Evidentiary Authentication within the EnCase Enterprise Process

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Evidentiary Authentication within the EnCase Enterprise Process"

Transcription

1 Evidentiary Authentication within the EnCase Enterprise Process JUNE 2003 By John Patzakis 1 and Victor Limongelli 2

2 I. Executive Summary EnCase Enterprise Edition is a powerful network-enabled incident response and computer forensics system for immediate and complete response to computer security incidents that occur throughout the enterprise. This solution brings the highly successful and industry standard EnCase computer forensic technology to the enterprise, allowing for remote and immediate analysis and bit stream disk acquisition of any server, workstation, and attached media connected to a wide area network. This capability enables immediate enterprise-wide forensic analysis, information analysis and discovery through volatile data capture including open ports, active processes, open files and the live Windows Registry. This capability also enables comprehensive enterprise-wide incident response and forensic analysis through file retrieval, including deleted file recovery, keyword and GREP searches, file signature and hash analysis, and many other integrated tools. This paper will address issues related to authentication of evidence recovered through an enterprise network investigation and how EnCase Enterprise facilitates the proper collection and documentation of recovered computer evidence in a networked environment, and in fact represents best practices in many investigations in a network environment. This paper will also address actual case studies, including a reported court decision where a federal court addressed the use of EnCase Enterprise Edition. II. Background The EnCase computer forensic software is widely recognized by the industry and validated by the courts, 3 as well as by testing conducted by the National Institute of Standards, 4 as the standard process used to collect, recover, and analyze computer evidence in a forensically sound manner. The EnCase process begins with the creation of a bit-stream drive image called an Evidence File. The Evidence File is then mounted as a read-only drive for analysis. When acquiring an image of a drive, EnCase calculates both a CRC (Cyclical Redundancy Checksum) value for every block of 64 sectors (32kb) that EnCase writes to the evidence file, as well as a MD5 hash calculated for all data contained in the Evidence File. The MD5 hash is calculated through a publicly available algorithm developed by RSA Security. The odds of two computer files with different contents having the same MD5 hash value is more than 1 in 340 undecillion. 5 This is a higher level of certainty than even DNA enjoys. 6 The MD5 hash value generated by EnCase is stored in a footer to the Evidence File and becomes part of the documentation of the evidence. The EnCase Enterprise Edition is based upon the same technology as the standalone forensic edition, only it is modified to run in a live enterprise environment to provide immediate incident response, data recovery and analysis capability. EnCase Enterprise offers numerous advantages over the much more limited existing alternatives for the remote analysis of files over the network and provides the only available mechanism for live, disk-level analysis of remote drives. The Enterprise edition also features an extensive security apparatus, including 128-bit AES encryption for data transport and a detailed PKI-based authentication scheme. A central authentication server, called the SAFE (Secure Authentication For EnCase), controls permissions, grants session keys for authorized users and services, and securely monitors and logs all examination activity for auditing and chain of custody documentation. In order to gain access to a live server or workstation at disk level to allow remote previews or drive acquisitions, the EnCase Enterprise process utilizes a small servlet installed on each network device to act as a communication proxy for commands from the EnCase Examiner software operated by the remote investigator, and the SAFE server, which controls, monitors and logs each session in a secure manner. In addition to enabling live, disk-level analysis of remote media, the servlet also operates as a critical security mechanism to ensure that only approved investigators authenticated by the SAFE server with properly signed session keys are able to conduct an examination of that particular network device. 215 North Marengo Avenue, Second Floor Pasadena, California Tel

