant reformatted company computers and deleted the e-mail from servers in accordance with its document retention policy before learning of the e-mail’s evidentiary value.
THE BRILL FILES: FREQUENT FLIERS MUST GUARD THEIR GADGETS
*** Written by Alan Brill, Senior Managing Director for Kroll Ontrack, The Brill Files reflects his work in the field with clients who have encountered some not-so-pleasant events and what was done to remedy the situation. With more than 25 years of consulting experience, Mr. Brill has assisted organizations with a wide range of technology security issues and is an internationally recognized speaker and instructor. This month’s column was co-authored by Jason Paroff, Esq., the director of Computer Forensics Operations for Kroll Ontrack. ***
Frequent fliers usually unpack all their tech devices at an airport’s security checkpoint. For me, this means unpacking my laptop, Blackberry, cell phone, digital camera and any other gadgets I may be carrying with me that day. As security measures have tightened once again in airports and at the borders, special concerns have come up for travelers carrying laptops and other tech gadgets. In addition, a recent 9 th Circuit Court decision held that border guards may search and seize the contents of laptop computers without first obtaining a warrant, which raises computer security awareness for international travelers. If asked, travelers must be prepared to place our technology devices in our checked luggage or to turn on the machines for further investigation.
The bottom-line: our techno-devices are passing through other people’s hands when traveling with their owners, which subjects them to increased risk for damage, loss, or theft. Consider these important precautions to safeguard your gadgets on your next flight:
- Don’t let it out of sight - Keep your machines and bags in close proximity to you.
- Lock it up - Invest in encryption software so only you have access to data stored on the laptop, if the machine or data fall into the wrong hands.
- Backup, Backup, Backup - Backup your data before you travel. Copying your data on a secondary hard drive only takes a few minutes and means you’ve left a complete copy of everything back home. If something happens to your laptop, you can rest assured while you are on the road.
- Pack Double the Data - If you need to take critical data with you, use a memory stick, thumb-drive or CD-ROM so you have more than one copy with you when you travel.
- Prevent bumps and bruises - Look for a soft-side case that pads and securely holds the laptop. If you can’t bring the laptop aboard, wrap the laptop and case in some clothing and place it in the middle of a suitcase to prevent physical damage. If the computer is damaged during flight, contact a data recovery specialist before attempting to “fix” the situation on your own.
- Don’t panic - If the airline or border agent asks to remove the machine from your carry-on luggage or further inspect your machine, remain calm and comply with the requests.
These days, we don't know what technical devices we will or won't be allowed to take on an airplane. We must be prepared to protect our electronic devices from theft, loss, or damage as they are handled in transit.
*** If you would like to explore the opportunity
of Alan Brill speaking at a conference you are supporting
or organizing, please contact Amanda Karls at (952)
516-3637or at akarls@krollontrack.com.
***
TECHNOLOGY YOU SHOULD KNOW: STEGANALYSIS – UNCOVERING SECRET MESSAGES IN DIGITAL IMAGE FILES
*** As technology continues to play a larger role in litigation and internal company investigations, lawyers and investigators are expected to understand the inner workings of computers and how they relate to computer conduct issues. ***
Steganography is the art of passing secret information while hiding the existence of the communication from third parties. Unlike cryptography, which scrambles communication so it is unreadable, steganography transmits secret messages through an innocent “carrier” in a manner that the existence of the embedded messages is undetectable. For thousands of years, steganographic techniques involving invisible ink, microdots, and watermarks have been used to pass secret messages. Today, steganographic software programs can hide any type of binary data, such as plain-text, cipher-text, or image files, into nearly any type of digital carrier file, including image, audio, or video files, and even spam or executable files.
Steganalysis is the detection and recovery of embedded information. Today, law enforcement frequently relies on the skills of computer forensic examiners to detect secret communications between members of criminal conspiracies. Steganalysis also has proven particularly useful in the fight against child pornography by detecting illegal image files hidden within seemingly inoffensive .tif or .gif files.
At a crime scene, clues that may suggest the use of steganography include:
- References to steganography in a suspect’s computer hard drive, including: files names, Web sites, browser cookies, history files, e-mail messages, and chat or instant messaging logs.
- Evidence of steganographic software applications; many are downloaded free from the internet.
- Other program files indicating the suspect’s desire for secrecy, such as disk wiping software, hex editors, or software designed to enable anonymous e-mailing or browsing.
- The presence of a large volume of multimedia files that could be used as file carriers, especially duplicate files.
- Type of crime under investigation: child pornography, accounting fraud, identity theft, drugs, gambling, hacking, smuggling, terrorism.
Even in non-criminal matters, individuals may try to hide “smoking gun” evidence by embedding it within other files. A computer forensic examination may be the key to uncovering an essential piece of evidence in your next investigation or litigation.
