Six Articles on Electronic - Craig Ball

More documents

Recommendations

Info

Craig Ball © 2007 "But," I warned, "as soon as you attach the drive to your computer and start poking around, you'll alter the evidence." Microsoft Windows acts like a dog marking territory. As soon as you connect a hard drive to Windows, the operating system writes changes to the drive. Forensic examiners either employ devices called "write blockers" to intercept these alterations or perform their examination using operating systems less inclined to leave their mark all over the evidence. Without similar precautions, opening files, reading e-mail or copying data irretrievably alters file metadata, the data-about-data revealing, inter alia, when a file was last modified, accessed or created. You may find the smoking gun, but good luck getting it into evidence when it emerges you unwittingly altered the data! This is why smart lawyers never "sneak a peek" at digital evidence. "It'd be a violation of the software licensing to use the programs on the duplicate so you'll need to have the right software to read the e-mail and other documents and to crack any passwords you run into. However, you can't load your software on the duplicate drive because that will overwrite recoverable deleted files. Don't forget to take steps to isolate the system you'll use for examination from your office network and the internet as well as to…." She stopped me. "We shouldn't be doing this ourselves, should we?" "Not unless you know what you're doing. Anyway, I doubt the court will allow it without a showing of good cause and some provision to protect privileged and non-discoverable confidential data." Now I got the question I was waiting for: "What should we do?" "As the court's neutral," I answered, "I'm not in a position to answer that question, but before I'd burn a lot of time and money pursuing electronic discovery of particular media, I'd work out the answers to, 'What's this case about, and what am I really looking for?'" What I wanted to add is that electronic discovery is no more about hard drives than traditional discovery was "about" paper. The hard drive is just a gigantic file cabinet, locked up like some Houdini vanishing act and packed with contents penned in Sanskrit. We don't gear discovery to metal boxes, big or small. Sure, it's smart to focus on specific media and systems when you seek preservation, but when your goal is discovery, media ceases to be an end in itself. Then, the objectives are the e-mail, documents and other digital evidence relating to the issues in the case, narrowly targeted by time, topic, and custodian. Sorry Marshall McLuhan, it's not the medium. It's the message. 76
Craig Ball © 2007 Yours, Mine and Ouch! By Craig Ball [Originally published in Law Technology News, September 2005] When star performer Sarit Shmueli was fired from her real estate agent job with The Corcoran Group, she returned to her desk to find that she’d been locked out of the company computer system. Shmueli was barred from retrieving virtual property, in particular, her client list. When demands for her data were unavailing, Shmueli sued Corcoran for three million dollars. Though opinions vary on whether to drop the axe on Friday or Monday, human resource experts agree that immediate steps must be taken to block the fired individual’s access to company computers. That’s wise, considering more than a few heading to the door have trashed important files or attempted to sabotage entire networks. But, what about personal computer data? Fired workers are routinely furnished a cardboard box and the supervised opportunity to collect personal belongings before being escorted to the door. Is denying access to personal data stored on a company computer a violation of the discharged party’s property rights? Overruling a motion for summary judgment, a recent decision in Sarit Shmueli’s case holds that when The Corcoran Group blocked Shmueli from accessing her records on the company computer system, Corcoran may have been guilty of conversion. "There should be no reason why [a] practical view should not apply equally to the present generation of documents— electronic documents—which are just as vulnerable to theft and wrongful transfer as paper documents, if not more so," reasoned New York Supreme Court Justice Herman Cahn. Shmueli v. The Corcoran Group, 104824/03 (N.Y.S.Ct. July 25, 2005) online at http://decisions.courts.state.ny.us/fcas/FCAS_docs/2005JUL/30010482420033SCIV.PDF. Of course, Justice Cahn is right to ascribe value to electronic documents, but what are the ramifications of affording a conversion cause of action to employees and contractors against