THE POWER TO PROVE 1 New Advances in Spoliation Detection and Remediation David Cowen Rafael Gorgal.

Slides:



Advertisements
Similar presentations
Electronic Discovery Guidelines Meet and Confer - General definition. a requirement of courts that before certain types of motions and/or petitions will.
Advertisements

Zubulake v. UBS Warburg LLC “Zubulake IV”
The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.
248 F.R.D. 372 (D. Conn. 2007) Doe v. Norwalk Community College.
© 2007 Morrison & Foerster LLP All Rights Reserved Attorney Advertising The Global Law Firm for Israeli Companies Dispute Resolution in the United States.
The Process of Litigation. What is the first stage in a civil lawsuit ?  Service of Process (the summons)
Ronald J. Shaffer, Esq. Beth L. Weisser, Esq. Lorraine K. Koc, Esq., Vice President and General Counsel, Deb Shops, Inc. © 2010 Fox Rothschild DELVACCA.
Cache La Poudre Feeds, LLC v. Land O’Lakes, Inc.  Motion Hearing before a Magistrate Judge in Federal Court  District of Colorado  Decided in 2007.
Guide to Computer Forensics and Investigations Fourth Edition
Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC Ralph Gorgal,
Triton Construction Co, Inc. v. Eastern Shore Electrical Services, Inc. Eastern Shore Services, LLC, George Elliot, Teresa Elliot, Tom Kirk and Kirk’s.
E -nuff! : Practical Tips For Keeping s From Derailing Your Case Presented by Jerry L. Mitchell.
CJ227 Criminal Procedure Welcome to our Seminar!!! (We will begin shortly) Tonight – Unit 4 (Chapter 9 – Pretrial Motions, Hearings and Pleas) (Chapter.
Guide to Computer Forensics and Investigations Fourth Edition
Electronic Communication “ Litigation Holds” Steven Raskovich University Counsel California State University PSSOA Conference – March 23, 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
TRIAL INFORMATION Steps, vocabulary.
Motion for Summary Judgment The Keys to Success. How does this work?  Summary judgments are governed by Rule 166(a) of the Texas Rules of Civil Procedure.
Chapter 7 Working with Files.
MAC Times Modification (mtime) When the file contents were CHANGED Change = addition or deletion or change of any single BYTE/Character… even if it doesn’t.
CS&E 1111 AcInnerJoins Inner Joins Objectives: Creating Queries with data from Multiple Tables Joining two tables using an Inner Join Referential Data.
EVIDENCE Some Basics Spring Overview The cases you read involve facts and law Most often appellate courts decide legal issues based on the facts.
Civil litigation begins with pleadings: formal papers filed with the court by the plaintiff and defendant. Plaintiff - the person bringing the lawsuit.
Discovery III Expert Witness Disclosure And Discovery Motions & Sanctions.
1 Agenda for 7th Class Admin –Slides –Name plates out Work Product Experts Introduction to Sanctions.
Computer Forensics Principles and Practices
Metropolitan Opera Association, Inc. v. Local 100, Hotel Employees and Restaurant Employees International Union 212 F.R.D. 178 S.D.N.Y
DOE V. NORWALK COMMUNITY COLLEGE, 248 F.R.D. 372 (D. CONN. 2007) Decided July 16, 2002.
© 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Chapter Seventeen The Trial. Introduction to Law, 4 th Edition Hames and Ekern © 2010 Pearson Higher Education, Upper Saddle River, NJ All Rights.
Rambus v. Infineon Technologies AG 22 F.R.D. 280 (E.D. Va. 2004)
Cache La Poudre Feeds, LLC v. Land O’Lakes, Inc. 224 F.R.D. 614 (D. Colo. 2007) By: Sara Alsaleh Case starts on page 136 of the book!
EDiscovery Preservation, Spoliation, Litigation Holds, Adverse Inferences. September 15, 2008.
Configuring Data Protection Chapter 12 powered by dj.
Summary Judgment and Summary Adjudication LA 310.
537 F. Supp. 2d 14 (D.D.C. 2008). PARTIES Plaintiff: United States – Q-P-Q charges against USDOS employee Michael O’Keefe & VISA applicant STS Jewelers.
MCSE Guide to Microsoft Windows Vista Professional Chapter 5 Managing File Systems.
© COPYRIGHT DICKSTEIN SHAPIRO LLP. ALL RIGHTS RESERVED. Post Grant Proceedings Before the USPTO and Litigation Strategies Under the AIA Panelists:David.
MER 2012: T1 – Achieving Enterprise Content and Records Management with SharePoint John Isaza, Esq., FAI Partner Legal Developments & Rules Affecting SharePoint.
Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure Information.
Emerging Case Law and Recent eDiscovery Decisions.
Zubulake IV [Trigger Date]
Electronic Discovery Guidelines Meet and Confer - General definition. a requirement of courts that before certain types of motions and/or petitions will.
U.S. District Court Southern District of New York 229 F.R.D. 422 (S.D.N.Y. 2004)
Record Retention to Manage Risk F. Jay Meyer Vice President & Senior Attorney TD Banknorth, N.A. Portland, Maine.
Private key
CIVIL PROCEDURE CLASS 17 Professor Fischer Columbus School of Law The Catholic University of America October 4, 2002.
Week 2 Lecture 2 Data Dictionary Views and Control Files.
Residential Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99 (2d. Cir. 2002).
National Lead Litigation Conference 2015 November 5-6, 2015.
PROCEDURES IN THE JUSTICE SYSTEM, 8 th ed. Roberson, Wallace, and Stuckey PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ
Notice Requirements in a Nutshell 1) Written notice to healthcare providers 2) With list of others receiving notice 3) 60 days prior to filing suit 4)
PRE-SUIT CONSIDERATIONS
Inner Joins Objectives: Creating Queries with data from Multiple Tables Joining two tables using an Inner Join Referential Data Integrity Cascade Update.
Civil Trial Procedures
LCGAA nightlies infrastructure
Digital Forensics in the Corporation
Please use speaker notes for additional information!
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Effective Formal and Informal Discovery
Introduction to Digital Forensics
Please use speaker notes for additional information!
Civil Pre-Trial Procedures
Threats to Privacy in the Forensic Analysis of Database Systems
Law 12 Criminal Trial Process.
Business Law Final Exam
Presentation transcript:

