2013 Boston Ediscovery Summit. Computer Forensics for the Legal Issue-Spotter
|
|
- Preston Lynch
- 8 years ago
- Views:
Transcription
1 2013 Boston Ediscovery Summit Computer Forensics for the Legal Issue-Spotter James Berriman CEO, Evidox Corporation A Preliminary Comment Issue spotting applies to the practice of ediscovery just as to any other field of law. How do we spot issues? Abstraction Conceptualization Pattern recognition Focus on scenarios, not irrelevant details 1
2 Two Major Categories of Ediscovery Active-File Ediscovery Forensic Ediscovery Active-File Ediscovery Scope of Active-File Ediscovery: Active files -- not deleted files User files -- not system files These are human readable files Created by users, accessed by users Usually in business-oriented formats s, word-processed documents, spreadsheets, presentations, media files, etc. 2
3 Active-File Ediscovery Scope of Active-File Ediscovery: Communications, reports, financials, marketing materials, work product, etc. In short: electronic business records The digital equivalent of traditional paper files Often highly voluminous Relevance depends on substantive content Active-File Ediscovery What matters is on the face of the document 3
4 Active-File Ediscovery Evidence On the Face of the Document : What are the terms of this proposal? What are the warranties in this contract? What is the scope of this specification? What is stated in this communication? What is the invention claimed in this patent? What is represented in this advertisement? Active-File Ediscovery This is traditional legal issue-spotting: - Relevance - - Materiality - - Privilege - These determinations do not require technical expertise regarding the electronic format of the document 4
5 Forensic Ediscovery Scope of Forensic Ediscovery: A different goal and a different methodology To look behind the face of the active user files To assess the digital context of the evidence To assess conduct (or misconduct) of the user: What the user did with the documents What the user did with the computer Forensic Ediscovery Scope of Forensic Ediscovery: Spoliation: Was relevant evidence deleted? Can it be recovered? Authenticity: Is the document authentic? Altered? Fabricated? History: When was the document created? Edited? Printed? By whom? Other versions? Access: Who accessed it, viewed it? 5
6 Forensic Ediscovery Scope of Forensic Ediscovery: Transmittal: Was the document copied to another device? Transmitted? Uploaded? User Activity: What was the user doing with this device at a certain date and time? What applications did the user install? Use? What web sites did the user visit? What communications did the user have? Forensic Ediscovery Scope of Forensic Ediscovery: This requires a search for technical clues in the digital environment where the evidence resides 6
7 Forensic Ediscovery Scope of Forensic Ediscovery: System caches (automatic system copies) System databases (like the Windows Registry) File system data (creation date, access date) Technical data within files (transmission headers, access logs, internal attributes) Residue of deleted data and past disk activity Forensic Ediscovery This requires technical issue-spotting: the province of the forensic expert 7
8 Active-File vs. Forensic Ediscovery Where is the evidence? What is the focus? What is the objective? What kind of expertise? Who does the assessment? What is the result? Active-File Ediscovery Active user documents (electronic business records) Substantive content on face of documents Find relevant documents Legal issue-spotting Lawyer (with technical help) Document production Forensic Ediscovery Digital environment of hard drive or device User conduct (or misconduct) behind face of documents Find technical clues Technical issue-spotting Forensic expert (with legal help) Expert opinion / report The General Methodology of Active-File Ediscovery 8
9 Major Repositories of Electronic Evidence Mail Server File Servers Database Servers Web Server DR Backups Archives Workstations Portable Devices Media Active-File Ediscovery: The Methodology Identify relevant custodians Identify relevant repositories (custodian-centric) Implement preservation plan (repository-centric) Interview custodians (learn criteria for relevance) Select sub-repositories of interest Develop culling and processing criteria Conduct disclosures / preliminary conference Create review set (culled, deduped, processed) Review documents for actual responsiveness Produce responsive subset 9
10 Visualizing the Active-File Winnowing Process Entire client network all devices 2. Preserved subset 3. Selected subset 4. Processed subset review set 5. Responsive subset production Review Platform Production Set The General Methodology of Forensic Ediscovery (We will focus on Windows systems) 10
11 The Basics: What is a Byte? What is a byte? Think of a byte as a single character Letter, number, symbol Code (tab, return, etc.) Unit of data or value The smallest unit of information we care about The Basics: What is a Cluster? What is a cluster? A cluster is a group of bytes on a storage device It is the organizational unit of file storage 4K bytes (4096) per cluster is a common size This allows the system to handle bytes in groups It allows a smaller number of storage addresses Jim s school bus analogy 11
