You are here: Home / Archives for evidence

New York State Bar Association Releases Practitioner’s Guide to E-Discovery

October 31, 2011 By Leave a Comment

To help lawyers and judges navigate the burgeoning and challenging electronic discovery landscape, the New York State Bar Association has issued guidelines for best practices that offer extensive practical advice on e-discovery issues in state and federal courts in New York.

E-discovery is the preparation, preservation, collection, processing, review, and production of evidence in electronic form — including email, texts, social media, the “cloud,” etc. — in response to business, regulatory, or legal requirements.

Presented in a clear and concise manner, the new publication, Guidelines for Best Practices in E-Discovery in New York State and Federal Courts is available free of charge at www.nysba.org/e-discovery.

State Bar President Vincent E. Doyle III of Buffalo (Connors & Vilardo LLP), said, “Whether documents are stored on Facebook, in an iPad, in email, or in the “cloud,” members of the legal profession must understand their legal responsibilities in preserving, collecting and producing the electronically stored information. In a world where e-discovery is fast becoming standard ‘discovery,’ it is imperative that lawyers understand this emerging area of evidence so we can fulfill our obligations to our clients and the courts.

via New York State Bar Association Releases Practitioner’s Guide to E-Discovery.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News Tagged With: , , , , , , , ,

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

September 22, 2011 By Leave a Comment

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

September 22, 2011 By Leave a Comment

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

5 tips to catch an intellectual property thief – Security – News – ZDNet Australia

August 25, 2011 By Leave a Comment

Physical crimes leave behind a trail of evidence that forensic teams can analyse and bring to court, but what about cybercrime, such as the theft of intellectual property? Computer forensics expert and director of Klein & Co Nick Klein said that when companies conduct a digital forensic investigation themselves, there are five things they should do.

(Image by Mad House Photography, CC BY 2.0)

Speaking at the Security 2011 Exhibition and Conference event in Sydney yesterday, Klein said businesses that had suspected that a digital crime had been committed on their systems often took a “Bunnings” approach to forensic analysis, and suggested a four-step structure for undertaking an investigation.

Prepare the business:

Prior to a breach occurring, businesses could do some preparation, which would help them later on in an investigation, Klein said.

He said that typically, businesses had a lack of policies and procedures to secure data, with in-house legal counsel often not working together with a business’ IT department in developing policy. He said that policies, such as making a full backup of an ex-employee’s machine prior to their departure, are often overlooked, when they could provide critical information to assist a case months later.

He also said that despite most operating systems allowing businesses to enable logging on sensitive information, most businesses tended to only use minimal logging of access.

Another area that Klein suggested businesses look at was where backups and critical databases were stored, and whether policies should be implemented to require employees to store information on the company’s file server, where the business would have greater control over it.

“We have a lot of cases where people say, ‘We had an employee who deleted their email. The only copy of it was a PST archive [which contains Outlook emails] on their computer. Can you get it back?’ A simple policy change to force that person to store that PST on the network could have overcome that.”

Lastly, Klein said that businesses often didn’t do enough to protect themselves in their employment contracts.

“Does it talk about confidentiality of information? Does it talk about monitoring of their user activity? Does it include things like USB devices? Can you have something in your employment contracts that says, ‘When you leave, we may ask you for your USB devices’? — It’s something to think about.”

continued @ 5 tips to catch an intellectual property thief – Security – News – ZDNet Australia.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,

RankMyHack lets hackers compete | TG Daily

August 23, 2011 By Leave a Comment

In recent months, long-time hackers have become just a little miffed with some of the new kids on the block and their automated DDoS attacks – script kiddies, they mutter, darkly.

And one UK hacker, Solar, has become annoyed enough to launch a new website aimed at separating the men from the boys.

RankMyHack does just what it says. Hackers – and around 700 have joined up so far – must submit evidence that they’ve actually carried out the attack they claim by planting a code somewhere on the compromised website.

