Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove,

Slides:



Advertisements
Similar presentations
Williams v. Sprint/United Management Co.
Advertisements

Recovering,Examining and Presenting Computer Forensic Evidence in Court By malack Amenya.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
1 APPA Business & Financial Conference Information Technology Tract Session 30 Caught in the Web: Challenges With e-Discovery Vic Hatridge – CIO Nashville.
Gathering digital evidence by the EU Commission in inspections
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
Compliance, eDiscovery, Continuity and Migration made easy with SaaS Archiving Warren Roy, President & CEO, Global Relay.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
Cache La Poudre Feeds, LLC v. Land O’Lakes, Inc.  Motion Hearing before a Magistrate Judge in Federal Court  District of Colorado  Decided in 2007.
Q UINCY COLLEGE Paralegal Studies Program Paralegal Studies Program Litigation and Procedure Discovery: Overview and Interrogatories Litigation and Procedure.
Information Technology IBM DB2 Content Manager “Lunch N Learn” 03/14/2007.
E-Discovery for System Administrators Russell M. Shumway.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola.
Guide to Computer Forensics and Investigations, Second Edition
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
BACS 371 Computer Forensics
LBSC 708X The Record Nature of Electronic Records College of Information Studies.
Educause 2009 Data Administration Constituent Group November 5th, /5/20091Educause DASIG Constituent Group.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,
1 Computers & Litigation How Computer Technology Impacts Litigation October 6, 2006 Software Process Improvement Network (SPIN) Los Angeles SPIN Northrop.
Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
PMI Inventory Tracker™
COEN 252 Computer Forensics Writing Computer Forensics Reports.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Avoiding the Iceberg Sean Regan October 2008.
Get Off of My I-Cloud: Role of Technology in Construction Practice Sanjay Kurian, Esq. Trent Walton, CTO U.S. Legal Support.
* 07/16/96 The production of ESI continues to present challenges in the discovery process even though specific rules have been drafted, commented on, redrafted.
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
For Official Use Only Records Management: Essential Key to Content Management and eDiscovery Elizabeth L. (Bette) Fugitt, Ed.D. Unit Chief, Records Management.
Licitware a forensic software tool designed to investigate computer crimes.
The Sedona Principles 1-7
Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.
Nathan Walker building an ediscovery framework. armasv.org Objective Present an IT-centric perspective to consider when building an eDiscovery framework.
Chapter © 2006 The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/ Irwin Chapter 7 IT INFRASTRUCTURES Business-Driven Technologies 7.
Rewriting the Law in the Digital Age
The Rat Pack Dino Tsibouris (614)
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
2009 CHANGES IN CALIFORNIA DISCOVERY RULES The California Electronic Discovery Act Batya Swenson E-discovery Task Force
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
FILE NUMBER Kent Grey, Partner 1 June 2012 Technology in Governance Risk-intelligent approach to the use of technology “in the Boardroom”
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
© 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
The Challenge of Rule 26(f) Magistrate Judge Craig B. Shaffer July 15, 2011.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
How to Work with the IT & Litigation Support Departments – A Manager’s Guide to Strategic Team Building Andrew Hall, MBA Practice Technology Manager.
January 2001NETWORK ICE1 Forensics. January 2001NETWORK ICE2 What is Computer Forensics? Acquisition of Computer Evidence Preservation Analysis Court.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure Information.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
EDiscovery Also known as “ESI” Discovery of “Electronically Stored Information” Same discovery, new form of storage.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Electronic Discovery Guidelines FRCP 26(f) mandates that parties “meaningfully meet and confer” to consider the nature of their respective claims and defenses.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
CIT 180 Security Fundamentals Computer Forensics.
Automation Living in a Paper Oriented World and The Steps to Automation.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
PhD Oral Exam Presentation
Information Technology & The Amendments to the Federal Rules of Civil Procedure Sonya Naar - DLA Piper US LLP Doug Herman - UHY Advisors FLVS, Inc.
‘Make in India’ series Emerging Trends - International Arbitration: (i) E- discovery (ii) Hot tubbing.
Forensic and Investigative Accounting
Computer Forensics Discovery and recovery of digital evidence
Presentation transcript:

Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove, P.E., Fellow NAFE Cosgrove Computer Systems Inc.