3 III. Evidentiary Authentication and EnCase Enterprise Edition When computer evidence is recovered over a local or wide-area network, questions that may arise include: How is that data authenticated as genuine? How is the retrieved evidence tied to a specific computer, which may be located thousands of miles away? How do we ensure the data integrity was not compromised during the investigation? Authentication of Computer Data Computer data retrieved in a network environment in the regular course of business has been successfully admitted into evidence in many reported cases. 7 In the United States, the admission of computer evidence is generally governed by Federal Rule of Evidence 901(a), which provides that the authentication of a document (including a computer file) is satisfied by evidence sufficient to support a finding that the matter in question is what the proponent claims. As explained by one court when considering the admission of computer log files, [t]he rule requires only that the court admit evidence if sufficient proof has been introduced so that a reasonable juror could find in favor of authenticity or identification. 8 The Canada Evidence Act specifically addresses the authentication of computer evidence, providing that an electronic document can be authenticated by evidence capable of supporting a finding that the electronic document is that which it is purported to be. 9 Under these nearly identical statutes, a printout of an message can often be authenticated simply through direct testimony from the recipient or the author. 10 In the corporate enterprise environment, effective computer incident response examinations must occur in real time and over the network, either because the targeted workstations or servers are in a remote location or because the drives cannot be powered down without causing significant harm to the business. In order to evaluate issues concerning chain of custody and data integrity through the EnCase Enterprise process, the disadvantages of other more limited procedures often utilized for remote analysis and file recovery over a network must first be understood. For example, utilizing virus checking utilities or system administrator tools to conduct remote analysis of active files presents several problems from an evidentiary standpoint. First, such applications will materially alter the files being accessed or examined. In addition to changing critical file date stamps, including last accessed, and last modified times, remotely opening files through Windows NT and other system administration processes will likely result in a temporary file and other shadow data being generated on the target drive being examined. EnCase Enterprise is designed to address these challenges presented by real-time enterprise investigations. Importantly, EnCase Enterprise operates at the disk level, allowing EnCase to analyze the subject media in a read-only manner, without querying the resident operating system. This means that when the native files are read by EnCase, the various metadata related to those files, such as time stamps, date stamps, and other information, are not altered. This also means that no backup files or shadow data are generated during this process. Best Practices For Collection of Computer Evidence Required Courts recognize the importance of employing best practices in the collection of computer evidence. Gates Rubber Co. v. Bando Chemical Indus., Ltd., 11 is a particularly important published decision where the court essentially defines a mandatory legal duty on the part of litigants or potential litigants to perform proper computer forensic investigations. There, one party s examiner failed to make a mirror image copy of the target hard drive and instead performed a logical file-by-file copy in an invasive manner, resulting in lost information, altered file time data, and the creation of new temporary files on the original media. 12 In its ruling issuing harsh evidentiary sanctions, the court criticized the errant examiner for failing to make an image copy of the target drive, finding that when processing evidence for judicial purposes a party has "a duty to utilize the method which would yield the most complete and accurate results." 13 Best practices, or, in the words of the Gates Rubber Court, the method which would yield the most complete and accurate results, is a shifting standard based upon both the circumstances of the investigation and the evolution of new technology. In incident response investigations, the analysis must be as rapid as possible to mitigate the loss and increase the likelihood of identifying the culprit. As the European Convention on Cybercrime has noted, effective collection of evidence in electronic form requires very rapid response. 14 For these reasons, many law enforcement agencies in the United States and throughout the world are employing EnCase Enterprise Edition in criminal investigations in situations in which (i) the circumstances do 215 North Marengo Avenue, Second Floor Pasadena, California Tel

4 not allow for systems to be taken off-line, (ii) the necessity of a rapid response requires utilization of a wide area network (WAN) to access the target media, or (iii) there is a need to investigate numerous volumes of computer media attached to a WAN. Under these situations, best practices require the use of EnCase Enterprise. Live Analysis Of course, because EnCase Enterprise operates in a live environment, a static imaging process is simply not possible. Whenever a computer drive remains operating in its native environment, there will be changes made to that drive by virtue of its continued operation, such as writes to the swap file or other automatic functions of the resident operating system. However, despite operating in a live environment, EnCase Enterprise does not itself make any writes to the target drive during the exam, nor are files altered in any way when viewed or copied by EnCase. In addition to substantial cost benefits, it is often more advantageous from an evidentiary standpoint to remotely image or forensically search a live computer system, rather than to shut down a system for standalone analysis, for reasons including the following: 1) Critical systems often cannot be brought down without causing substantial damage to an enterprise s business operations. With the advent of EnCase Enterprise, it is no longer absolutely necessary to shut down mission critical servers in order to conduct a proper computer investigation. 2) Critical evidence will often be lost between the time an investigation is deemed necessary, and when the investigator can gain physical access to a computer. It is thus often more advantageous to conduct an immediate remote investigation, rather than waiting several hours or even days to either travel to a site or conduct a clandestine standalone computer investigation. With the advent of the EnCase Enterprise technology, such a delay is no longer reasonable. 3) When operating on a live system, a substantial amount of volatile data can be accessed that would otherwise disappear or not be available if a system were shut down. Running processes, open ports, data in RAM, connected devices, and current open documents are a just a few examples of forensically important live data that is only available when a computer is running in its native environment. Factors such as these are considered by the courts in determining the appropriateness of methodology to search computer systems for purposes of recovering evidence. 15 Another question sometimes raised whenever a live system is remotely previewed or recovered over a network is whether the recovered data is genuine and can be connected to the specific computer in question. EnCase Enterprise addresses this equation on three fronts. First, EnCase Enterprise, unlike typical system administrative tools, cannot write to the Subject media at any time during the examination. This means that any relevant data found on the Subject drive could not have been placed there through the use of EnCase Enterprise, even if the investigator had wanted to do so. Secondly, the elaborate, role-based security apparatus of the Enterprise Edition disallows unauthorized access and securely logs and identifies all users and activity throughout the course of the examination through a secure server, thus documenting important chain of custody and creating a detailed and secure record of the examination. Finally, all transported data in the EnCase Enterprise environment and the resulting Evidence Files are encrypted with 128-bit AES encryption. As noted above, when creating Evidence Files, EnCase Enterprise calculates CRC and MD5 checksums in the same manner as the standalone forensic version. Challenges To Authenticity Must Have Solid Basis Even if a criminal defendant or civil litigant were to challenge directly the authenticity of evidence gathered through the use of EnCase Enterprise Edition, the threshold to be met is quite high. Courts will normally disallow challenges to the authenticity of computer-based evidence absent a specific showing that the 1) computer data in question had been corrupted or mishandled, and 2) that the allegedly mishandled data is relevant to the case. 16 Mere speculation and unsupported theories of alterations to relevant data generally will not suffice. There is ample precedent reflecting that unsupported claims of possible tampering or overlooked exculpatory data are both relatively common and met with considerable skepticism by the courts. One federal 215 North Marengo Avenue, Second Floor Pasadena, California Tel