12 The Basics: What is a Cluster? An unformatted drive Lots of byte locations (3200 bytes) No clusters No files The Basics: What is a Cluster? A formatted drive Same number of byte locations Now grouped into 50 clusters 64 bytes per cluster in this example Fewer addresses to worry about Still no files All clusters are therefore unallocated 12
13 The Basics: What is a Cluster? Here is a file (blue) It occupies 1 cluster That cluster is allocated to the file Logical size (blue) = 54 bytes Physical size (cluster) = 64 bytes Leftover space = slack = 10 bytes Unallocated space = 49 clusters The Basics: What is a Cluster? The file is now larger (blue) It occupies 2 clusters Those 2 clusters are allocated Logical size (blue) = 100 bytes Physical size (clusters) = 128 bytes Leftover space = slack = 28 bytes Unallocated space = 48 clusters 13
14 The Basics: What is a Cluster? The file is now even larger (blue) It occupies 4 clusters Those 4 clusters are allocated Logical size (blue) = 193 bytes Physical size (clusters) = 256 bytes Leftover space = slack = 63 bytes Unallocated space = 46 clusters The Basics: The File System & File Deletion What happens when you format a drive? A new drive has capacity (e.g., 100 GB) But it has no organizational structure It has bytes but no clusters When you format a drive: The cluster size is defined (e.g., 4K) The clusters are mapped and addressed A Master File Table (MFT) is created 14
15 The Basics: The File System & File Deletion The Master File Table The MFT is itself a file Think of it as the Table of Contents for the drive Contains a data record for each file on the drive Points to file s address (the clusters that store it) Contains many fields of metadata about each file Metadata = data about the file, not on the face of the document The Basics: The File System & File Deletion Metadata in the Master File Table File name, file extension, full path Status: active or deleted Type: file or folder (a folder is a special type of file) Dates/times of creation, last access, last save Attributes (read only, hidden, system) Permissions (which users can access, save) Logical size (size of the document itself) Physical size (in whole cluster increments) 15
16 The Basics: The File System & File Deletion Does any of this sound familiar? It should. MFT is the source of Windows Explorer data: Filenames, extensions Datestamps Attributes All from the MFT The Basics: The File System & File Deletion MFT is also the source of Properties data in Windows Explorer: Size = logical size Size on disk = physical size Datestamps Attributes All from the MFT 16
17 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 17
18 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 18
19 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 19
20 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 20
21 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 21
22 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 22
23 A Disgruntled Employee Scenario A Disgruntled Employee Scenario 23
24 A Disgruntled Employee Scenario A Disgruntled Employee Scenario If this were a system drive (C:\ drive) it would also contain system files, system caches, executables, drivers, libraries, icons, help files. 24
25 A Disgruntled Employee Scenario A Disgruntled Employee Scenario Active-File Ediscovery: Only the active user files Not system files Not slack space Not unallocated space 25
26 A Disgruntled Employee Scenario Forensic Ediscovery Everything: Active user files System files Slack space Unallocated space Forensic Ediscovery: The Methodology Forensic Preservation: Objective: to preserve the exact existing state of the entire digital storage device Every byte in every cluster, top to bottom Do not boot it up, do not turn it on: This could change the state Use a write blocker to avoid changes Use specialized forensic preservation software 26
27 Forensic Ediscovery: The Methodology Forensic Preservation: This approach preserves everything: The Master File Table All active user files All active system files and caches All recoverable deleted files, user and system All residue of past disk activity All slack space All unallocated space Forensic Ediscovery: The Methodology Forensic Preservation: The resulting archive is called a forensic image Call it a forensic image (a well-defined term) Do not call it a mirror (an ambiguous term) A forensic image basically converts the entire digital storage area into one huge searchable file The forensic expert can search, scroll through, and review the entire space at the byte level 27
28 Forensic Analysis: The Basics What You Can Do With a Forensic Image For Minimal Expense Forensic Analysis: The Basics 1. Extract and Review the Master File Table The MFT can be extracted easily in Excel format You can review the name of every file and folder listed in the MFT, active and deleted You can sort by any of the fields of data You can run full-text searches on the file and folder names Tremendous bang for the buck 28
