Post Process

Everything to do with E-discovery & ESI

Archive for September 9th, 2007

New Euro built computer a super forensics tool?

Posted by rjbiii on September 9, 2007

Well, it certainly is fast, if nothing else:

A European consortium has come up with a high-speed digital forensic computer dedicated to the task of quickly offloading and analyzing all computer records from email or picture files to database contents and file transfers.The TreCorder is a rugged forensic PC able to copy or clone up to three hard disks simultaneously, at a speed of up to 2 Gb/min. The same transfer would take 30 to 60 minutes using alternative equipment said Martin Hermann, general director of MH-services…

Speed isn’t the only thing the TreCorder’s makers brag about, however:

The PC not only provides a complete mirror image of the hard disk and system memory – including deleted and reformatted date – but also eliminates any possibility of falsification in the process, Hermann said.

Network World, who has the story, mentions its past article questioning the soundness of such widely used tools as EnCase and The Sleuth Kit (a subject about which Post Process has already posted):

[Security Company Isec Partners] has discovered about a dozen bugs [in the aforementioned forensic software kits] that could be used to crash the programs or possibly even install unauthorized software on an investigator’s machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.

Posted in Articles, Computer Forensics, EnCase, The Sleuth Kit, TreCorder | Leave a Comment »

What are attorneys’ responsibilities concerning their clients’ data enterprising?

Posted by rjbiii on September 9, 2007

I have a few passages concerning this very issue:

Existence of electronically stored information. Prior to the Fed. R. Civ. P. 26(f) conference, counsel should become knowledgeable about their clients’ information systems and their operation, including how information is stored and retrieved. In addition, counsel should make a reasonable attempt to review their clients’ electronically stored information to ascertain the contents, including archival, backup, and legacy data (outdated formats or media). U.S. District Courts (Kan.) Guidelines for Discovery of Electronically Stored Information.

In any case in which an issue regarding the discovery of electronically-stored information is raised or is likely to be raised, the court should encourage counsel to become knowledgeable about their client’s information management systems and their operation, including how information is stored and retrieved. Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Judges (Rev. Draft, Sept. 2005).

It is ultimately counsel’s duty to preserve and gather discoverable ESI. Leonard Dutchman, Preserving Data in the Wake of Amended Rule 37(f), (last visited October 30, 2006).

Counsel has the duty to properly communicate with its client to ensure that “all sources of relevant information [are] discovered.” Phoenix Four, Inc. v. Strategic Resources Corp., 2006 WL 1409413 (S.D.N.Y 2006) (citing Zubulake v. UBS Warburg LLC, 229 F.R.D. 422 (S.D.N.Y. 2004)).

To identify all [potential sources or relevant information], counsel should become fully familiar with its client’s document retention policies, as well as its client’s data retention architecture. Id.

Posted in Attorney Liability, Data Management, Duty to Conduct a Reasonable Inquiry | Leave a Comment »