5 court refused to consider allegations of tampering that was almost wild-eyed speculation... [without] evidence to support such a scenario. 17 Another court noted that the mere possibility that computer data could have been altered is plainly insufficient to establish untrustworthiness. 18 One court suggests that the defense should perform its own credible computer forensic examination to support any allegation of overlooked exculpatory evidence or tampering. 19 Another court noted that while some unidentified data may have been inadvertently altered during the course of an exam, the defendant failed to establish how such alteration, even if true, affected the data actually relevant to the case. 20 As such, in order for a court to even allow a challenge based upon alleged tampering or alteration of the computer data, the opponent of the evidence should be required to establish both specific evidence of alteration or tampering and that such alteration affected data actually relevant to the case. Further, even if it is established that relevant computer records have been altered, such evidence would be considered toward the weight of the evidence, not its admissibility. 21 IV. Case Studies From The Field Positive Software v. New Century Mortgage Positive Software Solutions Inc. v. New Century Mortgage, 2003 WL (N.D.Tex.), is a U.S. federal court case in which EnCase Enterprise Edition was used by the defendant s expert to image 11 of the defendant s 250+ servers. The plaintiff raised objections and sought direct access to the defendant s network to conduct their own imaging. In denying the plaintiff's motion to conduct their own imaging of defendant s servers, the Court ordered the defendant to "to preserve all extant backups or images of all servers or personal computers that now or previously contained any [relevant evidence]... and to preserve all extant backups or images of all servers, pending further order of the Court or directive of the arbitrator." The Court did not fault the use of EnCase Enterprise Edition or otherwise find that the forensic imaging that was conducted using EnCase Enterprise Edition was in any way deficient or unacceptable, despite the fact that the plaintiff's motion raised unspecified allegations questioning "the quality and accuracy of the imaging." While EnCase Enterprise has been used in hundreds of investigations to date, the Positive Software case is notable as it is a published decision that deals with evidence produced by EnCase Enterprise Edition, and implicitly accepts the process. Insider Fraud Investigation EnCase Enterprise was recently employed by an examiner at a major financial institution in New York to successfully preview two drives in Thailand connected to the WAN for purposes of investigating a very sensitive case of insider fraud. The drives were previewed less than an hour after management determined that the investigation was necessary and that time was of the essence. The preview process revealed that one of the drives contained highly relevant information, and that drive was promptly acquired for further forensic analysis in New York without the knowledge of anyone in Thailand and without disrupting operations. The investigation also revealed that the other drive did not contain relevant evidence. An investigation with stand-alone computer forensics utilities would have delayed the process by several days, thus resulting in destroyed or otherwise changed evidence due to the delay in response, and would have likely compromised the investigation or, at a minimum, impacted business and morale due to the physical presence of investigators. Military Incident Response A military agency employed EnCase Enterprise edition and a high-speed network connection to image a drive located over 10,000 miles away. This process enabled rapid response and the capturing of live data, including the processes that were currently running on the compromised system. Without EnCase Enterprise the response would have been delayed by several days, or even more likely, would not have taken place at all. 215 North Marengo Avenue, Second Floor Pasadena, California Tel