29 Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by full path user accounts: This shows the contents of every user account C:\Documents and Settings\[user] See the name of every user account See the names of all files and icons on the Desktop for each user See the names of all files and icons in the My Documents folder for each user Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by full path Recent folders: See the contents of the Recent folders These contain links to user-accessed files (how the Recent Documents list is populated) Even if the files are now deleted or missing C:\Documents and Settings\user\Recent C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\ 29
30 Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by full path application folders: See a list of all installed applications C:\Program Files\[application folders] See the date of each installation (the create date of the application folder) Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by full path browser caches: See a list of all files contained in the user s browser caches C:\Documents and Settings\[user]\Local Settings\Temporary Internet Files This can reveal names of sites visited, names of cookies, even preserved search terms 30
31 Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by file extension: See names of all files of particular user types Word, Excel, PowerPoint, etc. Looks at datestamps and timestamps Look for the absence of expected file types Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by date (last accessed or created): See the names of the very last files touched prior to preservation See file activity on any specific date of interest See when the drive was formatted (the create date of the MFT and system folders) See when the operating system was installed (the create date of the system folders) 31
32 Forensic Analysis: The Basics 1. Extract and Review the Master File Table Sort by date (last accessed or created): Look for evidence of "batch" file operations (large collections of files with near-identical "created" or "accessed" dates) If someone dragged and dropped an entire folder of files, they will all cluster together when sorted by create date Forensic Analysis: The Basics 2. Extract Active User Files Remember: A forensic image ALSO contains all active user files Have them extracted so you can review them just like normal active-file ediscovery You do not need a forensic expert to assess active user files 32
33 Forensic Analysis: The Basics 3. Extract Recoverable Deleted User Files A forensic image also contains all recoverable deleted files (i.e., not yet overwritten) Have them restored and extracted so you can review them just like normal active-file ediscovery Forensic Analysis: The Basics 4. Request a Link Analysis The Recent links store information regarding full path and access date for each accessed file A Link Analysis can extract that information and provide you with a report It shows which user files the user launched even if the files themselves are now deleted or are stored elsewhere (network, external storage) 33
34 Forensic Analysis: The Basics 5. Request a USBSTOR Analysis The Windows Registry keeps track of every USB device ever attached to the computer Type of device, manufacturer, model number, serial number, date of installation You can see what USB devices the user attached Forensic Analysis: The Basics 6. Request a Print Spooler Analysis When documents are sent to the printer, they are stored in a temporary system cache This is called the Print Spooler It is possible to extracted stored files from the Print Spooler This allows you to recover files that were printed even if later deleted or never saved on the drive 34
35 Forensic Analysis: The Basics 7. Run keyword searches in unallocated space Even if a file is partially overwritten (and therefore not recoverable as a file ) it is possible that the surviving fragments contain searchable text Most embedded text in user files is in standard ASCII or Unicode format Text remains human readable even if the surrounding formatting is lost Forensic Analysis: The Basics 7. Run keyword searches in unallocated space Hits in unallocated space are extracted in the form of an Excel spreadsheet Each hit is extracted with surrounding text on either side of the hit This allows the fragment to be assessed in context 35
36 Forensic Analysis: The Basics 8. Advanced Analysis There are many other things that a forensic expert can do depending on circumstances and objectives Question & Answers 36
37 About the Author - James Berriman Evidox Corporation CEO & Co-Founder, 2006 to present Ediscovery, forensics, and technology consulting and expert services Boston University School of Law Lecturer in Law, appointed 2011 Teaches Ediscovery & Advanced Civil Procedure Goodwin Procter LLP Senior Counsel & Director of Litigation Technology, 1999 to 2006 Founder of Litigation Technology Group Litigation Attorney, 1990 to 1999 Education JD, cum laude, Boston University School of Law, 1990 BA, summa cum laude, State University of New York, Potsdam College, 1980 Computer Forensics for the Legal Issue-Spotter James Berriman CEO, Evidox Corporation 37
