What Every Attorney Needs to Know about Computer Forensics, Part 4: What Trusts and Estates Attorneys Need to Know about Computer Forensics

September 30, 2016 - from DisputeSoft's G. Hunter Jones

Trusts and Estates attorneys play an important role in helping their clients transfer assets through such vehicles as trust agreements, wills, business structures, and power of attorney. In most cases the disposition of an estate moves along smoothly, especially when a qualified attorney plans and executes the process.  However, this is not always the case. When a beneficiary (or hopeful beneficiary) raises concerns about lost or altered documents, or believes that the trustor has been unjustifiably influenced in some manner, expert assistance may be necessary to resolve the matter.  From medical and psychological examiners to document and computer forensics analysts, experts can prove pivotal for answering important questions about the timing, sequence, and authorship of key documents.

Consider the following situations, which reflect the kind of investigations DisputeSoft’s experts may be called upon to carry out:

1. A retired attorney chooses to prepare and revise his own trust instrument.  The word processing document exists on his personal computer, making the revision process simple to complete.  After making edits to three pages of his trust document, he reprints and replaces only those specific pages in the printed trust instrument.  However,   the printer he uses to make these revisions is slightly different from the prior model he used to print his original trust instrument. Because of the inconsistency in the   document with regard to its margins, ink, and type of paper, a disenfranchised beneficiary brings suit, claiming document alteration by the successor beneficiaries.

By examining the internal metadata in the document file, a computer forensics analyst can show that all of the pages in the document, including the revised pages, were created from the same word processing file, and that the latest modifications to the file were made well before the date of the trustor’s death.  The date of the modifications can then be checked against the printed trust instrument’s new signature date and notary certifications.

2. A potential heir brings suit when his late father leaves substantial property to a co-worker who had assisted the deceased in handling business and personal matters. By performing a liberal examination of the office computer produced by the plaintiff, the plaintiff’s expert recovers tens of thousands of potentially relevant files and fragments, including both intact and deleted files.

In such a situation, the defendant has the right to filter this material for privilege and relevance. But this is a daunting task, as the defendant must make determinations about many files that cannot be understood by a lay person, let alone reviewed for relevance in a dispute.  The defense’s computer forensics expert can help by filtering out thousands of completely irrelevant files, such as snippets of programs, help files, captured web pages, and advertisements. The defendant and his counsel are then able to make determinations about the privilege and relevance of the remaining 200 documents, spreadsheets, and e-mails in short order, and they can back up their filtering and selection processes with the certification of an expert.

In the wake of the death of a loved one, everyone hopes that the transfer of assets proceeds without a hitch.  In the unfortunate event that the potential beneficiaries get caught up in a dispute, a computer forensic expert may have the skills to help determine rightful ownership.

Computer Fraud and Abuse – United States v. Nosal; Facebook v. Vachani

August 25, 2016 - from DisputeSoft

Two cases recently coming out of the 9th Circuit Court of Appeals decided issues related to the Computer Fraud and Abuse Act (CFAA) and “access without authorization.” United States v. Nosal, a criminal case, involved a former employee accessing a computer system with borrowed login credentials from a current employee. Facebook v. Vachani, a civil case, involved a different social media outlet accessing Facebook’s computer system on the basis of user-granted access. In both cases, the Court decided that the parties accessed the system “without authorization,” despite being given “authorization” by a user or other authorized party. Specifically, the Court decided:

(1) In Nosal, a former employee whose access credentials have been revoked acts without authorization when the employee knowingly accesses a computer system using a borrowed login credential; and

(2) In Facebook, a third party who has been granted access by a user does not receive authority to access the entire system, but only to the user’s account; and receiving a cease and desist letter renders a party liable for CFAA violation for continued use.


These decisions make a case for the notion of dual authorization regarding access to computer systems and accounts. Access is not authorized when either: (1) permission has been explicitly revoked and a party continues to access the system with borrowed credentials; or (2) a party knowingly continues to access a computer system based solely on permission from a user. This represents the multi-dimensional nature of access; it is granted by either a user to a user’s account, or by the system’s owner to the entire system. Permission to access must originate from the party with the authority to grant access to the thing for which access is sought. Many articles discuss these cases in the context of password sharing practices with respect to Netflix and HBOGo accounts, and how password sharing may now be considered a federal crime under CFAA.

Read more about the United States v. Nosal decision here
Read more about the Facebook v. Vachani decision here

Tata Consultancy Services and Orange County, CA Settle Marathon Software Failure Suit for $26M

August 24, 2016 - from Orange County Executive Office

On August 19, Orange County, California received notification that India’s largest IT firm, Tata Consultancy Services, had wired $26 million to the County Treasurer-Tax Collector, officially ending a 3-year lawsuit between the two parties. More than 6 years ago, Orange County hired Tata to replace the county’s automated property tax system by 2010. After a 3-year extension plagued by delays, Orange County terminated the contract and sued Tata over the failed project, alleging fraud. Orange County claimed the IT firm had lied about its capabilities and was intentionally stretching out the contract in an attempt to make more money. The $26 million settlement is the largest amount recovered by the county in more than 20 years.

Read the Press Release here
Read the Settlement Agreement here