pm blog

Cybercontrols, LLC

FRCP Rule 34 provides that the requesting party can "inspect, copy, test, or sample the following items in the responding party’s possession, custody, or control … any designated documents or electronically stored information - including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations - stored in any medium from which information can be obtained …".

Generally, the producing party will provide disclosure of responsive data to the requesting party’s ESI production request by physically transferring the data by CD-ROM, DVD, or other storage media. However, amended FED. R.CIV. P. 34 allows testing, sampling, or in some instances for entry onto the property of an adverse party for the purpose of inspecting the property. Depending on the circumstances, Rule 34 has been interpreted to permit an inspection of an individual or corporate computer system by performing searches on computer data or by creating a forensic or "bitstream" image copy of the storage media for later analysis. Under certain circumstances direct seizure of a computer is permitted.

FED. R. CIV.P.45 authorizes similar options for the inspection of ESI of a nonparty.

One of the most fundamental issues about electronic discovery is how a court should respond to requests for electronic materials that have been "deleted." Courts consistently have held that discoverable ESI includes files that have been "deleted". Courts consistently have held that discoverable ESI includes "deleted" files. If restored, this information could be invaluable for exposing patterns of conduct, behavior or motives surrounding its deletion. However, it usually is necessary to present evidence of the relevance and "specific facts" justifying a request for the "deleted" data or the courts may label the request a "fishing expedition".

Forensic images of a hard drive or other storage media can be created to preserve the data for later searching and analysis. The images can then be searched for deleted or altered files, unauthorized copies of software, or other artifacts.

It is normal to allow a party and/or their expert to be present during the imaging process.

Generally, courts hesitate to grant the requesting party on-site access to conduct the actual search because of the risk that data may be inadvertently altered. If access is permitted to the computer system, the producing party’s IT staff or a neutral third party such as a forensic expert is usually retained to perform the necessary computer tasks.

While a sizeable portion of a computer inspection may include conducting a keyword search to locate relevant documents and e-mails, a computer forensic examination of computer hard drives and other storage media has the potential of uncovering a vast amount of lesser known electronic "facts" pertaining to the case that would otherwise never surface. For examples of these ESI artifacts and how they might contribute to a case matter, click on the "Beyond the Smoking Gun" link below.

CyberControls is not a law firm. We are experienced specialists in the in the field of electronic discovery and production, computer forensics and the integration of computer technology and the rules of discovery. Our professional services teams are comprised of pretrial litigation consultants and field technicians and forensic experts. CyberControls’ expertise in computer forensics and investigative experience has proven to be an invaluable resource to hundreds of legal professionals across the country. Visit CyberControls at www.cybercontrols.net.

Web 2.0 Journal says it nicely in an article entitled Web 2.0 Meets Virtualization

Fueled by the explosive growth in digital media and user generated content, the demand for storage has increased exponentially, placing significant stress on current ‘in house’ storage architectures and costly overcapacity build-outs. Factoring in time-to-market pressures as well as power, space, large capital expenditures, global performance, load balancing and availability issues, companies are faced with an exploding challenges and costs to go with the exploding storage demand. Bottom line, companies must take a new approach to storage. Companies need to move from the old and out-dated storage 1.0 model of ‘do everything yourself’ to a new storage 2.0 model. The storage 2.0 model delivers persistent storage on demand to applications regardless of location and pre-defined boundaries and meets the performance and scalability characteristics of the web applications.

Email Archives has/is the main fishing ground for “juicy” eDiscovery requests.   There are two sides, those searching and those protecting.    Today we take the high road of protecting your client against the assault.   The biggest hurtle is the storage.  Not so much the physical, as accessibility.   Where would you start?

        Barracuda Systems – Message Archiver is a good place to start.    

Enforcing corporate policy, compliance regulations and litigation requests are a growing aspect of a system administrator’s duties, requiring email retention, retrieval of related messages and delivery of all relevant communications. The Barracuda Message Archiver supports a standard and customizable set of policies and capabilities, including: 

•  Retention policy. A predetermined archiving policy that outlines the length of time to retain email messages, whether to comply with government regulations or for company records.
•  Roles. Using role-based administration, access privileges are organized in three tiers and can be designated to the administrator, auditor and end user by integrating with Active Directory to immediately classify user permissions.
•  Compliance and corporate policy monitoring.The Barracuda Message Archiver enforces standard policies by monitoring and reporting on behaviors, such as use of foul language, transmitting personal identifying information, list of most frequently visited job searching Web sites, as well as providing customizable policies to monitor use of user-defined keywords and phrases. Upon installation, administrators can immediately set up the built-in policies or leverage new policy definitions delivered by Energize Updates to begin monitoring policy violations and create an audit trail of relevant email messages.
•  Litigation readiness and discovery process. By using the powerful searching capabilities, auditors and email administrators can easily sort through an email archive to compile relevant messages based on keywords, dates and sender/recipients into an exported file. Access records and related policy violations can also be readily compiled and delivered to legal counsel as requested.

