In This Issue:

	From the Bench: Courts Rely on Computer Forensic Experts
	The Brill Files: Preventing Information Leakage
	Technology You Should Know: How to Select a Computer Forensic Expert
	News & Events

From the Bench: Courts Rely on Computer Forensic Experts

Court Admits Imaged Hard Drive Evidence Obtained Under Ruse
United States v. Richardson, 2007 WL 2253566 (W.D.Pa. Aug. 3, 2007). In a suit alleging possession of child pornography, the defendant motioned the court to suppress evidence obtained from the search of his computer hard drives. The investigators gained entry to the defendant’s home under a ruse, claiming they were merely searching for evidence of identity theft. In reality they were investigating the attempted credit card purchase of access to an Internet site containing child pornography from an IP address registered to the defendant at the defendant’s home. The defendant offered his consent to image the hard drive of one computer, and allowed investigators to confiscate the other. A forensic expert located numerous child pornography images on the imaged hard drive and confiscated computer. The court held that failure to reveal the object of the investigation was not a violation of the defendant’s fourth amendment rights and denied the defendant’s motion to suppress.

Conviction Reversed Where Defendant Was Not Allowed Reasonable Means of Verifying Evidence
State of Ohio v. Rivas , 2007 Ohio App. LEXIS 3299 (Ohio.App. July 13, 2007). In a suit where the defendant challenged his conviction for importuning and attempted unlawful sexual conduct with a minor, the defendant challenged the trial court’s denial of his request to obtain a copy of the police department’s hard drive where records of online chats were stored. The defendant argued he was entitled to review of the transcripts and should not be required to rely on the representations of the adverse party. The state argued that its interest in safeguarding the details of other investigations contained on the hard drive outweighed the defendant’s request to have access to the hard drive. The trial court agreed with the state, but the appellate court reversed that holding, requiring the state to allow the defendant a reasonable means of verifying the accuracy and completeness of the transcript to meet the requirements of the right to a fair trial and the right of an accused to confront the evidence against him. The court suggested the trial court conduct an in camera review to verify the transcript.

Court Orders Party Seeking Discovery to Incur Costs of Production
In re Maura , 2007 WL 2231386 (N.Y.Sur.Ct. June 28, 2007). In a suit to determine her entitlement to her decedent husband’s estate in spite of their prenuptial agreement, the respondent sought discovery from the non-party attorney and his firm who drafted the agreement. She sought access to the attorney’s computer for records of billing and all existing and deleted records concerning the prenuptial agreement. The attorney argued attorney-client privilege with regard to other information on the computer and offered the firm’s backup tapes in the alternative. The court held that the backup tapes were insufficient as they would lack deleted and altered records and ordered the attorney’s hard drive to be imaged. The court ordered the attorney to choose a computer forensic expert to submit a cost proposal for the imaging. The attorney should then forward a copy of the proposal to the respondent, at which time she would determine if she was willing to go forward with or without the information.

The Brill Files: Preventing Information Leakage

E-mail, the Internet, spreadsheets, documents, databases, and servers – these are some of the critical electronic building blocks of virtually every business today. And while computers are the masters of creating efficiencies and solutions, they also create risk, especially when it comes to electronically stored proprietary information.

In this digital age, companies must protect themselves however, the statistics indicate that this is no small feat. A recent UK study found that 132 million sensitive documents are being taken out of UK offices each week on portable devices. The study also concluded that 52% of European employees would take company data with them when they leave. Even with such high risk for information leakage, the study found that more than a third of European businesses have no set policy for handling sensitive documents and, in cases where policies do already exist, almost a quarter of employees were unaware of the policy. http://www.securitypark.co.uk/article.asp?articleid=26423&CategoryID=1.

The story is the same here in the United States. A recent survey indicated that companies believe one in five outgoing e-mails poses a legal, financial or regulatory risk. http://www.proofpoint.com/news-and-events/press-releases/pressdetail.php?PressReleaseID=165 So what can organizations do?

First, organizations should create and enforce an electronic system use policy or computer use policy. This can include policies relating to employee usage of e-mail, Web sites, blogs, message boards, media sharing sites, social networking and instant messaging. Without such policies, companies risk not only the leakage of sensitive information, but also the loss of employee productivity and increased exposure to computer viruses. But having a policy in place does not guarantee success, especially if your employees are unaware or untrained. It is critical to educate employees on the company’s electronic system use policy, defining what is and is not acceptable.