This Webcast Will Begin Shortly
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: accwebcast@commpartners.com Thank You! Welcome! Electronic Data
More informationLitigation Support. Learn How to Talk the Talk. solutions. Document management
Document management solutions Litigation Support glossary of Terms Learn How to Talk the Talk Covering litigation support from A to Z. Designed to help you come up to speed quickly on key terms and concepts,
More informationReduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY
2016 CLM Annual Conference April 6-8, 2016 Orlando, FL Reduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY Understanding e-discovery definitions and concepts is critical to working with vendors,
More informationelectronic discovery requests
Making and responding to electronic discovery requests By Martin Felsky and Peg Duncan One of the significant impacts of electronic discovery on litigation is the way in which it reconfigures the adversarial
More informationMetadata, Electronic File Management and File Destruction
Metadata, Electronic File Management and File Destruction By David Outerbridge, Torys LLP A. Metadata What is Metadata? Metadata is usually defined as data about data. It is a level of extra information
More informationCOURT OF QUEEN S BENCH OF MANITOBA PRACTICE DIRECTION GUIDELINES REGARDING DISCOVERY OF ELECTRONIC DOCUMENTS
COURT OF QUEEN S BENCH OF MANITOBA PRACTICE DIRECTION GUIDELINES REGARDING DISCOVERY OF ELECTRONIC DOCUMENTS Introduction While electronic documents are included in the definition of document contained
More informationWhat You Should Know About ediscovery
KPMG FORENSIC What You Should Know About ediscovery By Pamela Quintero February 18, 2009 What Guidelines Are Available? The Sedona Canada Principles Working Group 7 (WG7) The purpose and intent of the
More informationE-DISCOVERY GUIDELINES. Former Reference: Practice Directive #6 issued September 1, 2009
CIVIL PRACTICE DIRECTIVE #1 REFERENCE: CIV-PD #1 E-DISCOVERY GUIDELINES Former Reference: Practice Directive #6 issued September 1, 2009 Effective: July 1, 2013 Introduction 1. While electronic documents
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationThe Disconnect Between Legal and IT Teams
WHEPAPER The Disconnect Between and Teams Examples of what each side doesn t know #2 in a series of 4 whitepapers. Circulate this document to,, and company management. It can be used to start a dialog,
More informationediscovery 101 Myth Busting October 29, 2009 Olivia Gerroll ediscovery Solutions Group Director
ediscovery 101 Myth Busting October 29, 2009 Olivia Gerroll ediscovery Solutions Group Director Background Olivia Gerroll, ediscovery Solutions Group Director Over sixteen years of experience in litigation
More informationARCHIVING FOR EXCHANGE 2013
White Paper ARCHIVING FOR EXCHANGE 2013 A Comparison with EMC SourceOne Email Management Abstract Exchange 2013 is the latest release of Microsoft s flagship email application and as such promises to deliver
More informationGUIDELINES FOR USE OF THE MODEL AGREEMENT REGARDING DISCOVERY OF ELECTRONICALLY STORED INFORMATION
GUIDELINES FOR USE OF THE MODEL AGREEMENT REGARDING DISCOVERY OF ELECTRONICALLY STORED INFORMATION Experience increasingly demonstrates that discovery of electronically stored information ( ESI poses challenges
More informationKPMG Forensic Technology Services
KPMG Forensic Technology Services Managing Costs in e-discoverye October 14, 2010 1 Agenda: Strategies to Manage Costs in e-discovery Pre-collection Strategies Filtering Strategies Review and Production
More information[DESCRIPTION OF CLAIM, INCLUDING RELEVANT ACTORS, EVENTS, DATES, LOCATIONS, PRODUCTS, ETC.]
What follows isn t the perfect preservation letter for your case, so don t simply treat it as a form. Use it as a drafting aid that flags issues unique to EDD, but tailor your preservation demand to the
More informationElectronic documents questionnaire
Electronic documents questionnaire (Civil Procedure Rules Practice Direction 31B) WARNING: Unless the court makes some other order, the answers given in this document may only be used for the purposes
More informationE-mail Management: A Guide For Harvard Administrators
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered
More informationDocument Storage Tips: Inside the Email Vault
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Document Storage Tips: Inside the Email Vault Law360,
More informationOn the Trail of the Craigslist Killer: A Case Study in Digital Forensics
On the Trail of the Craigslist Killer: A Case Study in Digital Forensics Presenters: Sharon Nelson and John Simek President and Vice President, Sensei Enterprises www.senseient.com snelson@senseient.com;
More informationE-Discovery Basics For the RIM Professional. Learning Objectives 5/18/2015. What is Electronic Discovery?