Notice how the product “forces” the client too address the issues of retention/destruction policies.   In the growth of today’s litigation, businesses are already cutting razor thin margins and tight credit lines to stay alive.   They may listen to their legal counsel before some IT consultant.   Case in point a local Village installed one after their Attorney stepped forward.   For you hunters…..now you know where to look first…… 

Author’s Note: This year I got to blog the ABA Technology Show once again as I did last year in this pair of posts here and here. In addition, this year I was given the opportunity to publish my work in the prestigious publication TechnoLawyer. And on a related (and equally important) note, this was the second year in a row that I was sponsored by the august DuPage County Bar Association, thanks to the hard work of directrix and champion of technology, Glenda Sharp. To Glenda and this year’s bar President, Fred Spitzzeri, a great big Thank You! Here’s to doing it again next year …

I Attended ABA TECHSHOW 2008 and All I Got Was This Lousy Blog Post

Eliminating the Paper Chase: From Boxes to Bytes (Paperless Office Track)

A Real World EDD Motion Hearing (Litigation Track)

The Mobile Office: Take Your Desktop in Your Pocket (Mobile Technology Track)

Outlook Tips and Tricks (Roundtables Track)

So You Want to Be an ABA Author? (Special Session)

Beating the Startup Blues: A Tech Survival Guide (Solo/Small Firm II Track)

Grand Finale: 60 Sites In 60 Minutes

Crazy Mazy’s Best of Show: SQ Global Solutions

Crazy Mazy’s Best of Show: Legal Bar by BEC Legal Systems

Crazy Mazy’s Best of Show: Electronic Discovery

Crazy Mazy’s Best of Show: Adobe Acrobat Professional

A Report from the Exhibit Hall and Suggestions for TechShow 2009

Court Approved Forensic Computer Examination

Inevitably, most commercial litigators have or will be facing an electronic discovery dispute that develops in such a way that a computer examination order is necessary to satisfy the reasonable demands of a requesting party. Of course, if your client is on the producing side, a computer examination request may not seem so reasonable.Nevertheless, a court order to allow the requesting party to conduct the forensic imaging and subsequent search and examination for relevant electronically stored information (ESI) is a process that most state and federal courts will exercise their prerogative to implement a suitable protocol should the counsel for both parties fail to submit such a protocol.

Our firm strongly recommends that every effort be made in anticipation of a court ruling which would permit a forensic computer examination, to develop a fair and reasonable protocol that would cover the complete process and methodology to be followed by the forensic technician. Some considerations for the protocol might be:

1. Provisions for opposing partys computer expert to be present in order to observe the assigned forensic technicians practices in acquiring the bit-stream copies of the subject computers and/or media storage devices.

2. Provisions for two copies of each forensic bit-stream image to be produced-one for the examiner and the other for the producing party.

3. Instructions for the forensic examiner to conduct the search and recovery of ESI within the agreed upon search parameters:

a. List of search terms e.g., specific words, terms, sentences, names, specific dates, e-mail addresses, distinct descriptions etc. developed by both parties.

b. Search and recovery of computer users Internet history if applicable.

c. Examination and review of computer users software/hardware installation and de-installation history.

d. Search and review of all relevant computer system artifacts pertaining to the relevant actions of the user in timeline of interest.

4. Instruct the forensic examiner to generate a search hit summary report to both parties which is a numeric tally of hit results associated with each search term used to conduct the word search phase of the forensic examination. This provides full disclosure to both parties and the Court of the initial results.

5. Provisions to have the forensic examiner copy all search results onto a CD or DVD and have delivered to the producing party for their pre-production review process.

6. Upon completion of the pre-production review, the producing party will submit a privilege log along with their production less any identified privileged ESI.

You can call Cybercontrols at 847-756-4890 or find them online at www.cybercontrols.net.

Law.com has 2 recent posting this LPM member strongly encourages you review:

    What to do without local E-Discovery Rules……
   Amy Karan and Kansas Gooden point out: Lawyers should advise clients to develop a
   written document retention policy and sensitize clients to the potential risks
   including sanctions and adverse inferences for violations.

    Ignore Sarbanes-Oxley (SOX 404)at your Peril………
   Thus, it is critical for every entity to ensure that its records-retention policy
    includes appropriate triggers — called “litigation holds”

      It’s always alot easier to expand a relationship with a current client vs finding a new one.   Sales/Marketing 101.  Obviously previous posts on this subject gathered limited interest.  Since I consultant “Storage Solutions” to Mid-size companies here are some responses from clients I’m suppose too help:

• “since there is no HIPPA police, why get crazy..”  Senior Living complex
• “our competitors get sued, that’s our growth…”    Manufacture
• “we have never had that issue, don’t see it…”        Trucking firm
• “email’s, individuals cancel their own…”                  International Exporter
• “worse scenerio, we’ll pay some silly fine…”            Property Management Firm

     I’m sure Mazy has a smile reading this:  Bankruptcy Clients….

As with previous post(s), we have explored the reality of IT people acting as “Guardians” with compliance issues that role into eDiscovery availability.   The topic is something the LPM Committee will not let die.

Strolling through numerous sources of information we come across this listing that begs for commentary reaction:

FRCP looking like a PITW (Pain in the Wallet)
March 6th, 2008 by Tory Skyers

Note:   There’s a “Safe Harbor” clause in the FRCP that absolves companies of responsibility if the company has — and strictly follows — a deletion and retention policy. This protects the company from falling afoul of the regulation, but does my act (as an end user) of deleting an email fall under the “Safe Harbor” clause?

Let me put on my lawyer hat. Okay, it’s on. I’ve seen some precedent that leads me to believe that simply having and following a policy is not enough. …………

Hello!  Can anyone see the opportunity here.  Confusion begs for billable knowledge.  This is just a sampling of something that is repeated daily in many businesses right here in DuPage.   But this LPM member is needing too go a step further.  I need a partner to help me address these issues with MY clients.  Building physical storage solutions without updated Retention/Deletion policies is like putting on your pants an leaving the zipper open.

What I fail to understand is this readerships inability to visualize this opportunity  an act on it.  Especially, when I have yet too meet anyone that could not use another client.   Clients pay me for a solution, which means I better have good vendors.   Maybe I’m addressing the wrong crowd……