Logo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forensic Discoveries Newsletter

August 2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Welcome to Knoxville's EDiscovery and Computer Forensics Newsletter. Keeping you and your practice informed of the ever-changing realm and value of Electronic Discovery and Computer Forensics is the purpose of this newsletter. If you have a colleague that may be interested in subscribing, follow the instructions at the bottom of this newsletter to be added to the distribution. If you choose not to continue receiving this newsletter, follow the directions at the bottom of this newsletter and accept our apologies for intruding.
in this issue
Upcoming Speaking Engagements
Proposed Updated TN Rules of Civil Procedure
KnoxNews.com - Computer Forensics and Divorce
Court Rejects Argument that a Missing E-Mail is Proof of Non-Receipt
EDiscovery Case Law
New Services Offered
Previous Newsletters
 
We hope you enjoyed last month's article "Proving Spoliation with Computer Forensics". Due to a steady increase in new subscribers, Forensics Discoveries will continue to list previous newsletters. This month we will be briefly discussing the proposed updates to the TN Rules of Civil Procedure that addresses ESI. As others have done, please let us know of a specific topic you would like to see covered.
 
Below is a review of our previous newsletters:
 

Upcoming Speaking Engagements


Forensic Discoveries will be speaking at various seminars and conferences this fall:


HalfMoon Seminars - Friday, October 3rd, 2008

Bill Dean will be giving a 2 hour presentation on Participating in Electronic Discovery. Topics covered will be:
  • Federal and Tennessee Rules on electronic discovery
  • Preserving information in anticipation of litigation
  • Balancing the need and cost of electronic discovery
  • Making and responding to requests for e-discovery
  • Working with opposing parties to find reasonable solutions
  • Understanding issues with Metadata
  • Working with e-discovery consultants and experts in computer forensics
  • Handling ethical issues: confidentiality and privilege
More details and registration can be found on the HalfMoon Seminars website.


East Tennessee Cyber Security Summit 2008 - October 21-22, 2008

Bill Dean will be presenting on the topic of Protecting Mobile Data with Cryptography.

This summit promotes a close working relationship among law enforcement, higher education, and industry participants in identifying and managing cyber crime and related matters and provides an opportunity to bring together security professionals from the East Tennessee region and beyond. The 2008 East Tennessee Cyber Security Summit will again be co-hosted by the Federal Bureau of Investigation (FBI), University of Tennessee, Fountainhead College of Technology, the Tennessee Valley Authority (TVA), and the TVA Office of inspector General.

More details can be found on the CyberSecurity Summit website.


Forensic Discoveries is also in discussions with 2-3 other seminars to speak this year and will update as those progress.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proposed TN Rules of Civil Procedure

As I am sure you are well aware, the Proposed Amendments to the Tennessee Rules of Civil Procedure regarding discovery of electronically stored information were submitted for comment on June 20th, 2008. The proposed rules can be viewed here. In speaking to attorneys that are well respected by myself and others when it comes to the laws that govern electronic discovery, it is very likely that these rules will be adopted in the first quarter of next year. My response to one of these industry leading professionals was "Let the games begin".

For those that have not yet worked with Forensic Discoveries, the background of the company founder (Bill Dean) is 12 years of information technology in regulated environments such as HIPAA, FDIC, and NCUA. The roles in these environments were internal forensic investigations, systems security compliance, regulation compliance, and senior systems architect. Through this experience and knowledge, Forensic Discoveries was formed to provide these resources to both the legal and corporate industries. Because of this specialized understanding, I was appointed by one of Knoxville's largest employers to act as the EDiscovery expert for what has now been stated as the 7th largest EDiscovery case of 2007 (John B. v. Goetz). Throughout this case one "opportunity" quickly became obvious, the disconnect between information technology departments and the realm of litigation. In observing the challenges between the legal system and information technology departments, it became painfully clear that the real challenge in EDiscovery was the communication gaps between the priorities of these powerhouses.

The reason for stating the qualifications of Forensic Discoveries was to set the stage for the value that the upcoming newsletters will provide to both you and your clients. The updated Federal Rules of Civil Procedure definitely received the attention of both corporations and the legal firms that represent them. However, as I am certain you will agree, the majority of companies took notice but chose not to properly prepare. To the defense of your corporate clients, as one of my previous newsletters explains, they have other priorities. Many companies gambled that any litigation they would be involved in would not be in Federal court and many have succeeded thus far. Once these rules are adopted, this will no longer be the case. Literally, the rules are about to change.