6 IV. Conclusion EnCase Enterprise is ideally suited to recover and authenticate data over a local or wide area network. In many cases, the use of EnCase Enterprise is more that merely acceptable, but in fact constitutes best practices. EnCase Enterprise maintains the integrity of the files being examined, and cannot write to the target drive. Its robust security infrastructure disallows unauthorized access and securely logs and identifies all users and activity throughout the course of the examination through a secure server. This framework establishes EnCase Enterprise as an unparalleled process for maintaining and documenting data acquired in a remote and live network environment. NOTES 1 John Patzakis, Esq. is President and CEO of Guidance Software. 2 Victor Limongelli, Esq. is General Counsel of Guidance Software. 3 State v. Cook, 2002-Ohio-4812, 2002 WL (Appellate court expressly validates the authenticity of an EnCase image); State of Washington v. Leavell, Okanogan County Cause no , October 20, 2000 ruling; People v. Rodriguez, Sonoma County, California Superior Ct. no SCR28424, January 12, 2001 ruling. 4 See for the results of the NIST Computer Forensics Tool Testing Project and Guidance Software s comments to the EnCase test report at 5 undecillion would be written as a 1 followed by 36 zeros. By contrast, trillion would be written as 1 followed by twelve zeros. 6 NCPCA Update Newsletter, Volume 15, Number 9, 2002; 7 See, e.g., United States v. Moore, 923 F.2d 910, 915 (1st Cir. 1991); United States v. Briscoe, 896 F.2d 1476, 1494 (7th Cir. 1990); People v. Lugashi, 205 Cal.App.3d 632 (1988) 8 United States v. Tank 200 F.3d 627 (9 th Cir. 2000), 9 Canada Evidence Act, Chapter C-5 section See, e.g., United States v. Siddiqui 235 F.3d 1318 (11 th Cir 2000) (Testimony of recipients sufficient to authenticate s sent by defendant.) F.R.D. 90 (D.C. Col., 1996) 12 Id. at Id. 14 Council of Europe s Convention on Cybercrime, Explanatory Report, See United States v. Campos, 221 F.3d 1143, 1147 (10th Cir. 2000); United States v. Upham, 168 F.3d 532, 535 (1st Cir. 1999) (upholding seizure of "[a]ny and all computer software and hardware,... computer disks, disk drives" in a child pornography case because "[a]s a practical matter, the seizure and subsequent off-premises search of the computer and all available disks was about the narrowest definable search and seizure reasonably likely to obtain the [sought after] images") 16 United States v. Tank, supra; Wisconsin v. Schroeder 2000 WL United States v. Whitaker, 127 F.3d 595, 602 (7th Cir. 1997) 18 United States v. Bonallo, 858 F.2d 1427, 1436 (9th Cir. 1988); See also, United States v. Glasser, 773 F.2d 1553 (11th Cir. 1985) ( The existence of an air-tight security system [to prevent tampering] is not, however, a prerequisite to the admissibility of computer printouts. If such a prerequisite did exist, it would become virtually impossible to admit computer-generated records. ). 19 United States v. Tank, supra, at 631 fn Wisconsin v. Schroeder 2000 WL See, Bonallo, 858 F.2d at North Marengo Avenue, Second Floor Pasadena, California Tel

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Effective and Cost-Efficient Enterprise E-Discovery

Effective and Cost-Efficient Enterprise E-Discovery Effective and Cost-Efficient Enterprise E-Discovery LEGAL WHITE PAPER March 2005 John Patzakis and Victor Limongelli 1 Abstract: This paper examines the current Electronic Evidence Discovery landscape

More information

New Accounting Reform Laws Push For Technology-Based Document Retention Practices

New Accounting Reform Laws Push For Technology-Based Document Retention Practices New Accounting Reform Laws Push For Technology-Based Document Retention Practices John Patzakis CEO, Guidance The Sarbanes-Oxley Act of 2002, which President Bush signed into law last year, represents

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

New Incident Response Best Practices

New Incident Response Best Practices New Incident Response Best Practices Patch and Proceed is No Longer Acceptable Incident Response Procedure SEPTEMBER 2003 By John Patzakis 215 North Marengo Avenue, Second Floor Pasadena, California 91101

More information

Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence

Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence By John Patzakis 1 Summary: Social

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

EnCase Enterprise For Corporations

EnCase Enterprise For Corporations TM GUIDANCE SOFTWARE EnCASE ENTERPRISE EnCase Enterprise For Corporations An Enterprise Software Platform Allowing Complete Visibility Across your Network for Internal Investigations, Network Security,

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Spoliation of Evidence. Prepared for:

Spoliation of Evidence. Prepared for: Spoliation of Evidence Prepared for: Spoliation Nationwide anti-spoliation trend Cases can be thrown out of court Insurers can be denied subrogation claims An insured who destroys evidence of a claim can

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Computer Forensics Today

Computer Forensics Today L A W, I N V E S T I G A T I O N S, A N D E T H I C S Computer Forensics Today Kelly J. (KJ) Kuchta When people hear the word forensics, it often generates a mental image of the movie series with Jack

More information

Chapter 7 Securing Information Systems

Chapter 7 Securing Information Systems 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