E-Discovery Basics For the RIM Professional By: Andy Sokol, CEDS, CSDS Adding A New Service Offering For Your Legal & Corporate Clients Learning Objectives What is Electronic Discovery? How Does E-Discovery
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationDigital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
More informationOffice of History. Using Code ZH Document Management System
Office of History Document Management System Using Code ZH Document The ZH Document (ZH DMS) uses a set of integrated tools to satisfy the requirements for managing its archive of electronic documents.
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationAccuGuard Desktop and AccuGuard Server User Guide
AccuGuard Desktop and AccuGuard Server User Guide 1 2 Table of Contents Welcome 4 Backup Simplified 5 Features 6 Protection Plans 7 Archived Data Viewing 8 Archived Data Restoring 9 Best Practices 11 Getting
More informationWhat Am I Looking At? Andy Kass
Concordance Tip Sheet August 2013 What Am I Looking At? Andy Kass Discovery is the process of requesting, producing and gleaning documents to substantiate assertions of fact in a case. Review is a deep,
More informationComputer Forensics as an Integral Component of the Information Security Enterprise
Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,
More informationAre Mailboxes Enough?
Forensically Sound Preservation and Processing of Exchange Databases Microsoft Exchange server is the communication hub for most organizations. Crucial email flows through this database continually, day
More informationSAMPLE ELECTRONIC DISCOVERY INTERROGATORIES AND REQUESTS FOR PRODUCTION
Below are SAMPLE interrogatories and requests for production that are meant to be complementary (i.e., any devices or electronic files that are identified in answer to an interrogatory or interrogatories
More informationfor Insurance Claims Professionals
A Practical Guide to Understanding ediscovery for Insurance Claims Professionals ediscovery Defined and its Relationship to an Insurance Claim Simply put, ediscovery (or Electronic Discovery) refers to
More informationSEVENTH CIRCUIT ELECTRONIC DISCOVERY PILOT PROGRAM FOR DISCOVERY OF ELECTRONICALLY STORED
SEVENTH CIRCUIT ELECTRONIC DISCOVERY PILOT PROGRAM PROPOSED PRINCIPLES FOR DISCOVERY OF ELECTRONICALLY STORED INFORMATION Sean M. Hendricks, J.D. Client Services Manager (312) 893-7321 / shendricks@forensicon.com
More informationDEFAULT STANDARD FOR DISCOVERY, INCLUDING DISCOVERY OF ELECTRONICALLY STORED INFORMATION {"ESI")
DEFAULT STANDARD FOR DISCOVERY, INCLUDING DISCOVERY OF ELECTRONICALLY STORED INFORMATION {"ESI") 1. General Provisions a. Cooperation. Parties are expected to reach agreements cooperatively on how to conduct
More informationExchange Mailbox Protection Whitepaper
Exchange Mailbox Protection Contents 1. Introduction... 2 Documentation... 2 Licensing... 2 Exchange add-on comparison... 2 Advantages and disadvantages of the different PST formats... 3 2. How Exchange
More informationDiscovery in the Digital Age: e-discovery Technology Overview. Chuck Rothman, P.Eng Wortzman Nickle Professional Corp.
Discovery in the Digital Age: e-discovery Technology Overview Chuck Rothman, P.Eng Wortzman Nickle Professional Corp. The Ontario e-discovery Institute 2013 Contents 1 Technology Overview... 1 1.1 Introduction...
More informationDOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents
WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery
More informationVeco User Guides. Document Management
Veco User Guides Document Management Introduction Veco-onesystem includes a powerful Document Management facility to search for documents and e-mails in your system. Documents are typically letters and
More informationUnderstanding ediscovery and Electronically Stored Information (ESI)
Copyright The information transmitted in this document is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination
More informationElectronic Discovery:
Your Pacific Northwest Law Firm Electronic Discovery: Glossary of 123 Commonly Used Terms The following is a glossary of 123 commonly used terms to help you navigate the world of Electronic Discovery.
More informationIN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO
Regents of the University of Colorado, The v. Allergan, Inc. et al Doc. 69 Civil Action No. 1:14-cv-01562-MSK-NYW IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO THE REGENTS OF THE UNIVERSITY
More informationGuide to advanced ediscovery solutions
RCLS Services & Technology Guide to advanced ediscovery solutions Océ Business Services Records, Compliance and Legal Solutions Products and Services Océ Business Services has earned the reputation as
More informationVTLBackup4i. Backup your IBM i data to remote location automatically. Quick Reference and Tutorial. Version 02.00
VTLBackup4i Backup your IBM i data to remote location automatically Quick Reference and Tutorial Version 02.00 Manufacture and distributed by VRTech.Biz LTD Last Update:16.9.2013 Contents 1. About VTLBackup4i...