For the remainder of this year, the focus of this newsletter will be the Proposed Amendments to the Tennessee Rules of Civil Procedure and what they mean to the information technology operations of your clients. I have reviewed and compared the proposed Tennessee Rules to the Federal Rules as they apply to ESI, and struggle to find differences from a technological perspective. I am certain that each of you will have a thorough knowledge of the proposed laws, Forensic Discoveries cannot provide value there. Where Forensic Discoveries will provide value to you is a clear technical translation of how these laws will apply to the information technology operations of your clients. From the essential pretrial conferences to the "safe harbor" rule, Forensic Discoveries will prepare you for the upcoming challenges that your clients are about to face.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Computers Forensics and Divorce

Recently, the Knoxville News Sentinel published an article titled "Cheating on your spouse, revealed by your mouse". The article makes some good points. There are a couple of technical points that I do want to clarify from a forensics perspective:

The article states "79 percent have seen more divorce cases submit Web browser histories into evidence". If this information is of value to your litigation, be certain to have a computer forensic professional obtain this information for you. Computer forensic professionals have the tools and abilities to gather ALL of the web browser history and reconstruct the web pages for your review. Without using a computer forensic professional, only a fraction of the internet activity will be recovered. In addition, if the files are not handled in a forensically sound manner, the integrity of the information may be called into question.

The article also states that "Forty-four percent of those attorneys have also seen spyware used to obtain information from a spouse's computer". The statistic in which Forensic Discoveries encounters this type of software in domestic cases is closer to sixty percent. The forty-four percent statistic may indeed be higher due the software being undetcted. There are applications specifically designed for this function that will ONLY be detected by a trained computer forensic professional that knows how to specifically determine its existence on the computer. Software companies such as SpectorSoft have designed "spyware" software that will not be detected by anti-virus or most anti-spyware applications. While this "spyware" software is most often used in domestic cases, Forensic Discoveries has also discovered it in cases involving intellectual property.

If you found value in this article, I also recommend that you read my January 2008 newsletter that contains my article titled, "Digital Technology is Where the Evidence is in Divorce".
Court Rejects Argument that a Missing E-Mail is Proof of Non-Receipt


While this is case law, I chose to seperate it because there is a very good lesson to be learned about the opinion of one Court about the reliability of email communications.

Am. Boat Co., Inc. v. Unknown Sunken Barge, 2008 WL 1821599 (E.D.Mo. April 22, 2008). In this negligence action, the plaintiffs moved to reopen the time to file an appeal claiming the plaintiffs' attorney did not receive the electronic notice of the court order. The defendants' computer forensic expert imaged the computer hard drive belonging to the plaintiffs' counsel and found no evidence the notice had ever been on the computer system. Based on his investigation, the expert opined the notice was successfully sent, but was removed from the server after the attorney's secretary accessed the e-mail from a remote computer using the internet Post Office Protocol. The court found that proof an e-mail is not in a recipient's possession is insufficient to rebut the presumption that a generally reliable, properly dispatched e-mail reached its intended recipient. 

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
EDiscovery Case Law


Court Orders Affidavit Describing Computer Forensic Examination Details

Equity Analytics, LLC v. Lundin, 2008 WL 615528 (D.D.C. Mar. 7, 2008).

In this suit, the plaintiff claimed the defendant, a former employee, illegally accessed electronically stored information after being terminated. The parties agreed a computer forensics examination was necessary to analyze the defendant's computer, but could not reach agreement on how the examination should progress. To protect his privacy, the defendant sought to restrict the search by keywords and file type, but the plaintiff argued such would be under inclusive. Recognizing that the effectiveness of a particular search methodology requires expert testimony, Magistrate Judge Facciola required the plaintiff to submit an affidavit from its examiner explaining, inter alia, the limitation of the proposed search, how the search is to be conducted, whether a mirror image would be a perfect copy and whether there would be some reason to preserve the drive once imaged.



