Six Articles on Electronic - Craig Ball

More documents

Recommendations

Info

Craig Ball © 2007 areas cordoned off to prevent looting or loss of basic services, like electricity and telecommunications. You've got to have an accessible back up. Katrina forced firms across the Gulf Coast to come to grips with flawed backup practices. Many had no backup system at all. Others were horrified to discover that never-tested backup tapes were useless. The proliferation of data on desktop drives and laptops off the backup grid meant that even those diligent about backup suffered data loss. Still others found to their dismay that backups stored in the same city were kept too close. Lessons Learned Whether the risk is hurricane, earthquake, fire, flood, terrorism, theft or disgruntled IT person, no firm is beyond disaster's reach. Here are steps to help weather the storm: 1. Back up critical data…regularly, thoroughly, obsessively. 2. Do periodic test restores of backed up data. 3. Ensure that key data on laptops and desktops is captured. 4. Mass disasters claim entire regions, so store backed up data out of harm's way. Consider online backup, which safely ensconces data in distant servers, accessible via high-speed net connection from anywhere. 5. Know the answer to, "What would I grab if I had to leave right now?" Prepare for "grab and go" emergencies by using removable disk drive drawers or external hard drives. Keep anti-static drive packaging and watertight containers on hand. For desktops, consider simple and inexpensive RAID configurations to make grab and go practical (see "Peace of Mind for a Pittance," in the March issue of Law Technology News, March 2005). 6. Encrypt the back up. Recent high-profile breaches of data security stemmed from poor management of backup media. Be sure your data backups are safe from prying eyes and that several in the firm know the encryption key. A backup you can't decrypt might as well have washed away. 94
Craig Ball © 2007 Do-It-Yourself Digital Discovery By Craig Ball [Originally published in Law Technology News, May 2006] Recently, a West Texas firm received a dozen Microsoft Outlook PST files from a client. Like the dog that caught the car, they weren’t sure what to do next. Even out on the prairie, they’d heard of online hosting and e-mail analytics, but worried about the cost. They wondered: Did they really need an e-discovery vendor? Couldn’t they just do it themselves? As a computer forensic examiner, I blanch at the thought of lawyers harvesting data and processing e-mail in native formats. “Guard the chain of custody,” I want to warn. “Don’t mess up the metadata! Leave this stuff to the experts!” But the trial lawyer in me wonders how a solo/small firm practitioner in a run-of-the-mill case is supposed to tell a client, “Sorry, the courts are closed to you because you can’t afford e-discovery experts.” Most evidence today is electronic, so curtailing discovery of electronic evidence isn’t an option, and trying to stick with paper is a dead end. We’ve got to deal with electronic evidence in small cases, too. Sometimes, that means doing it yourself. The West Texas lawyers sought a way to access and search the Outlook e-mail and attachments in the PSTs. It had to be quick and easy. It had to protect the integrity of the evidence. And it had to be cheap. They wanted what many lawyers will come to see they need: the tools and techniques to stay in touch with the evidence in smaller cases without working through vendors and experts. What’s a PST? Microsoft Outlook is the most popular business e-mail and calendaring client, but don’t confuse Outlook with Outlook Express, a simpler application bundled with Windows. Outlook Express stores messages in plain text, by folder name, in files with the extension .DBX. Outlook stores local message data, attachments, folder structure and other information in an encrypted, oftenmassive database file with the extension .PST. Because the PST file structure is complex, proprietary and poorly documented, some programs have trouble interpreting PSTs. What about Outlook? Couldn’t they just load the files in Outlook and search? Many do just that, but there are