You are here: Home / Archives for evidence

The Case for In-House eDiscovery | Heathcare Info Security (Upasana Gupta)

December 27, 2011 By Leave a Comment

In mid-2011, Canada’s Scotia Bank set up an internal eDiscovery team of three full-time professionals to tackle litigation issues for the institution in 50 countries.

The goal: to preserve, collect, review, manage and produce any electronic evidence relevant to a court case. For Greg Thompson, vice president of enterprise security services at Scotia Bank, Canada’s third-largest institution, eDiscovery has become a top concern because of the rising litigation caseload. Failure to comply with an eDiscovery request could result in fines or other penalties.

 

The main reasons for establishing an internal eDiscovery team, versus outsourcing it: huge cost savings, increased control of data and a better understanding of the litigation process.

“Satisfying a court order is heavy lifting,” Thompson says. “The cost and risks of outsourcing this service with regards to the number of litigations we are dealing with has skyrocketed. If you send your data to an external party for investigations, you can expect to pay somewhere around $2,000 per day compared to internal expertise, where we spend around $800 per day.”

Scotia Bank’s choice is increasingly common among private and public sector organizations worldwide. The expansion of litigations, electronically stored information and the risk of sending data to third parties are pushing these organizations to develop their own eDiscovery capabilities.

“eDiscovery is becoming a big deal,” says David Matthews, deputy chief information security officer for the City of Seattle in the U.S., and author of a forthcoming book called “Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval.” “Every bit of infrastructure and activity generates electronic data, so organizations and individuals are expected to understand by law where their electronic evidence is and how it’s accessed and produced in court.”

via The Case for In-House eDiscovery.

Filed Under: From The News Tagged With: , , , , , , , ,

Crowdsourcing legal data: are we all e-discovery agents now? | New Legal Review (Matt Packer)

December 21, 2011 By Leave a Comment

Legal professionals will always play a vital role in building up trial evidence. However, writes Matt Packer, a creature called ‘the crowd’ is starting to do this automatically – all through everyday online usage

‘Mob rule’ and ‘herd mentality’ are just two of the many phrases used by journalists to criticise ignorant or sheep-like behaviour in large masses of people. The internet, though, helps to bring crowd wisdom to life. ‘Crowdsourcing’ is a term coined in 2006 by technology expert Jeff Howe, who became interested in how companies were engaging customers in key corporate functions, such as marketing. That year, Doritos gave an example by launching its Crash the Superbowl campaign, inviting snack fans to create their own Doritos commercials and upload them to a website for user rating. The winner was broadcast in a commercial break during Superbowl XLI.

Since then, crowdsourcing has had a positive impact on the world of intellectual property (IP) through the Peer to Patent initiatives in the US and UK. These enable technical experts of all types to sign up and provide their insights on select patent applications. But this year, web-based crowds have also played major roles in the gathering of raw evidence – firstly, for litigation in a US trademark suit; and secondly, for the prosecution of key participants in the UK riots.

via Crowdsourcing legal data: are we all e-discovery agents now?.

Filed Under: From The News Tagged With: , , , , , , , ,

Sanctions Ordered for Failure to Adequately “Preserve, Search for, and Collect Potentially Relevant Information” : Electronic Discovery Law

December 9, 2011 By Leave a Comment

Naaco Materials Handling Group, Inc. v. Lilly Co., No. 11-2415 AV, 2011 WL 5986649 (W.D. Tenn. Nov. 16, 2011)

In this case, the court found that defendant “failed to take reasonable steps to preserve, search for, and collect potentially relevant information . . . after its duty to preserve evidence was triggered by being served with the complaint” which may have resulted in the destruction of relevant evidence.  Further, defendant failed to present an adequately prepared and knowledgeable 30(b)(6) deponent.  Accordingly, sanctions were imposed, including, among other things, additional discovery, additional forensic imaging at defendant’s expense, and monetary sanctions.

Plaintiff accused defendant of illegally accessing its proprietary website on over 40,000 occasions.  Early in the litigation process, the court granted plaintiff’s motion for expedited discovery which  resulted in an order allowing plaintiff’s expert to conduct a forensic examination of defendant’s computers to determine which, if any, were used to access plaintiff’s proprietary information and to make a copy of any hard drive on which such access was detected.  Evidence of access was found on 17 of the 35 computers subject to examination.  As litigation progressed, and in particular following the deposition of defendant’s 30(b)(6) deponent, plaintiff became concerned that relevant information had been lost and moved to prevent further spoliation and for defendant to bear many discovery-related costs.