Court Finds Balance Between Conjunctive and Disjunctive Search Terms
 
ClearOne Commc'ns, Inc. v. Chiang, 2008 WL 920336

In this trade secret litigation, the plaintiff moved for entry of a search protocol order establishing guidelines for searching mirror images and identifying relevant and responsive documents. Previously the plaintiff accepted search terms proposed by the defendants with five additions, but disputes arose over the conjunctive or disjunctive use of the terms. The defendants argued it was reasonable to search conjunctively (i.e., require connectors between the search terms) in order to narrow the results to relevant subjects. Analyzing the advantages and disadvantages of both search techniques, the court ordered "license" terms to be searched disjunctively and "name" terms to be searched conjunctively.



Court Orders Prompt Production of E-Mail Threatening Additional Sanctions

Yeisley v. PA State Police, 2008 WL 906465 (M.D.Pa. March 31, 2008).

In this civil rights litigation, the plaintiff sought sanctions for untimely discovery disclosures and a lack of e-mail production. Claiming the turnover in defense counsel attributed to discovery delays, the defendants asserted any untimely production resulted from a desire to fully comply with discovery requests. Ordering the re- depositions of select people at no cost to the plaintiff, the court refused to impose further sanctions. However, the court ordered the defendants to promptly search and produce electronic records, including e-mail, or further sanctions would be considered.



Court Finds ESI Reasonably Accessible and Denies Cost-Shifting Argument

Mikron Indus., Inc. v. Hurd Windows & Doors, Inc., 2008 WL 1805727 (W.D. Wash. April 21, 2008).


In this dispute, the defendants sought a protective order regarding electronically stored information (ESI), claiming searching through their ESI would create significant costs and would yield cumulative results. The defendants also relied on Fed.R.Civ.P. 26(b)(2) to make a cost-shifting argument. The plaintiff argued the defendants had not reasonably compliedwith discovery requests. Denying the protective order, the court determined the defendants did not sufficiently demonstrate the inaccessibility of the requested ESI, or an undue hardship;
therefore, cost-shifting was not appropriate. Specifically, in alleging continued discovery of ESI would be unduly burdensome, the defendants failed to offer evidence beyond a cost estimate, such as the number of backup tapes, different methods used to store electronic information, or document retention policies. The court ordered the parties to meet and confer to discuss ESI discovery, prior
to bringing any future motions.


Expanded Services

Along with the electronic discovery and computer forensic services that Forensic Discoveries provides to our clients, we have expanded our services portfolio to include specialized security services such as:

External Security Tests - Forensic Discoveries works with clients to test the security of their computer network using the same tools and methodologies that hackers use.

Wireless Security Tests - Wireless networks provide great convenience, but can be a security liability if not properly secured. Forensic Discoveries will perform penetration tests of your wireless network and make the needed suggestions for improved security.

Mobile Data Encryption - Each week more than 10,000 laptops are lost or stolen in airports alone. Forensic Discoveries will ensure that your laptops, PDAs, and portable media are encrypted to protect your information in the event of loss or theft.

Employee Security Training - Regardless of how well computer systems are secured, the users themselves are always the weakest link. Forensic Discoveries follows the guidelines from the National Institute of Science and Technology to train company personnel on the basics of computer security to protect themselves and their employers from data theft.

For more information on these and other service offerings from Forensic Discoveries, please visit our website.

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Forensic Discoveries is available to provide onsite presentations or Q&A sessions on topics such as Electronic Discovery, Technical Implications of the updated Federal Rules of Civil Procedure, or Computer Forensics. Forensic Discoveries is also available to you, obligation free, to answer any specific questions pertaining to these topics. Simply give us a call and we will be glad to answer any questions pertaining to Electronic Discovery and Computer Forensics.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contact Information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Phone: (865)-809-7590

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

If you have a topic that you would like addressed in the newsletter, please let us know. Either visit http://www.forensicdiscoveries.com/newsletter.html and submit your suggestion there or reply to this e-mail with your suggestion. 

For previous versions of Forensic Discoveries EDiscovery newsletters, visit http://www.forensicdiscoveries.com/pastnewsletters.html  

 

This document does not provide legal or other professional advice and should not be relied upon as anything other than a starting point for research and information on the subject of electronic evidence and computer forensics.

Quick Links...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~