THE POWER TO PROVE 1 New Advances in Spoliation Detection and Remediation David Cowen Rafael Gorgal

THE POWER TO PROVE 2 Introduction Who are we? Things We’ve written you might have seen –Hacking Exposed: Computer Forensics, currently working the third edition –Infosec Pro Guide to Computer Forensics –Anti Hacker Toolkit, Third edition –Hacking Exposed Computer Forensics Blog –This presentation

THE POWER TO PROVE 3 Spoliation Case law presenters involved with Super Future Equities Inc v. Wells Fargo Bank NA et al (Texas Case No. 3:06-cv ) Stille Sonesta v Tara Woodruff Buxton v David Cavin

THE POWER TO PROVE 4 Current state of spoliation detection Data destruction programs are noisy Most change timestamps to invalid dates (e.g. 1/1/1970) Deleted file records with invalid dates and random file names remain Counting the number of files remaining that match this criteria makes a base level total of spoliated files

THE POWER TO PROVE 5 Current defense arguments The files destroyed were personal The files destroyed were not relevant The files destroyed were part of a system process

THE POWER TO PROVE 6 New advances in spoliation detection Transaction Logging Decoded Change Logging added since Windows Vista

THE POWER TO PROVE 7 How the new artifacts are created XP – Transactional logging from interaction with the file system, may last 24 hours on a system drive Vista/7/8 – Change logging from interaction with the file system, may go back months

THE POWER TO PROVE 8 What can now be determined Ability to recover: –Pre wiped file name –Directory where wiped data existed –Metadata of file –Scope of total files wiped –Linkage to program execution –Determination of destruction time

THE POWER TO PROVE 9 What still cannot be determined Contents of the wiped files –Unless backups exist –Shadow Copies –Temp/Autorecovery files –Carved files

THE POWER TO PROVE 10 New arguments and defense presented Parties affected by spoliation can now show what was being destroyed, when and the context. Parties defending spoliation can now show that files wiped were in fact innocuous or non relevant

THE POWER TO PROVE 11 Impact of research on existing case law Ability to determine actual file names helps towards showing bad faith For some cases where the spoliating party was in fact telling the truth sanctions can be reduced or waived

THE POWER TO PROVE 12 Adverse Inference versus summary judgment Most common instruction we see is adverse inference to the judge or jury when determining the usage of the spoliated data. Now judge and juries can infer the content and usage of known files With the veil of mystery as to what was destroyed removed we may see more summary judgement

THE POWER TO PROVE 13 Role of an expert in a spoliation motion Prove what was done Determine if it was automatic or manual Validate the methods used to destroy Estimate the totality of the destruction Testify to the impact on the experts analysis Explain to the judge and jury what is determinable and what is recoverable

THE POWER TO PROVE 14 Standard of proof from prior cases Prove spoliation occurred Show that it occurred after notice or expectation of litigation Show scope of spoliation Show relevancy of spoliated data and how it prejudices the affected party

THE POWER TO PROVE 15 Questions? David Cowen Rafael Gorgal Blog - og.blogspot.com/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.