KROLL ONTRACK NEWS & EVENTS
Kroll Ontrack® Launches Ontrack® Inview™ 5.0
Kroll Ontrack recently announced the launch of Ontrack Inview 5.0, a state-of-the-art online repository giving legal document review teams the most sophisticated and comprehensive menu of technology features available today. Document review teams familiar with Kroll Ontrack’s ElectronicDataViewer™ features will find the same easy-to-use online interface to accurately review both electronic and paper documents in one, case-dedicated database, but now with topic review and improved features. Ontrack Inview integrates cutting edge, proprietary topic review technology with established workflows providing the best of both worlds of topic document clustering and clear and familiar document review workflow. The launch of Ontrack Inview is a global deployment with availability in both the United States and United Kingdom. More information about Ontrack Inview can be found on the Web at www.ontrackinview.com.
Meet Kroll Ontrack Representatives at the Following
Events:
9/19/06
- 9/20/06 |
E-Discovery
"A-to-Z" Workshop
|
Seattle,
WA |
9/19/06 - 9/20/06 |
IQPC 2nd E Discovery |
New York, NY |
9/20/06-9/21/06 |
INFONEX- “Protecting Your Organization from Legal Risks and Mismanagement of Information" |
Toronto,
Ontario |
9/21/06
|
William & Mary Law School |
Williamsburg,
VA |
9/22/06 |
eDiscovery in the Heartland: New Rules, Current Trends, and Practical Tips |
Kansas City, MO |
9/26/06 |
NJCCA’s Annual Full-Day Conference
|
Morristown, NJ |
10/19/06
- 10/20/06
|
Electronic Evidence Thought Leadership Series |
Chicago, IL |
9/28/06 - 9/29/06 |
MERITAS Northeast Regional Meeting |
New York, NY |
10/3/06 |
Orange County Association of Legal Support Specialists |
Orlando, FL |
10/4/2006 - 10/5/2006 |
E-Discovery "A-to-Z" Workshop |
Atlanta, GA |
10/4/06 - 10/5/06 |
Paralegal SuperConferences |
Philadelphia, PA |
10/5/06-10/8/06 |
State Bar of California Annual Meeting |
Monterey, CA |
10/13/06 |
Louisiana State Bar Association Seminar |
New Orleans, LA |
10/12/06-10/13/06 |
Paralegal SuperConferences |
Atlanta, GA |
10/11/06 - 10/15/06 |
DRI Annual Meeting |
San Francisco, CA |
10/19/06 - 10/20/06 |
Paralegal SuperConferences |
San Francisco, CA |
10/23/06 |
19th Annual ERISA Litigation Conference |
San Francisco, CA |
10/23/06-10/24/06 |
MERITAS Litigation Section Meeting |
San Diego, CA |
10/24/06 |
Document Retention And Destruction In The Age Of Electronic Documents |
Boston, MA |
10/23/06 - 10/25/06 |
Association of Corporate Counsel 2006 Annual Meeting |
San Diego, CA |
10/25/06-10/26/06 |
Washington State Cyber Crime and Digital Forensics Conference |
Spokane, WA |
10/26/06-10/27/06 |
The Jackson Lewis 7th Annual East Coast Women's Employment Law Conference |
Short Hills, NJ |
10/30/06 - 11/1/06 |
HTCIA International Training Conference & Expo |
Cleveland, OH |
11/13/06 - 11/14/06 |
Advanced Electronic Discovery Certification Course |
Eden Prairie, MN |
11/16/06-11/17/06 |
Advanced E-Discovery Institute 2006 |
Washington, DC |
11/29/06 |
Maine State Bar Association Employment & Labor Section Meeting |
TBD |
11/29/06-11/30/06 |
ACI- 4th Annual Advanced Forum on Document Management & E-Discovery |
New York, NY |
12/1/06 |
South Dakota Defense Lawyers Annual Meeting |
Sioux Falls, SD |
12/4/06 - 12/5/06 |
Electronic Discovery Certification Course |
Eden Prairie, MN |
12/12/06 |
Twin Cities ARMA Chapter Meeting |
TBD |
Visit http://www.krollontrack.com/upcomingevents/
for more information on these events and others.
KROLL ONTRACK REQUESTS YOUR INPUT
Our legal consultants, project managers, and technology
experts strive to stay on top of electronic discovery
law. If you are aware of any additional local court
rulings or new cases in this area of the law, please
contact us by writing to mlange@krollontrack.com.
This newsletter is written by Michele C.S. Lange, staff
attorney with Kroll Ontrack. Ms. Lange has published
numerous articles and speaks regularly on the topics
of electronic discovery, computer forensics, and technology's
role in the law. She can be contacted by writing to
mlange@krollontrack.com.
For more information about electronic discovery and
computer forensics services, contact Kroll Ontrack at
1-800-347-6105 or http://www.krollontrack.com.
|
