Practical Advice to Beat Piracy

November 7, 2016 - from DisputeSoft

Online piracy is an increasingly important issue facing U.S. policy makers. But it is especially daunting for U.S. copyright and trademark holders, the attorneys who represent them in combating piracy, and the forensic experts who provide support. This article offers a brief overview of some of the techniques we have successfully used to lay the necessary evidentiary foundation to support misappropriation and infringement claims. Forensic experts face a number of challenging requirements: they must collect and preserve allegedly infringing materials, identify the owners and operators of the websites distributing infringing materials, and evaluate the extent of infringement, so that the amount of damages can be determined. Fortunately, a variety of tools, reference sources, and techniques exist that facilitate tracking down and prosecuting those individuals or organizations engaged in online copyright or trademark piracy.

Continue reading or view this article as a PDF file

What Every Attorney Needs to Know about Computer Forensics, Part 4: What Trusts and Estates Attorneys Need to Know about Computer Forensics

September 30, 2016 - from DisputeSoft's G. Hunter Jones

Trusts and Estates attorneys play an important role in helping their clients transfer assets through such vehicles as trust agreements, wills, business structures, and power of attorney. In most cases the disposition of an estate moves along smoothly, especially when a qualified attorney plans and executes the process.  However, this is not always the case. When a beneficiary (or hopeful beneficiary) raises concerns about lost or altered documents, or believes that the trustor has been unjustifiably influenced in some manner, expert assistance may be necessary to resolve the matter.  From medical and psychological examiners to document and computer forensics analysts, experts can prove pivotal for answering important questions about the timing, sequence, and authorship of key documents.

Consider the following situations, which reflect the kind of investigations DisputeSoft’s experts may be called upon to carry out:

1. A retired attorney chooses to prepare and revise his own trust instrument.  The word processing document exists on his personal computer, making the revision process simple to complete.  After making edits to three pages of his trust document, he reprints and replaces only those specific pages in the printed trust instrument.  However,   the printer he uses to make these revisions is slightly different from the prior model he used to print his original trust instrument. Because of the inconsistency in the   document with regard to its margins, ink, and type of paper, a disenfranchised beneficiary brings suit, claiming document alteration by the successor beneficiaries.

By examining the internal metadata in the document file, a computer forensics analyst can show that all of the pages in the document, including the revised pages, were created from the same word processing file, and that the latest modifications to the file were made well before the date of the trustor’s death.  The date of the modifications can then be checked against the printed trust instrument’s new signature date and notary certifications.

2. A potential heir brings suit when his late father leaves substantial property to a co-worker who had assisted the deceased in handling business and personal matters. By performing a liberal examination of the office computer produced by the plaintiff, the plaintiff’s expert recovers tens of thousands of potentially relevant files and fragments, including both intact and deleted files.

In such a situation, the defendant has the right to filter this material for privilege and relevance. But this is a daunting task, as the defendant must make determinations about many files that cannot be understood by a lay person, let alone reviewed for relevance in a dispute.  The defense’s computer forensics expert can help by filtering out thousands of completely irrelevant files, such as snippets of programs, help files, captured web pages, and advertisements. The defendant and his counsel are then able to make determinations about the privilege and relevance of the remaining 200 documents, spreadsheets, and e-mails in short order, and they can back up their filtering and selection processes with the certification of an expert.

In the wake of the death of a loved one, everyone hopes that the transfer of assets proceeds without a hitch.  In the unfortunate event that the potential beneficiaries get caught up in a dispute, a computer forensic expert may have the skills to help determine rightful ownership.

Computer Fraud and Abuse – United States v. Nosal; Facebook v. Vachani

August 25, 2016 - from DisputeSoft

Two cases recently coming out of the 9th Circuit Court of Appeals decided issues related to the Computer Fraud and Abuse Act (CFAA) and “access without authorization.” United States v. Nosal, a criminal case, involved a former employee accessing a computer system with borrowed login credentials from a current employee. Facebook v. Vachani, a civil case, involved a different social media outlet accessing Facebook’s computer system on the basis of user-granted access. In both cases, the Court decided that the parties accessed the system “without authorization,” despite being given “authorization” by a user or other authorized party. Specifically, the Court decided:

(1) In Nosal, a former employee whose access credentials have been revoked acts without authorization when the employee knowingly accesses a computer system using a borrowed login credential; and

(2) In Facebook, a third party who has been granted access by a user does not receive authority to access the entire system, but only to the user’s account; and receiving a cease and desist letter renders a party liable for CFAA violation for continued use.


These decisions make a case for the notion of dual authorization regarding access to computer systems and accounts. Access is not authorized when either: (1) permission has been explicitly revoked and a party continues to access the system with borrowed credentials; or (2) a party knowingly continues to access a computer system based solely on permission from a user. This represents the multi-dimensional nature of access; it is granted by either a user to a user’s account, or by the system’s owner to the entire system. Permission to access must originate from the party with the authority to grant access to the thing for which access is sought. Many articles discuss these cases in the context of password sharing practices with respect to Netflix and HBOGo accounts, and how password sharing may now be considered a federal crime under CFAA.

Read more about the United States v. Nosal decision here
Read more about the Facebook v. Vachani decision here