“Up until now, when you met another hacker on an IRC or forum, there was no way to indicate if that hacker had any skills whatsoever, RankMyHack.com was built to give a clear indication of a hacker’s general abilities,” explains Solar.

“It also serves the purpose of tracking a hackers hacking achievements under their current alias, allowing for other hackers to quickly establish the calibre of hacker they are talking to.”

Points are scored for the difficulty of the hack, as well as the size of the website. There are bounties for racist sites, as well as for those belonging to universities, the military and governments.

Right now, Mudkip is top of the leaderboard with a claimed hack of the Huffington Post, followed by Blackfan for an attack on Google.

via RankMyHack lets hackers compete | TG Daily.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,

FBI, police go high-tech to fight crime

August 1, 2011 By Leave a Comment

Khalid Ouazzani owned a Kansas City, Mo., used auto parts store by day but was secretly supporting al-Qaida by night.

Using covert communications more complex than mere encryption, Ouazzani assumed he was eluding federal authorities, hiding his dealings behind a veil of virtual invisible ink. While the FBI won’t reveal details, agents say he used a form of steganography, the art of hiding messages within other messages.

But it was no match for the agency’s digital forensics specialists, who cracked Ouazzani’s code.

He pleaded guilty last year to conspiring to help a terrorist network and faces up to 65 years in federal prison.

Elsewhere, FBI digital evidence specialists proved a truck driver was streaming pornography on his laptop when he plowed into a car on a New York freeway, killing a woman. They also helped convict high-profile defendants like former Illinois Gov. Rod Blagojevich and top Enron executives.

In an age when the biggest cases can often hinge on the smallest pieces of evidence, some bits no bigger than a fingernail-sized microchip, the FBI’s Regional Computer Forensics Laboratories are fast becoming crucial law enforcement tools.

via FBI, police go high-tech to fight crime.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News, Tech Bytes Tagged With: , , , , ,

Becoming E-Discovery Ready – An Introduction to Litigation Software for E-Discovery

July 29, 2011 By Leave a Comment

 

Introduction

Litigation costs have been rising in recent years, attributable in part to an increase in the volume of documentary evidence and corresponding complexity of cases. This trend, fueled by the widespread use of e-mail communication in business and cheaper digital storage, is likely to set the tone for the future. The explosion in documentary evidence means trial lawyers are now spending significantly more time reviewing documentary evidence; and trial teams are growing larger as more support resources are now required for trial preparation.

However, the assumption that an increase in the volume of documentary evidence must necessarily result in a corresponding increase in the number of lawyers engaged in the case is fallacious. It is a fallacy because it is premised on the fact that trial preparation methods remain unchanged. More significantly, it fails to take into account the changing nature of documentary evidence (data in electronic form as opposed to physical paper files stored in filing cabinets) and fails to recognise the availability of new technologies designed to facilitate the trial preparation process.1

Just as technology has given rise to the document explosion, technology also offers a solution to litigation teams ready to adopt methodologies more befitting to digital information. Law firms tied to traditional hour-billing model may question the wisdom of deploying methods that promote fewer review hours and less lawyer involvement. In the long run, however, we believe that a competitive marketplace and more knowledgeable clientele guarantees that more efficient modes of production will triumph over less efficient ones. [Read more...]

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Global EDD Group Tagged With: , , , , , , ,

Gibson Dunn – E-Discovery Basics: Admissibility and Presentation of ESI (Vol. 1, No. 10)

July 26, 2011 By Leave a Comment

In previous installments of E-Discovery Basics, we discussed litigation preparedness, legal holds, preservation, processing, review and production of electronically stored information (“ESI”). In this installment, we discuss what many consider to be the last step in the e-discovery life cycle–admissibility and presentation of ESI to a trier of fact at trial or in other proceedings (for example, in support of a summary judgment motion).

The often considerable work and expense involved in the earlier stages of the e-discovery life cycle could end up being of little value if the ESI that is identified, preserved, collected, processed, reviewed and produced is ultimately inadmissible or not effectively presented. Litigants therefore should think strategically early on so that they handle and manage ESI in a way that ensures its admissibility and effective presentation.