Admissibility of Digital Photographs in Criminal Trials

Admissibility of Digital Photographs in Criminal Trials Admissibility of Digital Photographs in Criminal Trials Keith Hodges, Senior Instructor, Keith.Hodges@dhs.gov Federal Law Enforcement Training Center Glynco, GA 1 What we will discuss Digital photos captured

More information

Legal Arguments & Response Strategies for E-Discovery

Legal Arguments & Response Strategies for E-Discovery Legal Arguments & Response Strategies for E-Discovery The tools to craft strategic discovery requests & mitigate the risks and burdens of production. Discussion Outline Part I Strategies for Requesting

More information

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI? Ricoh Legal Live Data Acquisition: The New Default Standard for Capturing ESI? By David Greetham, National Director of Forensics, Legal Enterprise Solutions Live computer forensic imaging, which is performed

More information

EMRs, EHRs and e-discovery Positive Strategies for Managing Under the New Paradigm

EMRs, EHRs and e-discovery Positive Strategies for Managing Under the New Paradigm EMRs, EHRs and e-discovery Positive Strategies for Managing Under the New Paradigm CHITA Forum 2008/09 Series - "Living with an EMR" #3 April 22, 2009 Shoreline, Washington John R. Christiansen, J.D. Christiansen

More information

Case 5:14-cv-00093-RS-GRJ Document 21 Filed 05/28/14 Page 1 of 9

Case 5:14-cv-00093-RS-GRJ Document 21 Filed 05/28/14 Page 1 of 9 Case 5:14-cv-00093-RS-GRJ Document 21 Filed 05/28/14 Page 1 of 9 MARY SOWELL et al., Plaintiffs, IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF FLORIDA PANAMA CITY DIVISION Page 1 of

More information

Digital Forensics for Attorneys Overview of Digital Forensics

Digital Forensics for Attorneys Overview of Digital Forensics Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

Feature. How to Maximize Evidential Weight of Electronically Stored Information Recommendations of BS 10008

Feature. How to Maximize Evidential Weight of Electronically Stored Information Recommendations of BS 10008 Feature Haris Hamidovic, CIA, ISMS IA, ITIL, IT Project+, is chief information security officer at Microcredit Foundation EKI Sarajevo, Bosnia and Herzegovina. Prior to his current assignment, Hamidovic

More information

When E-Discovery Becomes Evidence

When E-Discovery Becomes Evidence Monday, June 11, 2007 When E-Discovery Becomes Evidence Make sure that you can easily authenticate the information that was so costly to produce By Leonard Deutchman Special to the Law Weekly A federal

More information

Network Enabled Digital Forensics. Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc.

Network Enabled Digital Forensics. Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc. Network Enabled Digital Forensics Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc. About the Presenter Founding member of FDR in 2001 Responsible for the implementation of FDR

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Digital Forensics, ediscovery and Electronic Evidence

Digital Forensics, ediscovery and Electronic Evidence Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics

More information

Computer-Based Discovery and Risk Control

Computer-Based Discovery and Risk Control Computer-Based Discovery and Risk Control Presented by David P. Stenhouse Computer Forensics Inc. Why Electronic Documents Are So Important Ease of review File genealogy File duplication Earlier Drafts

More information

A PRIMER ON THE NEW ELECTRONIC DISCOVERY PROVISIONS IN THE ALABAMA RULES OF CIVIL PROCEDURE

A PRIMER ON THE NEW ELECTRONIC DISCOVERY PROVISIONS IN THE ALABAMA RULES OF CIVIL PROCEDURE A PRIMER ON THE NEW ELECTRONIC DISCOVERY PROVISIONS IN THE ALABAMA RULES OF CIVIL PROCEDURE Effective February 1, 2010, the Alabama Rules of Civil Procedure were amended to provide for and accommodate

More information

Computer Intrusion Forensics Literature Review

Computer Intrusion Forensics Literature Review Computer Intrusion Forensics Literature Review Nathan Balon CIS 544 October 20, 2003 Title Computer Forensics: Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser Reviewed by Nathan Balon

More information

Determining Whether Medical Causation Is Established

Determining Whether Medical Causation Is Established Determining Whether Medical Causation Is Established February 2010 By H. Thomas Watson Using Statistical Analysis To prove medical malpractice liability, the plaintiff must establish through competent

More information

Evidentiary Considerations for Collecting and Examining Hard-Drive Media Anthony F. DeSante November 28, 2001

Evidentiary Considerations for Collecting and Examining Hard-Drive Media Anthony F. DeSante November 28, 2001 Evidentiary Considerations for Collecting and Examining Hard-Drive Media Anthony F. DeSante November 28, 2001 Forensic Sciences 262 The George Washington University Assistant Professorial Lecturer David