companies that refuse to recognize personal property interests in data stored on their systems? The bulk of my work as a special master in computer forensics revolves around employees who’ve allegedly purloined company data to build rival businesses. If the employees haven’t already jumped ship, they’re canned as soon as the boss realizes they’re playing for the other team. Then, much time and money goes into assessing what information was taken and what tracks were covered. Initial reports of the Shmueli decision made me wonder if workers being shown the door might now be entitled to access the company network for the purpose of copying information they deem to be their own property. Are they perhaps at liberty to delete such “personal” items, too? What of the longstanding notion that anything stored on the company computer belongs to the company? The Order makes clear that Shmueli’s unique employment status as independent contractor and not an employee played a decisive role in the court’s view that Corcoran may be liable for converting its former agent’s digital property just as if the data had been printed to paper. Though Corcoran asserted its ownership of the computer trumped the plaintiff’s rights, the court countered that because Shmueli worked with Corcoran and not as an employee of Corcoran, the computer was “licensed” for plaintiff’s use to facilitate the independent contract. 77
Page 1 and 2:
Craig Ball © 2007 2007 1
Page 3 and 4:
Craig Ball © 2007 Hitting the High
Page 5 and 6:
Craig Ball © 2007 In some jurisdic
Page 7 and 8:
Craig Ball © 2007 understands. Jud
Page 9 and 10:
Craig Ball © 2007 Discovery of Ele
Page 11 and 12:
Craig Ball © 2007 • E-mail in fo
Page 13 and 14:
Craig Ball © 2007 The advantage of
Page 15 and 16:
Craig Ball © 2007 Review At last,
Page 17 and 18:
Craig Ball © 2007 Conclusion Respo
Page 19 and 20:
Craig Ball © 2007 Beyond Data abou
Page 21 and 22:
Craig Ball © 2007 information keye
Page 23 and 24:
Craig Ball © 2007 investigator is
Page 25 and 26: Craig Ball © 2007 year and the lat
Page 27 and 28: Craig Ball © 2007 In Williams v. S
Page 29 and 30: Craig Ball © 2007 29
Page 31 and 32: Craig Ball © 2007 approach, and yo
Page 33 and 34: Craig Ball © 2007 up procedures an
Page 35 and 36: Craig Ball © 2007 production break
Page 37 and 38: Craig Ball © 2007 native applicati
Page 39 and 40: Craig Ball © 2007 around through a
Page 41 and 42: Craig Ball © 2007 settings can be
Page 43 and 44: Craig Ball © 2007 Don’t give up.
Page 45 and 46: Craig Ball © 2007 E‐Discovery Re
Page 47 and 48: Craig Ball © 2007 The Perfect Pres
Page 49 and 50: Craig Ball © 2007 information syst
Page 51 and 52: Craig Ball © 2007 relevant to futu
Page 53 and 54: Craig Ball © 2007 seeking a tempor
Page 55 and 56: Craig Ball © 2007 Another reason b
Page 57 and 58: Craig Ball © 2007 Be advised that
Page 59 and 60: Craig Ball © 2007 APPENDIX: Exempl
Page 61 and 62: Craig Ball © 2007 • Releasing or
Page 63 and 64: Craig Ball © 2007 Ancillary Preser
Page 65 and 66: Craig Ball © 2007 Musings on Elect
Page 67 and 68: Craig Ball © 2007 would be lost fo
Page 69 and 70: Craig Ball © 2007 a (paltry by cur
Page 71 and 72: Craig Ball © 2007 Cowboys and Cann
Page 73 and 74: Craig Ball © 2007 Give Away Your C
Page 75: Craig Ball © 2007 Don't Try This a
Page 79 and 80: Craig Ball © 2007 The Path to E-Ma
Page 81 and 82: Craig Ball © 2007 Electronic evide
Page 83 and 84: Craig Ball © 2007 • Preserve pot
Page 85 and 86: Craig Ball © 2007 The Path to Prod
Page 87 and 88: Craig Ball © 2007 The Path to Prod
Page 89 and 90: Craig Ball © 2007 Locard’s Princ
Page 91 and 92: Craig Ball © 2007 A Golden Rule fo
Page 93 and 94: Craig Ball © 2007 Data Recovery: L
Page 95 and 96: Craig Ball © 2007 Do-It-Yourself D
Page 97 and 98: Craig Ball © 2007 Function Follows
Page 99 and 100: Craig Ball © 2007 The key is to be
Page 101 and 102: Craig Ball © 2007 image files (i.e
Page 103 and 104: Craig Ball © 2007 Ten Common E-Dis
Page 105 and 106: Craig Ball © 2007 Ten Tips to Clip
Page 107 and 108: Craig Ball © 2007 10. Work coopera
Page 109 and 110: Craig Ball © 2007 Now, copy the da
Page 111 and 112: Craig Ball © 2007 In Praise of Has
Page 113 and 114: Craig Ball © 2007 Dear Santa, Sant
Page 115 and 116: Craig Ball © 2007 Unlocking Keywor
Page 117 and 118: Craig Ball © 2007 Noise words are
Page 119 and 120: Craig Ball © 2007 6. Equipment...L
Page 121 and 122: Craig Ball © 2007 BitLocker At the
Page 123 and 124: Craig Ball © 2007 Getting to the D
Page 125 and 126: Craig Ball © 2007 Getting to the d
Page 127:
Craig Ball © 2007 Adjunct Professo
show all

Six Articles on Electronic - Craig Ball

Create successful ePaper yourself

Delete template?

Save as template?