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationHow To Backup A Database In Navision
Making Database Backups in Microsoft Business Solutions Navision MAKING DATABASE BACKUPS IN MICROSOFT BUSINESS SOLUTIONS NAVISION DISCLAIMER This material is for informational purposes only. Microsoft
More informationNuix Forensic Focus 2014 Webinar Accelerating investigations using advanced ediscovery techniques 6 th March 2014
Nuix Forensic Focus 2014 Webinar Accelerating investigations using advanced ediscovery techniques 6 th March 2014 All rights reserved 2014. Nuix Software ABOUT THE PRESENTERS Paul Slater Director of Forensic
More informationXact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013
MDLA TTS August 23, 2013 ediscovery for DUMMIES LAWYERS Kate Burke Mortensen, Esq. kburke@xactdatadiscovery.com Scott Polus, Director of Forensic Services spolus@xactdatadiscovery.com 1 Where Do I Start??
More informationE-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert
E-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert While updating the two-day seminar Chris Grillo and
More informationSOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL
SOS Online Backup USER MANUAL HOW TO INSTALL THE SOFTWARE 1. Download the software from the website: http://www.sosonlinebackup.com/download_the_software.htm 2. Click Run to install when promoted, or alternatively,
More informationBackupAssist v6 quickstart guide
New features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 3 System State backup... 3 Restore files, applications, System State and mailboxes... 4 Fully cloud ready Internet
More informationState of Michigan Records Management Services. Guide to E mail Storage Options
State of Michigan Records Management Services Guide to E mail Storage Options E mail is a fast, efficient and cost effective means for communicating and sharing information. However, e mail software is
More informationBest Practices: Defensibly Collecting, Reviewing, and Producing Email
Best Practices: Defensibly Collecting, Reviewing, and Producing Email October 9, 2014 Karsten Weber Principal, Lexbe LC ediscovery Webinar Series Info & Future Takes Place Monthly Cover a Variety of Relevant
More informationWindows 7: Current Events in the World of Windows Forensics
Windows 7: Current Events in the World of Windows Forensics Troy Larson Senior Forensic Program Manager Network Security, Microsoft Corp. Where Are We Now? Vista & Windows 2008 BitLocker. Format-Wipes
More informationNovaBACKUP. Storage Server. NovaStor / May 2011
NovaBACKUP Storage Server NovaStor / May 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.
More informationGladinet Cloud Backup V3.0 User Guide
Gladinet Cloud Backup V3.0 User Guide Foreword The Gladinet User Guide gives step-by-step instructions for end users. Revision History Gladinet User Guide Date Description Version 8/20/2010 Draft Gladinet
More informationOperating Systems Forensics
Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!
More informationThe Many Different Types of Electronic Discovery Searches
May 2004 Volume 2, Number 2 Result Categories of Electronic Discovery Searches Table of Contents The Ethical Implications of Your Computer Result Categories of Electronic Discovery Searches Lawyers often
More informationOutlook 2010 Archiving Email CPAC Workshop Summer 2014
Outlook 2010 Archiving Email CPAC Workshop Summer 2014 Presenters: Kaleo Kelikani and Linda Holdzkom, ITS Technical Services Contents Tips and Tools for the Desktop Version of Outlook Page 2-4 What is
More informationAddressing Legal Discovery & Compliance Requirements
Addressing Legal Discovery & Compliance Requirements A Comparison of and Archiving In today s digital landscape, the legal, regulatory and business requirements for email archiving continue to grow in
More informationDatabase Management Tool Software User Guide
Database Management Tool Software User Guide 43-TV-25-29 Issue 5 February 2015 Database Management Tool Software Licence Agreement Refer to the Database Tool installer for the software licence agreement.