More information

Discovery Services WHITE PAPER. Lorraine v. Markel: Electronic Evidence 101

Discovery Services WHITE PAPER. Lorraine v. Markel: Electronic Evidence 101 Common Types of Electronically Stored Information Email: Rules 901(b)(1) (person with personal knowledge); 901(b)(3) (expert testimony or comparison with authenticated example); 901(b)(4) (distinctive

More information

Computer Forensics & Electronic Discovery Setec Investigations offers unparalleled expertise in computer forensics and electronic discovery,

Computer Forensics & Electronic Discovery Setec Investigations offers unparalleled expertise in computer forensics and electronic discovery, Computer Forensics & Electronic Discovery Setec Investigations offers unparalleled expertise in computer forensics and electronic discovery, providing highly personalized, case-specific forensic analysis

More information

Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources

Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources Southern Law Center Law Center Policy #IT0014 Title: Privacy Expectations for SULC Computing Resources Authority: Department Original Adoption: 5/7/2007 Effective Date: 5/7/2007 Last Revision: 9/17/2012

More information

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014 Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,

More information

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform

More information

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable

More information

Sufficiency of Windows Event log as Evidence in Digital Forensics

Sufficiency of Windows Event log as Evidence in Digital Forensics Sufficiency of Windows Event log as Evidence in Digital Forensics Nurdeen M. Ibrahim & A. Al-Nemrat, Hamid Jahankhani, R. Bashroush University of East London School of Computing, IT and Engineering, UK

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013 MDLA TTS August 23, 2013 ediscovery for DUMMIES LAWYERS Kate Burke Mortensen, Esq. kburke@xactdatadiscovery.com Scott Polus, Director of Forensic Services spolus@xactdatadiscovery.com 1 Where Do I Start??

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis

More information

ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws

ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws Scott Bailey, CISM Christopher Sobota, J.D. Enterprise Risk Management Group Disclaimer This presentation is for informational

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

Employee Relations. Howard S. Lavin and Elizabeth E. DiMichele

Employee Relations. Howard S. Lavin and Elizabeth E. DiMichele VOL. 34, NO. 4 SPRING 2009 Employee Relations L A W J O U R N A L Split Circuits Does Charging Party s Receipt of a Right-to-Sue Letter and Commencement of a Lawsuit Divest the EEOC of its Investigative

More information

IN THE UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF NORTH CAROLINA

IN THE UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF NORTH CAROLINA Case 1:13-cv-00046-CCE-LPA Document 24 Filed 01/06/14 Page 1 of 14 IN THE UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF NORTH CAROLINA EQUAL EMPLOYMENT OPPORTUNITY ) COMMISSION, ) ) Plaintiff,

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

EnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network.

EnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network. TM GUIDANCE SOFTWARE EnCASE ediscovery EnCase ediscovery Automatically search, identify, collect, preserve, and process electronically stored information across the network. GUIDANCE SOFTWARE EnCASE ediscovery

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017

EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 Collection and Retention Procedures for Electronically Stored Information (ESI)

More information

Journal of Digital Forensic Practice

Journal of Digital Forensic Practice Journal of Digital Forensic Practice Journal of Digital Forensic Practice, 2:57 61, 2008 Copyright Taylor & Francis Group, LLC ISSN: 1556-7281 print / 1556-7346 online DOI: 10.1080/15567280801958464 UDFP

More information

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:

More information

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA Case 1:07-cv-01707-HHK-JMF Document 66 Filed 04/17/2008 Page 1 of 7 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA CITIZENS FOR RESPONSIBILITY AND ETHICS IN WASHINGTON, Plaintiff, v.

More information

Social Media E-Discovery: Process & Technology

Social Media E-Discovery: Process & Technology Social Media E-Discovery: Process & Technology Presented by: John Patzakis, X1 Discovery, Inc. Don Swanson, Five Star Legal and Compliance Systems, Inc. Hosted by LexisNexis and X1 Discovery Social Media

More information

Vancouver Toronto Seattle

Vancouver Toronto Seattle Company Profile litigation support services Consulting Project Management Electronic Discovery Document Hosting Computer Forensics Database Re-engineering Trial Support leadership Searchlight is a full-service

More information

Remote Administration

Remote Administration Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over

More information

COMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj

COMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj COMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj ABSTRACT The process of using scientific knowledge to collect, analyze and present digital evidence to court is identified as Computer Forensic. To be able

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

The Impact of 21 CFR Part 11 on Product Development

The Impact of 21 CFR Part 11 on Product Development The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical

More information

Microsoft Vista: Serious Challenges for Digital Investigations

Microsoft Vista: Serious Challenges for Digital Investigations Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of

More information

Computer Forensics US-CERT

Computer Forensics US-CERT Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further

More information

Immigration and Customs Enforcement Forensic Analysis of Electronic Media

Immigration and Customs Enforcement Forensic Analysis of Electronic Media for the Immigration and Customs Enforcement Forensic Analysis of Electronic Media DHS/ICE/PIA-042 May 11, 2015 Contact Point Peter T. Edge Executive Assistant Director Homeland Security Investigations

More information

Understanding and Integrating KODAK Picture Authentication Cameras

Understanding and Integrating KODAK Picture Authentication Cameras Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.