Admissibility: The rules of evidence establish a series of hurdles that ESI usually must overcome before being admitted into evidence:

Relevance–Does the ESI have any tendency to make some fact that is of consequence to the litigation more or less probable than it otherwise would be?

Authenticity–Is the ESI what it purports to be?

Hearsay–If offered for its substantive truth, is the ESI hearsay, and, if so, is it covered by an exception to the hearsay rule?

Original Writing–Is the ESI an original or duplicate under the original writing rule, or, if not, is there admissible secondary evidence to prove the content of the ESI? and

Probative Value and Unfair Prejudice–Is the probative value of the ESI substantially outweighed by the danger of unfair prejudice, such that it should be excluded despite its relevance?

continued @ Gibson Dunn – E-Discovery Basics: Admissibility and Presentation of ESI (Vol. 1, No. 10).

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News Tagged With: , , , , , ,

The E-Discovery Implications of the News of the World Phone Hacking Scandal | Exterro

July 21, 2011 By Leave a Comment

As reported in the UK’s Guardian Newspaper, the unnamed executive is alleged to have deleted files from an internal archive containing about 500 GB of data.  The archive contained email correspondence between News of the World editors, reporters, and private investigators dating back to 2005.

The e-discovery implications of this scandal are twofold.  For starters, the alleged deletions come amidst an active police investigation.  Should police identify the executive – and any accomplices – and obtain the necessary evidence there is a high likelihood that criminal charges will be filed for obstruction of justice.  Secondly, News Corp – the owner of News of the World – is bracing for a swarm of civil lawsuits filed by phone hacking victims and evidence related to those cases was likely deleted.

It is important to note that the e-discovery rules differ somewhat between the U.K. and the U.S. (incidentally, discovery is referred to as “disclosure” across the pond).  Generally, e-discovery requirements are far more stringent in U.S. courts than in the U.K., and rulings of evidence spoliation are far more common.  Moreover, the repercussions for evidence spoliation are considered far harsher in the U.S. (see the 2010 Victor Stanley case where Judge Grimm deemed the evidence spoliation so sweeping and egregious he recommended jail time).  However, there have been cases in the U.K., notably Rybak & Others v. Langbar International Ltd (good analysis here), when deliberate evidence spoliation has resulted in severe consequences.

The bottom line, while there may be differences in discovery rules between the U.S. and U.K., punishment awaits those in either country who deliberately delete electronic evidence that could be responsive in litigation.   In other words, News Corp’s attorneys will likely have a lot of explaining to do in court.

via The E-Discovery Implications of the News of the World Phone Hacking Scandal | eDiscovery, E-Discovery, Electronic Discovery Beat Blog | Exterro.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , , ,

DOJ: We can force you to decrypt that laptop | CNET News

July 11, 2011 By Leave a Comment

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase.

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution’s Fifth Amendment, which broadly protects Americans’ right to remain silent.

In a brief filed last Friday, Fricosu’s Colorado Springs-based attorney, Philip Dubois, said defendants can’t be constitutionally obligated to help the government interpret their files. “If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?”

To the U.S. Justice Department, though, the requested court order represents a simple extension of prosecutors’ long-standing ability to assemble information that could become evidence during a trial. The department claims:

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

Prosecutors stressed that they don’t actually require the passphrase itself, meaning Fricosu would be permitted to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding “the password to the drive, either orally or in written form.”

The question of whether a criminal defendant can be legally compelled to cough up his encryption passphrase remains an unsettled one, with law review articles for at least the last 15 years arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article in 1996, for instance, titled “Compelled Production of Plaintext and Keys.”)

via DOJ: We can force you to decrypt that laptop | Privacy Inc. – CNET News.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: Tech Bytes Tagged With: , , , , , , ,
« Older Posts
Newer Posts »