More informationIBM ediscovery Identification and Collection
IBM ediscovery Identification and Collection Turning unstructured data into relevant data for intelligent ediscovery Highlights Analyze data in-place with detailed data explorers to gain insight into data
More informationBest Practices Page 1
BEST PRACTICES FOR ELECTRONIC DISCOVERY IN CRIMINAL CASES Western District of Washington Adopted March 21, 2013 These best practices reflect recommendations adopted in February 2012 by the Department of
More informationHow to Configure Entourage 2008 for Email Client
How to Configure Entourage 2008 for Email Client Introduction (Revised 04/28/11) LAUSD IT Helpdesk 333 S. Beaudry Ave. 9 th Floor Phone 213.241.5200 Before you configure Microsoft Entourage 2008 E-mail
More information102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare
102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,
More informationE-Discovery for Paralegals: Definition, Application and FRCP Changes. April 27, 2007 IPE Seminar
E-Discovery for Paralegals: Definition, Application and FRCP Changes April 27, 2007 IPE Seminar Initial Disclosures ESI Electronically Stored Information FRCP 26(a)(1)(B) all ESI must be disclosed initially
More informationUNGASS CRIS 2008
version 1.0 UNGASS DATA ENTRY SOFTWARE: GLOBAL REPORTING 2008 TROUBLESHOOTING GUIDE Prepared by UNAIDS Evidence, Monitoring, and Policy Department UNAIDS 20, Avenue Appia 1211 Geneva 27 Switzerland Tel.
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More information4 Backing Up and Restoring System Software
4 Backing Up and Restoring System Software In this Chapter... Planning a Backup Strategy, 4-3 Preparing for Disaster Recovery, 4-4 Creating Boot Recovery Diskettes, 4-5 Making a Full Backup Tape, 4-8 Restoring
More informationNovaBACKUP. User Manual. NovaStor / November 2011
NovaBACKUP User Manual NovaStor / November 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without
More informationFeatures of AnyShare
of AnyShare of AnyShare CONTENT Brief Introduction of AnyShare... 3 Chapter 1 Centralized Management... 5 1.1 Operation Management... 5 1.2 User Management... 5 1.3 User Authentication... 6 1.4 Roles...
More informationLegal Arguments & Response Strategies for E-Discovery
Legal Arguments & Response Strategies for E-Discovery The tools to craft strategic discovery requests & mitigate the risks and burdens of production. Discussion Outline Part I Strategies for Requesting
More informationPersonal Folders Backup
Personal Folders Backup The Personal Folders Backup tool is designed for use in Outlook 2000 and later and the operating systems that support each respective Outlook version. The tool provides a quick
More informationChapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014
Chapter Contents Operating Systems and File Management Section A: Operating System Basics Section B: Today s Operating Systems Section C: File Basics Section D: File Management Section E: Backup Security
More informationSimplify the e-discovery process by learning which tools to use and when to use them. CHAPTER 7. Proactive. Review tools. litigation hold tools.
THE WINDOWS MANAGER S GUIDE TO INSIDE: Reactive litigation hold tools Proactive litigation hold tools Review tools Enterprise search tools Archive systems CHAPTER Exploring e-discovery tools Simplify the
More informationAsia Disputes Academy
Asia Disputes Academy Electronic document discovery how it is relevant to you Tim Mak, Jonathan Wong (Freshfields) and Donald Chan (Control Risks) 18 September 2014 Introduction Buzzwords Big Data, e-discovery,
More informationEUCIP - IT Administrator. Module 2 Operating Systems. Version 2.0
EUCIP - IT Administrator Module 2 Operating Systems Version 2.0 Module 2 Goals Module 2 Module 2, Operating Systems, requires the candidate to be familiar with the procedure of installing and updating
More informationHow to Avoid The Biggest Electronic Evidence Mistakes. Ken Jones Senior Technology Architect Pileum Corporation
How to Avoid The Biggest Electronic Evidence Mistakes Ken Jones Senior Technology Architect Pileum Corporation Why is Proper Handling of Electronic Data Important? Most of the evidence in your case isn
More informationHow To Use Nearpoint Ediscovery On A Pc Or Macbook
NearPoint ediscovery Option User's Guide Software Release 4.2 Copyright 2003-2010, Mimosa Systems, Inc. All Rights Reserved. Mimosa Systems, Inc. 3200 Coronado Drive Santa Clara, CA 95054 www.mimosasystems.com
More informationESI Risk Assessment: Critical in Light of the new E-discovery and notification laws
ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws Scott Bailey, CISM Christopher Sobota, J.D. Enterprise Risk Management Group Disclaimer This presentation is for informational
More informationIntroduction to Cloud Storage GOOGLE DRIVE
Introduction to Cloud Storage What is Cloud Storage? Cloud computing is one method to store and access data over the internet instead of using a physical hard drive (e.g. computer s hard drive, flash drive,
More informationBackupAssist v6 quickstart guide
Using the new features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 2 Backing up VSS applications... 2 Restoring VSS applications... 3 System State backup and restore...
