What Every Attorney Needs to Know about Computer Forensics, Part 2: The Difference between Electronic Discovery and Computer Forensics

May 12, 2016 - from DisputeSoft's G. Hunter Jones

Electronic Discovery and Computer Forensics seem pretty similar at first glance: both involve the location, recovery, and review of electronically stored information (ESI), and both deal with the responsible preservation of that data. But the two fields are actually quite different; they require different types of expertise, and they have markedly different goals and outcomes.

“E-Discovery” refers to the identification and preservation of electronic files for litigation with the goal of allowing counsel to make determinations about which electronic files are relevant or privileged. Specialized software from E-Discovery vendors allows for the identification, capture, de-duplication, indexing, storage, retrieval and commenting of electronically stored documents, including emails.

“Computer Forensics,” on the other hand, refers to the investigation and analysis of computers, networks, and digital storage devices to determine how that device was used (e.g., to access terrorist websites; to send threatening emails; to distribute pornography). Such uses, historically the realm of law enforcement, are now used extensively in (a) investigations (e.g., does examination of a CEO’s computer indicate she had knowledge of and approved a particular decision?); and (b) litigation (e.g., was a will modified after the decedent’s death?; was a medical report altered after the patient’s death?).

Specialized equipment and software is also used in the computer forensics field, but it is quite different from E-Discovery software. Computer forensics equipment and software provides tools for “imaging” a computer’s hard drive (i.e., making an exact bit-for-bit copy without turning on the computer and without altering any data on the hard drive). Computer forensics software also provides tools for analyzing the hard drive and reporting on the results of the analysis. A qualified computer forensics expert reports the source and content of the data and may also offer opinions and interpretations about its meaning in deposition or at trial.

If the objective is to identify and preserve electronic data and to make a determination about its relevance and privilege for production purposes, the situation requires E-Discovery. If counsel needs an expert to find evidence of computer-related actions, such as data alteration or deletion, and to provide opinions or interpretations of forensically acquired data, the situation requires a computer forensics expert. Equally often, a computer forensics expert will be needed to assist counsel in understanding reports or testimony by an opposing expert, including forensic specialists working for law enforcement, and to provide rebuttal reports or testimony.

What Every Attorney Needs to Know about Computer Forensics, Part 1: What is Computer Forensics?

April 11, 2016 - from DisputeSoft's G. Hunter Jones

Computer Forensics is the science of examining computers, networks, and data storage devices in order to obtain information relevant to a specific litigation, investigation or criminal or proceeding. Such information may be located in intact or deleted data files, as well as in artifacts that show prior actions related to the data or to the digital devices. A qualified Computer Forensics expert has specific training (and usually corresponding certifications) in locating, analyzing and interpreting such findings, and in reporting clearly the source and meaning of the data. Usually the expert will present these results to a client as a report, and often support them before the trier of fact through affidavit and/or testimony.

The analysis usually requires access to computer data which is unavailable to the normal user (obtained by the use of specialized forensics software), in order to recover deleted materials and to examine the operating system’s own records of events and settings. At the same time, the analyst has an absolute obligation to protect all the original evidence against any form of alteration. This includes secure storage to prevent unauthorized access and the use of special equipment that allows reading stored data but prevents any writing to the same devices, which could otherwise spoliated evidence. To support how information was obtained, the analyst will document the chain of custody, analytic steps taken, and the corresponding results produced.

When Computer Forensics experts have followed these principles, they will usually be successful in having their findings admitted, and their opinions as to proper inferences will generally be accepted.

U.S. Senate Passes “Defend Trade Secrets Act” Unanimously

April 8, 2016 - from The New York Times

According to a New York Times article published on April 4, 2016,

“The U.S. Senate on Monday approved legislation to give companies greater legal protections for their commercial secrets and allow them for the first time to sue in federal court if they are stolen.

The Defend Trade Secrets Act passed 87-0, amid strong White House backing.

Supporters hope the unanimous vote will boost the bill’s prospects in the House of Representatives.

‘Some thieves would rather not go through the trouble of developing products themselves; they’d rather just steal the fruits of others’ creativity,’ Senate Majority Leader Mitch McConnell said in urging passage of a bill he argued would ‘help protect American innovation.’

Theft of intellectual property, including trade secrets, costs U.S. businesses more than $300 billion a year, according to a 2013 report by the Commission on the Theft of American Intellectual Property, which was made up of a bipartisan group of high-ranking former U.S. officials.”

From a practice point of view, DisputeSoft anticipates that upon passage of the “Defend Trade Secrets Act” (DTSA), many software trade secret actions, heretofore filed primarily in state courts, will gain federal jurisdiction. While the bill does not preempt state law, it does provide a previously unavailable legal forum for trade secret claims that cross state borders. The DTSA also enables federal legal action to be taken when the theft of trade secrets has been perpetrated by a foreign actor.

The DTSA will next be considered in the House of Representatives, where it already enjoys the support of 127 co-sponsors, both Republicans and Democrats. Given the bill’s wide support in both Congress and the White House, we envision a future where trade secrets, like copyrights, will be litigated in the federal courts.

Read more…