compelling reasons why Outlook is the wrong choice for an electronic discovery search and review tool, foremost among them being that it doesn’t protect the integrity of the evidence. Outlook changes PST files. Further, Outlook searches are slow, don’t include attachments and can’t be run across multiple mail accounts. I considered Google Desktop--the free, fast and powerful keyword search tool that makes short work of searching files, e-mail and attachments-- but it has limited Boolean search capabilities and doesn’t limit searches to specific PSTs. Non-Starters I also considered several extraction and search tools, trying to keep the cost under $200.00. One, a gem called Paraben E-Mail Examiner ($199.00), sometimes gets indigestion from PST files and won’t search attachments. Another favorite, Aid4Mail Professional from Fookes Software ($49.95), quickly extracts e-mail and attachments and outputs them to several 95
Page 1 and 2:
Craig Ball © 2007 2007 1
Page 3 and 4:
Craig Ball © 2007 Hitting the High
Page 5 and 6:
Craig Ball © 2007 In some jurisdic
Page 7 and 8:
Craig Ball © 2007 understands. Jud
Page 9 and 10:
Craig Ball © 2007 Discovery of Ele
Page 11 and 12:
Craig Ball © 2007 • E-mail in fo
Page 13 and 14:
Craig Ball © 2007 The advantage of
Page 15 and 16:
Craig Ball © 2007 Review At last,
Page 17 and 18:
Craig Ball © 2007 Conclusion Respo
Page 19 and 20:
Craig Ball © 2007 Beyond Data abou
Page 21 and 22:
Craig Ball © 2007 information keye
Page 23 and 24:
Craig Ball © 2007 investigator is
Page 25 and 26:
Craig Ball © 2007 year and the lat
Page 27 and 28:
Craig Ball © 2007 In Williams v. S
Page 29 and 30:
Craig Ball © 2007 29
Page 31 and 32:
Craig Ball © 2007 approach, and yo
Page 33 and 34:
Craig Ball © 2007 up procedures an
Page 35 and 36:
Craig Ball © 2007 production break
Page 37 and 38:
Craig Ball © 2007 native applicati
Page 39 and 40:
Craig Ball © 2007 around through a
Page 41 and 42:
Craig Ball © 2007 settings can be
Page 43 and 44: Craig Ball © 2007 Don’t give up.
Page 45 and 46: Craig Ball © 2007 E‐Discovery Re
Page 47 and 48: Craig Ball © 2007 The Perfect Pres
Page 49 and 50: Craig Ball © 2007 information syst
Page 51 and 52: Craig Ball © 2007 relevant to futu
Page 53 and 54: Craig Ball © 2007 seeking a tempor
Page 55 and 56: Craig Ball © 2007 Another reason b
Page 57 and 58: Craig Ball © 2007 Be advised that
Page 59 and 60: Craig Ball © 2007 APPENDIX: Exempl
Page 61 and 62: Craig Ball © 2007 • Releasing or
Page 63 and 64: Craig Ball © 2007 Ancillary Preser
Page 65 and 66: Craig Ball © 2007 Musings on Elect
Page 67 and 68: Craig Ball © 2007 would be lost fo
Page 69 and 70: Craig Ball © 2007 a (paltry by cur
Page 71 and 72: Craig Ball © 2007 Cowboys and Cann
Page 73 and 74: Craig Ball © 2007 Give Away Your C
Page 75 and 76: Craig Ball © 2007 Don't Try This a
Page 77 and 78: Craig Ball © 2007 Yours, Mine and
Page 79 and 80: Craig Ball © 2007 The Path to E-Ma
Page 81 and 82: Craig Ball © 2007 Electronic evide
Page 83 and 84: Craig Ball © 2007 • Preserve pot
Page 85 and 86: Craig Ball © 2007 The Path to Prod
Page 87 and 88: Craig Ball © 2007 The Path to Prod
Page 89 and 90: Craig Ball © 2007 Locard’s Princ
Page 91 and 92: Craig Ball © 2007 A Golden Rule fo
Page 93: Craig Ball © 2007 Data Recovery: L
Page 97 and 98: Craig Ball © 2007 Function Follows
Page 99 and 100: Craig Ball © 2007 The key is to be
Page 101 and 102: Craig Ball © 2007 image files (i.e
Page 103 and 104: Craig Ball © 2007 Ten Common E-Dis
Page 105 and 106: Craig Ball © 2007 Ten Tips to Clip
Page 107 and 108: Craig Ball © 2007 10. Work coopera
Page 109 and 110: Craig Ball © 2007 Now, copy the da
Page 111 and 112: Craig Ball © 2007 In Praise of Has
Page 113 and 114: Craig Ball © 2007 Dear Santa, Sant
Page 115 and 116: Craig Ball © 2007 Unlocking Keywor
Page 117 and 118: Craig Ball © 2007 Noise words are
Page 119 and 120: Craig Ball © 2007 6. Equipment...L
Page 121 and 122: Craig Ball © 2007 BitLocker At the
Page 123 and 124: Craig Ball © 2007 Getting to the D
Page 125 and 126: Craig Ball © 2007 Getting to the d
Page 127: Craig Ball © 2007 Adjunct Professo
show all

Six Articles on Electronic - Craig Ball

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?