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationE-Discovery Technology Considerations
E-Discovery Technology Considerations Presented by: Dave Howard Oregon Department of Justice Deputy CIO Topics E-Discovery Process Overview Sources of Electronically Stored Information (ESI) Data Maps
More informationSoftware License Registration Guide
Software License Registration Guide When you have purchased new software Chapter 2 Authenticating a License When you would like to use the software on a different PC Chapter 3 Transferring a License to
More informationComputer Forensics: More Places to Look Social Networking & Cell Phone Evidence John R. Mallery
Computer Forensics: More Places to Look Social Networking & Cell Phone Evidence John R. Mallery Managing Consultant Introduction Wikipedia lists more than 175 social network sites Risks Productivity Issues
More informationHow Cisco IT Uses SAN to Automate the Legal Discovery Process
How Cisco IT Uses SAN to Automate the Legal Discovery Process Cisco dramatically reduces the cost of legal discovery through better data management. Cisco IT Case Study / Storage Networking / : This case
More informationTD0156 - Data Management Server 2010 Backup
TD0156 - Data Management Server 2010 Backup When running Autodesk Data Management Server, you should use the tools provided within the software to create a backup. The backup tools create a complete snapshot
More informationManaging Applications, Services, Folders, and Libraries
Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group
More informationAdvanced Methods and Techniques
2013 CTIN Digital Forensics Conference Advanced Methods and Techniques Brett Shavers 2013 CTIN Digital Forensics Conference The XWF Book Not done yet Eric Zimmerman (FBI) is the coauthor Jimmy Weg is the
More informationIT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI 12.1.3 Windows OS directory structures
IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives 2.3 Disk management tools In Windows Vista and Windows 7, use the following path: Start > Start Search > type diskmgmt.msc
More informationMapGuide Open Source Repository Management Back up, restore, and recover your resource repository.
MapGuide Open Source Repository Management Back up, restore, and recover your resource repository. Page 1 of 5 Table of Contents 1. Introduction...3 2. Supporting Utility...3 3. Backup...4 3.1 Offline
More informationDiscussion of Electronic Discovery at Rule 26(f) Conferences: A Guide for Practitioners
Discussion of Electronic Discovery at Rule 26(f) Conferences: A Guide for Practitioners INTRODUCTION Virtually all modern discovery involves electronically stored information (ESI). The production and
More informationGraves IT Solutions Online Backup System FAQ s
Graves IT Solutions Online Backup System FAQ s How do I receive my username? The account username is proposed by the registrant at the time of registration. Once registration is completed, an email is
More informationHyperoo 2 User Guide. Hyperoo 2 User Guide
1 Hyperoo 2 User Guide 1 2 Contents How Hyperoo Works... 3 Installing Hyperoo... 3 Hyperoo 2 Management Console... 4 The Hyperoo 2 Server... 5 Creating a Backup Array... 5 Array Security... 7 Previous
More informationArchiving Full Resolution Images
Archiving Full Resolution Images Archival or full resolution files are very large and are either uncompressed or minimally compressed. This tutorial explains how to use CONTENTdm and the Project Client
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationEMC Documentum Webtop
EMC Documentum Webtop Version 6.5 User Guide P/N 300 007 239 A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748 9103 1 508 435 1000 www.emc.com Copyright 1994 2008 EMC Corporation. All rights
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationEnterprise Remote Control 5.6 Manual
Enterprise Remote Control 5.6 Manual Solutions for Network Administrators Copyright 2015, IntelliAdmin, LLC Revision 3/26/2015 http://www.intelliadmin.com Page 1 Table of Contents What is Enterprise Remote
More informationRECOVERING FROM SHAMOON
Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past
More informationXopero Centrally managed backup solution. User Manual
Centrally managed backup solution User Manual Contents Desktop application...2 Requirements...2 The installation process...3 Logging in to the application...6 First logging in to the application...7 First
More information