More information

IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA SECOND APPELLATE DISTRICT DIVISION EIGHT

IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA SECOND APPELLATE DISTRICT DIVISION EIGHT Filed 10/11/13 CERTIFIED FOR PUBLICATION IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA SECOND APPELLATE DISTRICT DIVISION EIGHT ED AGUILAR, Plaintiff and Respondent, v. B238853 (Los Angeles County

More information

Electronic Discovery How can I be prepared? September 2010

Electronic Discovery How can I be prepared? September 2010 Electronic Discovery How can I be prepared? September 2010 Presented by Brian Wilkinson, Director of ediscovery & Computer Forensics brian.wilkinson@us.pwc.com 410-659-3473 Table of Contents Page 1 Electronic

More information

Case 1:07-cv-00389-MJW-BNB Document 51 Filed 08/21/2008 Page 1 of 8 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO

Case 1:07-cv-00389-MJW-BNB Document 51 Filed 08/21/2008 Page 1 of 8 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO Case 1:07-cv-00389-MJW-BNB Document 51 Filed 08/21/2008 Page 1 of 8 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO Civil Action No. 07-cv-00389-MJW-BNB ERNA GANSER, Plaintiff, v. ROBERT

More information

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA ) ) ) ) ) ) ) ) ) ) ) ) Plaintiff,

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA ) ) ) ) ) ) ) ) ) ) ) ) Plaintiff, Case :-cv-000-bas-wvg Document Filed 0// Page of 0 0 BETTY GUZMAN, v. UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA Plaintiff, BRIDGEPOINT EDUCATION, INC., ASHFORD UNIVERSITY, Defendants.

More information

The legal admissibility of information stored on electronic document management systems

The legal admissibility of information stored on electronic document management systems Softology Ltd. The legal admissibility of information stored on electronic document management systems July 2014 SOFTOLOGY LIMITED www.softology.co.uk Specialist Expertise in Document Management and Workflow

More information

Union County. Electronic Records and Document Imaging Policy

Union County. Electronic Records and Document Imaging Policy Union County Electronic Records and Document Imaging Policy Adopted by the Union County Board of Commissioners December 2, 2013 1 Table of Contents 1. Purpose... 3 2. Responsible Parties... 3 3. Availability

More information

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web. Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

More information

The Risks, Rewards and Limits of Social Media in Defense Counsel's Arsenal

The Risks, Rewards and Limits of Social Media in Defense Counsel's Arsenal The Risks, Rewards and Limits of Social Media in Defense Counsel's Arsenal Annarita M. Busbee Noelle A. Abastillas Owen Gleaton Egan Jones & Sweeney, LLP Atlanta, Georgia Social media websites are increasingly

More information

Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices

Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices September 2008 Recent advances in data storage and data protection technology are nothing short of phenomenal. Today,

More information

LEGAL HOLD OBLIGATIONS FOR DISTRICT EMPLOYEES

LEGAL HOLD OBLIGATIONS FOR DISTRICT EMPLOYEES LEGAL HOLD OBLIGATIONS FOR DISTRICT EMPLOYEES INSERT YOUR NAME HERE Place logo or logotype here, Otherwise delete this text box. AGENDA.. Federal Rules of Civil Procedure What is a legal hold? What are

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement Clinton Mikel The Health Law Partners, P.C. Alessandra Swanson U.S. Department of Health and Human Services - Office for Civil Rights Disclosure

More information

Prosecuting Attorneys Council of Georgia

Prosecuting Attorneys Council of Georgia 1. Purpose: This policy is intended to help personnel determine what information sent or received by email should be retained and for how long. The information covered in this policy includes, but is not

More information

White Paper. Authenticating Digital Evidence Identify and Avoid the Weak Links in Your Chain of Custody

White Paper. Authenticating Digital Evidence Identify and Avoid the Weak Links in Your Chain of Custody White Paper Chain of Custody Authenticating Digital Evidence Identify and Avoid the Weak Links in Your Chain of Custody M E R R I L L L E G A L S O L U T I O N S Contents Introduction 1 Stages of electronic