The court’s opinion identified several discovery violations, including defendant’s failure to adequately and timely disseminate a legal hold notice; defendant’s failure to “to prevent emails from being deleted, to prevent data from being overwritten, or to identify and preserve backup tapes which might contain the only electronic evidence of access to [plaintiff’s] secure dealer website;” and defendant’s failure to “collect evidence from the key players or to search key players’ computers to see if ESI existed or had been deleted.”  Further, defendant “left collection efforts to its employees to search their own computers without supervision or oversight from management” and took no effort to follow up with its employees or to document any of its search and collection efforts.  Defendant also failed to provide an adequately prepared 30(b)(6) deponent.  Accordingly, the court determined that defendant was “at a minimum, negligent in discharging its discovery obligations.”  The court noted, however, that plaintiff did not produce proof that relevant evidence was in fact destroyed and that the extent of prejudice was therefore in question; more substantial sanctions were therefore not warranted.  Nonetheless, the court found that lesser sanctions were appropriate.

via Sanctions Ordered for Failure to Adequately “Preserve, Search for, and Collect Potentially Relevant Information” : Electronic Discovery Law.

Filed Under: From The News Tagged With: , , , , , , , , , ,

BP has accused Halliburton of destroying damaging evidence relating to last year’s Gulf of Mexico oil spill | guardian.co.uk

December 6, 2011 By Leave a Comment

BP has accused Halliburton of destroying damaging evidence relating to last year’s Gulf of Mexico oil spill.

In a court filing, BP has alleged that the US oil services firm of intentionally destroying evidence about possible problems with its cement slurry poured into the deep-sea Macondo well about 100 miles (160 km) off the Louisiana coast. An oil well must be cemented properly to avoid blowouts.

Also in the documents filed in a New Orleans federal court, BP accuses Halliburton of failing to produce incriminating computer modelling evidence.

BP asked a US judge to penalise Halliburton and order a court-sponsored computer forensic team to recover the modelling results.

Halliburton has told media outlets that the accusations are untrue.

The allegations in the 310-page motion add to a showdown among BP and the contractors Halliburton and Transocean over blame in the Deepwater Horizon blast in April 2010, which killed 11 workers and led to 206m US gallons (780m litres) of crude oil escaping into the Gulf of Mexico. So far, BP, the majority owner of the Macondo well, has footed the bill for the emergency response and cleanup.

Also involved are Anadarko Petroleum and Cameron International.

via BP accuses Halliburton over Gulf of Mexico oil spill | Environment | guardian.co.uk.

Filed Under: From The News Tagged With: , , , , , ,

Podcast: E-discovery Preservation: Reset to Neutral | Legal Talk Network

December 6, 2011 By Leave a Comment

The landmark Zubulake e-discovery decisions were the first of many to transform a narrow duty not to spoliate into a much broader duty to affirmatively preserve all possibly relevant evidence when there exists a “reasonable anticipation of litigation.”  But have these judicial opinions gone too far? In the December edition of Law Technology Now, Robert Owen, a partner at Sutherland Asbill & Brennan, says it’s time to shift gears and restore the balance. He talks with Monica Bay, editor-in-chief of Law Technology News, about his five proposed rules that he says will prevent substantial injustices, yet be comprehensive and comprehensible.

Listen Here

via E-discovery Preservation: Reset to Neutral | Legal Talk Network.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Employee Theft Investigations: Intellectually Property Theft and Business Trade Secrets Investigations | Computer Forensics Associates

November 2, 2011 By Leave a Comment

Intellectual property theft and trade secret theft often go unnoticed until an employee is terminated. Suddenly a competitor introduces a new product or process that is virtually identical to yours. By performing a computer forensic investigation on any electronic devices the employee had access to, sufficient evidence can be found to prove theft of intellectual business property and and business trade secrets. This evidence can be used in court to stop the competitor’s use, prosecute the responsible party(s) and win compensatory damages.