Next, organizations can consider active monitoring of employees’ computer conduct. These monitoring efforts can be people-intensive – such as hiring individuals to scan outbound e-mails, or technology intensive – such as putting an Internet filter in place. Many companies seeking to ensure the tightest levels of security choose to deploy both options and more.

If you would like to explore the opportunity of Alan Brill speaking at a conference you are supporting or organizing, please contact Kristin Husom at 952 516 3781 or at khusom@krollontrack.com.

Technology You Should Know: How to Select a Computer Forensic Expert

You sense that one of your top-level executives is planning to leave the company. You have concern she may take proprietary company information with her and you need to find some help before it is too late. You are well aware that the need for a computer forensic expert is the first important step. However, selecting one that is properly trained may not be as easy as it sounds. Below are a few qualifications to consider.

Is the person properly educated?

Computer forensic investigators must have advanced computer knowledge and specialized data recovery and computer investigation analysis skills. There are numerous educational institutions that offer courses and degree programs in computer forensics. For an updated list visit: http://www.e-evidence.info/education.html.

In addition to formal computer forensics or other computer-related education, there are a few accrediting organizations that establish minimum training standards and promulgate industry accepted and recommended computer forensic procedures. Consider finding an expert with one or both of the affiliations below.

• IACIS (International Association of Computer Investigative Services) - This organization is restricted to sworn police officers and full time employees of law enforcement agencies.
• HTCIA (High Technology Crime Investigation Association) – This organization allows membership to civilians as well as law enforcement after the member passes a background screening and agrees to not work for defense counsel.

Does the person have active industry experience?

Another measure of computer forensic expertise focuses on specific certifications. Some industry standards are listed below.

• Encase
• FTK (Forensic Tool Kit)
• IACIS (International Association for Computer Information Systems)
• CISSP (Certified Information Systems Security Professional)

Does the person continually update their education?

Computer forensics is an evolving science, one that is constantly adapting to newer technologies and practices. With that in mind, don’t hesitate to ask questions and request credentials to ensure you’re hiring a computer forensic expert with the most up-to-date experience, training and accreditation.

Is the person properly trained to follow legal requirements?

In addition to technical expertise, it is critical to choose a computer forensic expert who understands the legal aspects of their work. If the investigation ends up in any type of court proceeding, the judge will expect well documented chain-of-custody, as well as proper procedures for the collection and preservation of the digital information. The judge will require proof that the information before them has not been altered in any way before they will allow the information to be admitted as evidence. In addition, the expert you choose may be called as a witness to testify in the court proceeding to verify this information.

NEWS & EVENTS

Kroll Ontrack Launches “The ESI Report” on the Legal Talk Network

In another effort to educate the legal community on topics relating to Electronically Stored Information, Kroll Ontrack has partnered with the Legal Talk Network to bring you “The ESI Report”, hosted by Michele Lange, Director of the Legal Technologies product line for Kroll Ontrack. The show is split into three segments: the Spotlight, the Buzz, and Bits and Bytes Legal Analysis. The Spotlight and Buzz sections concentrate on hot topics in the area of electronic discovery and give listeners a snapshot into important issues facing practitioners. In the first two recorded shows, these segments highlighted advanced search technologies and state level response to the recent amendments to the Federal Rules of Civil Procedure.

The Bites and Bytes Legal Analysis segment focuses on a late-breaking case and features a Kroll Ontrack staff attorney or legal consultant to summarize the case and comment on any note worthy aspects. For example, you won’t want to miss the show featuring Columbia Pictures Industries v. Bunnell, also known as the RAM case. With nearly 400 listeners having already tuned in, you’ll want to listen and stay up to date by visiting: http://www.legaltalknetwork.com/modules.php?name=News&new_topic=17

Meet our representatives at the following events:

Visit www.krollontrack.com/upcomingevents for more information on these events and others.

Back To Top

We Request Your Input

Our legal consultants, project managers, and technology experts strive to stay on top of e-discovery law. If you are aware of any additional local court rules or new cases in this area of the law, please contact us by writing to mlange@krollontrack.com.

This newsletter is written by Michele C.S. Lange, Kroll Ontrack Legal Technologies Director, with assistance from Joni Heikes, a Kroll Ontrack staff attorney. Ms. Lange has published numerous articles and speaks regularly on the topics of e-discovery, computer forensics, and technology’s role in the law. She can be contacted by writing to mlange@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.