More information

ORDER GRANTING TRAVELERS INSURANCE COMPANY / HARTFORD UNDERWRITERS INSURANCE S MOTION TO INTERVENE

ORDER GRANTING TRAVELERS INSURANCE COMPANY / HARTFORD UNDERWRITERS INSURANCE S MOTION TO INTERVENE Pulitano v. Thayer St. Associates, Inc., No. 407-9-06 Wmcv (Wesley, J., Oct. 23, 2009) [The text of this Vermont trial court opinion is unofficial. It has been reformatted from the original. The accuracy

More information

-3- 1. Manufacturing Defects

-3- 1. Manufacturing Defects A SUMMARY OF PUERTO RICO PRODUCTS LIABILITY LAW Presented by: Manuel Moreda-Toldeo, Esq., McConnell Valdes While Puerto Rico is, in essence, a Civil Law jurisdiction, its legislature has never enacted

More information

Case 3:05-cv-07309-JGC Document 170 Filed 10/26/2005 Page 1 of 7

Case 3:05-cv-07309-JGC Document 170 Filed 10/26/2005 Page 1 of 7 Case 3:05-cv-07309-JGC Document 170 Filed 10/26/2005 Page 1 of 7 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF OHIO WESTERN DIVISION ) LEAGUE OF WOMEN VOTERS ) OF OHIO, et al., ) Plaintiffs,

More information

Alliance AES Key Management

Alliance AES Key Management Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

for Insurance Claims Professionals

for Insurance Claims Professionals A Practical Guide to Understanding ediscovery for Insurance Claims Professionals ediscovery Defined and its Relationship to an Insurance Claim Simply put, ediscovery (or Electronic Discovery) refers to

More information

EnCase Endpoint Investigator Fundamentals 5/25/2016

EnCase Endpoint Investigator Fundamentals 5/25/2016 EnCase Endpoint Investigator Fundamentals Guidance Software 1 About Us Tony Balzanto Tony Balzanto is an instructor in the Orlando, FL office of Guidance Software s Professional Development and Training

More information

THE INCREASING RISK OF SANCTIONS FOR ORDINARY NEGLIGENCE IN E-DISCOVERY COMPLIANCE

THE INCREASING RISK OF SANCTIONS FOR ORDINARY NEGLIGENCE IN E-DISCOVERY COMPLIANCE White Paper Series February 2006 THE INCREASING RISK OF SANCTIONS FOR ORDINARY NEGLIGENCE IN E-DISCOVERY COMPLIANCE The law is continuously carving out and redefining the boundaries of electronic document

More information

Cyber Tech & E-Commerce

Cyber Tech & E-Commerce MEALEY S LITIGATION REPORT Cyber Tech & E-Commerce The Duty To Preserve Data Stored Temporarily In Ram: Is The Sky Really Falling? by J. Alexander Lawrence Morrison & Foerster New York, New York A commentary

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

A Brief Overview of ediscovery in California

A Brief Overview of ediscovery in California What is ediscovery? Electronic discovery ( ediscovery ) is discovery of electronic information in litigation. ediscovery in California is governed generally by the Civil Discovery Act. In 2009, the California

More information

Universität Mannheim Praktische Informatik I

Universität Mannheim Praktische Informatik I Universität Mannheim Praktische Informatik I 21.03.2007 Examining and imaging data on running systems using LiveWire" Steven W. Wood Master of Science (Florida Institute of Technology) ALSTE Technologies

More information

Hong Kong High Court Procedure E-Discovery: Practice Direction Effective September 1, 2014

Hong Kong High Court Procedure E-Discovery: Practice Direction Effective September 1, 2014 CLIENT MEMORANDUM Hong Kong High Court Procedure E-Discovery: Practice Direction Effective September 1, 2014 August 28, 2014 Mandatory application of e-discovery Mandatory application of e-discovery to

More information

e-discovery Forensics Incident Response

e-discovery Forensics Incident Response e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:

More information

Guidelines on Digital Forensic Procedures for OLAF Staff

Guidelines on Digital Forensic Procedures for OLAF Staff Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to

More information

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA. Defendants.

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA. Defendants. Case :-cv-00-btm-rbb Document Filed 0// Page of UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA 0 NUVASIVE, INC., a Delaware corporation, Plaintiff, vs. MADSEN MEDICAL, INC., et al., MADSEN

More information

Department, Board, Or Commission Author Bill Number

Department, Board, Or Commission Author Bill Number BILL ANALYSIS Department, Board, Or Commission Author Bill Number Franchise Tax Board Leno SB 467 SUBJECT Privacy/Electronic Communication/Warrants SUMMARY The bill would require the department to obtain

More information

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Digital Forensics Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Topics What is Digital Forensics? Cases Digital Forensics Practice Algorithms and Computer Sci Digital Forensics

More information