Computer Forensic investigations help businesses uncover suspected intellectual property theft, trade secret theft and patent infringement by investigating computers, smart phones, cell phones, hard drives, servers and other data storage devices. Common types of intellectual property include copyrights, trademarks, patents, industrial design rights and trade secrets including but not limited to intangible assets like musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs.

Take these steps if you suspect theft of intellectual property by an employee:

  1. Identify all computers, laptops, smart phones,and external devices that may hold potential evidence.
  2. Secure the suspect computers and prevent further use until a forensic image can be collected.
  3. Begin documenting why you suspect IP theft, fraud or patent infringement.
  4. Contact a computer forensics company like Computer Forensics Associates and make arrangements to capture a forensically sound image so you preserve the evidence and prevent tampering or spoliation.

via Employee Theft Investigations: Intellectually Property Theft and Business Trade Secrets Investigations.

Filed Under: From The News Tagged With: , , , , , , , , ,

New York State Bar Association Releases Practitioner’s Guide to E-Discovery

October 31, 2011 By Leave a Comment

To help lawyers and judges navigate the burgeoning and challenging electronic discovery landscape, the New York State Bar Association has issued guidelines for best practices that offer extensive practical advice on e-discovery issues in state and federal courts in New York.

E-discovery is the preparation, preservation, collection, processing, review, and production of evidence in electronic form — including email, texts, social media, the “cloud,” etc. — in response to business, regulatory, or legal requirements.

Presented in a clear and concise manner, the new publication, Guidelines for Best Practices in E-Discovery in New York State and Federal Courts is available free of charge at www.nysba.org/e-discovery.

State Bar President Vincent E. Doyle III of Buffalo (Connors & Vilardo LLP), said, “Whether documents are stored on Facebook, in an iPad, in email, or in the “cloud,” members of the legal profession must understand their legal responsibilities in preserving, collecting and producing the electronically stored information. In a world where e-discovery is fast becoming standard ‘discovery,’ it is imperative that lawyers understand this emerging area of evidence so we can fulfill our obligations to our clients and the courts.

via New York State Bar Association Releases Practitioner’s Guide to E-Discovery.

Filed Under: From The News Tagged With: , , , , , , , , ,

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

September 22, 2011 By Leave a Comment

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

September 22, 2011 By Leave a Comment

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

5 tips to catch an intellectual property thief – Security – News – ZDNet Australia

August 25, 2011 By Leave a Comment

Physical crimes leave behind a trail of evidence that forensic teams can analyse and bring to court, but what about cybercrime, such as the theft of intellectual property? Computer forensics expert and director of Klein & Co Nick Klein said that when companies conduct a digital forensic investigation themselves, there are five things they should do.

(Image by Mad House Photography, CC BY 2.0)

Speaking at the Security 2011 Exhibition and Conference event in Sydney yesterday, Klein said businesses that had suspected that a digital crime had been committed on their systems often took a “Bunnings” approach to forensic analysis, and suggested a four-step structure for undertaking an investigation.

Prepare the business:

Prior to a breach occurring, businesses could do some preparation, which would help them later on in an investigation, Klein said.

He said that typically, businesses had a lack of policies and procedures to secure data, with in-house legal counsel often not working together with a business’ IT department in developing policy. He said that policies, such as making a full backup of an ex-employee’s machine prior to their departure, are often overlooked, when they could provide critical information to assist a case months later.

He also said that despite most operating systems allowing businesses to enable logging on sensitive information, most businesses tended to only use minimal logging of access.

Another area that Klein suggested businesses look at was where backups and critical databases were stored, and whether policies should be implemented to require employees to store information on the company’s file server, where the business would have greater control over it.

“We have a lot of cases where people say, ‘We had an employee who deleted their email. The only copy of it was a PST archive [which contains Outlook emails] on their computer. Can you get it back?’ A simple policy change to force that person to store that PST on the network could have overcome that.”

Lastly, Klein said that businesses often didn’t do enough to protect themselves in their employment contracts.

“Does it talk about confidentiality of information? Does it talk about monitoring of their user activity? Does it include things like USB devices? Can you have something in your employment contracts that says, ‘When you leave, we may ask you for your USB devices’? — It’s something to think about.”

continued @ 5 tips to catch an intellectual property thief – Security – News – ZDNet Australia.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,
« Older Posts