Cosgrove Computer Systems Inc. 2 Outline Part I - Computer Issues 3 Part II – Doing the Work 8 Example Case 13 Summary 14

Cosgrove Computer Systems Inc. 3 Part I – Computer Issues Computer Issues Impacts on Litigation E-Discovery & New Federal Rules ESI Evidence - Software CSI

Cosgrove Computer Systems Inc. 4 Computer Issues Most evidence is computer resident Volume of billions & trillions (GB & TB) common Automated assistance required Computer Forensics Computer evidence handling Chain of custody CSI-type bag & tag – ESI version Data recovery - deleted and archived Establishing authenticity - Metadata Electronic discovery – new Federal Rules Electronically Stored Information (ESI) defined

Cosgrove Computer Systems Inc. 5 Impacts on Litigation Most cases involve ESI in some way Electronic discovery standards New Federal Rules for E-discovery – 12/1/06 May need to help counsel write subpoena for discovery of evidentiary data Standard-of-Care not yet established Legal name for process maturity Projects with computer components E.g., Water system SCADA Computer-aided-design

Cosgrove Computer Systems Inc. 6 E-Discovery New Fed Rules -12/1/06 “…most court battles … some electronically- stored information.“ (ESI) Includes electronic documents as discoverable Recognizes need for special guidance for e- documents E-documents often exponentially larger in magnitude Context, environment, collateral content, etc., often critical Special rules for non-active (i.e., deleted) files

Cosgrove Computer Systems Inc. 7 ESI Evidence – Software CSI Computer evidence handling Separate issue from E-discovery Chain-of-custody rules for electronic data E.G., ESI version of “bag and tag” Rules for computer evidence Forensic software at work – why Encase? Inherently invisible evidence Protect integrity of evidence Adapt legal precedents for authenticity Avoiding being challenged -- reproducibility Added Issues in Criminal Proceedings Establish reliable common evidence baseline

Cosgrove Computer Systems Inc. 8 Part II -- Doing the Work Litigation Fact Finding Finding the Critical Facts in Gigabytes Making Technical Issues Understandable Subpoena wording Example case

Cosgrove Computer Systems Inc. 9 Opinion Myself Tech ↔ Legal Translator Issues, Timelines, Narratives Domain Expert Data Expert Allegations, counterclaims “Crushing” amounts of s, Documents, Records Extraction Expert Data, deleted and otherwise Source – M Chock Litigation Fact-finding

Cosgrove Computer Systems Inc. 10 Finding the Critical Facts in Gigabytes Size matters Tools and techniques must match size Analogy with foundation of multi-story building Information may be buried in GB of unsearchable print-image files Common tactic by opposition Document “provenance” lost Metadata is electronic provenance Subtle modifications can occur Organizing data and extracting meaning 10s of Ks of project s, status, etc Use appropriate tools – SSs, character analysis, etc.

Cosgrove Computer Systems Inc. 11 Making Technical Issues Understandable Legal concept of “Teaching the court” Insist on foundation building with technical issues Problem is magnified for jury trials Creative use of analogies is effective Example of analogy to explain buffering Show complex event interactions in timelines - SS Make explanation separate from proof Avoid MEGO (My Eyes Glaze Over) Separate Summary opinion from fully substantiated Analysis with references Plausible explanation section often useful for counsel

Cosgrove Computer Systems Inc. 12 Subpoena wording All information for Project #x, dates 12/0x - 3/0y. Any form such as paper, scanned images or ESI files. ESI form preferred (Fed. Rule) If Electronic Media - disk drives or tape storage Attributes - “metadata” must be included Database (e.g. s) or log-file entry – entire file with context Custom Application (e.g. AutoCAD) issues

Cosgrove Computer Systems Inc. 13 Example Case – Show Chronology of Issues

Cosgrove Computer Systems Inc. 14 Summary Computer Technology is involved in most litigation Trend is for this to increase Some computer skills needed in most technical cases: Find the relevant evidence Organize the complexity Interpret the meaning

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.