Presentation is loading. Please wait.

Presentation is loading. Please wait.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Published byShanon Dean Modified over 9 years ago

Similar presentations

Presentation on theme: "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."— Presentation transcript:

1 About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.

2 E-Discovery: An Introduction to Digital Evidence Chapter 1 Introduction to E-discovery and Digital Evidence

3 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence3 Objectives Define e-discovery and digital forensics Describe types of digital evidence Explain factors affecting digital evidence collection Summarize U.S. federal rules on digital evidence Describe other laws related to digital evidence and ESI discovery

4 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence4 An Overview of E-discovery E-discovery: process of applying traditional legal discovery process to electronic evidence Electronic evidence encompasses any electronically stored information (ESI) which can include: –Documents, e-mails, pictures, Web pages, and databases ESI can be found on: –Hard drives, cell phones, DVDs, CDs, and laptops E-discovery is a form of data mining –A method companies use to gather information about customers or vendors

5 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence5 An Overview of E-discovery Digital forensics: a scientific method for extracting data or evidence from a digital device or an active network –Following this process ensures information will stand up to scrutiny in court Field of digital forensics is divided into two specialties: –Device forensics: existing files, deleted files hidden files, encrypted data, and more are retrieved –Network forensics: deals with network intrusion and hackers

6 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence6 An Overview of E-discovery Key difference between e-discovery and digital forensics: –In digital forensics investigators are typically looking for incriminating or exculpatory evidence in a criminal case or an investigation of a corporate policy violation Digital forensics can be considered to overlap with e- discovery –Network forensics do not consider e-discovery to be related to their job –E-discovery experts might have to call on device forensics expert to retrieve data

7 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence7 Figure 1-1 The relationship between e-discovery and digital forensics

8 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence8 An Overview of E-discovery Type of evidence examined is OS information –MAC times: “modified, accessed, and created” dates and times –File access times and network logins are also examples In a Linux OS –Investigators might be able to retrieve the time files were deleted and who deleted them Challenge of e-discovery –It involves both the legal field and the highly specialized IT field

9 © Cengage Learning 2014 What Is Digital Evidence? Digital evidence: data or files in digital format that pertain to a civil or criminal complaint Cameras, watches, fax machines, copiers, and phones are examples of devices that may contain electronic storage devices with digital evidence stored on them E-mail exchanges, text messages, blogs, instant messages, and other forms of digital communications may also hold evidence E-Discovery: An Introduction to Digital Evidence9

10 © Cengage Learning 2014 Types of Digital Evidence Types of digital evidence includes: –DVDs, audiotapes, phone SIM cards, memory sticks, and more –Almost anything - even a refrigerator - can contain digital evidence Data: actual information being retrieved, such as a letter or document Metadata: information about the data –Metadata in a picture file can tell investigators the type of camera used, date of photo, and GPS coordinates where the photo was taken E-Discovery: An Introduction to Digital Evidence10

11 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence11 Figure 1-2 Data and metadata

12 © Cengage Learning 2014 Types of Digital Evidence To access a photo’s metadata: –Open Windows Explorer –Right-click the photo file and click Properties –Click the Details tab E-Discovery: An Introduction to Digital Evidence12 Figure 1-3 Photo metadata in the Properties dialog box

13 © Cengage Learning 2014 Types of Digital Evidence Metadata is also available for documents –An investigator can see how long the person had the document open, how many words and characters are in the document, and more Metadata has to be handled carefully Recent court cases have cited or fined companies for deleting metadata However, including metadata showing who worked on a particular file might violate other standards –Such as privacy regulations and copyright infringement E-Discovery: An Introduction to Digital Evidence13

14 © Cengage Learning 2014 Cloud Computing and Digital Evidence Cloud computing: on-demand access to remote servers, software, applications, and other computing resources National Institute of Standards and Technology (NIST) defines the cloud in terms of: –Three service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) –Four deployment methods: private, community, public, and hybrid (National Institute of Standards, 2011) E-Discovery: An Introduction to Digital Evidence14

15 © Cengage Learning 2014 Cloud Computing and Digital Evidence SaaS refers to applications provided for customers –Offers convenience of file access from any location and sharing with any location –Two common SaaS providers: Dropbox and Google Docs PaaS is more of a business model where users select a platform and install their own applications or software In IaaS, users get a “bare metal” environment where they install their own OSs, applications, tools, etc E-Discovery: An Introduction to Digital Evidence15

16 © Cengage Learning 2014 Cloud Computing and Digital Evidence Most secure deployment method is the private cloud –Client owns hardware and has physical access A community cloud is for people or organizations with similar interests or similar business types Public cloud: a person’s files are on the same physical machine as another person’s files Hybrid cloud: users keep some files in the cloud and the rest on their own servers for data security E-Discovery: An Introduction to Digital Evidence16

17 © Cengage Learning 2014 Factors Affecting Evidence Acquisition In civil cases, evidence is acquired by issuing a request for production –One company requests physical or electronic documents and the second company produces them Criminal cases require strict adherence to chain of custody –To ensure evidence hasn’t been tampered with or altered in the process –Requires use of search warrants, subpoenas, etc E-Discovery: An Introduction to Digital Evidence17

18 © Cengage Learning 2014 Factors Affecting Evidence Acquisition In digital forensics, a forensic image of a hard drive or other media device allows an investigator to: –Retrieve deleted files, deleted emails, file fragments, and other information not included in a simple file copy Because hard drives are increasing in size live acquisitions are common –Live acquisitions are done while machines are running –Question before the courts is that the results of a live acquisition might not be reproducible (violates forensics standards) E-Discovery: An Introduction to Digital Evidence18

19 © Cengage Learning 2014 Overview of E-discovery Tools AccessData and Guidance Software –Have e-discovery tools that work independently or with their digital forensics tools If a company has its own digital forensics team and legal team –Their efforts can be correlated easily with these tools –Legal team can view results at the e-discovery level If it is determined that more analysis is needed, the forensics team can search deeper Major e-discovery tools are discussed in more detail in Chapter 3 of this text E-Discovery: An Introduction to Digital Evidence19

20 © Cengage Learning 2014 Cost and Time Considerations Large multinational corporations may be able to afford expensive packages to handle e-discovery –Small and medium firms may not have the budget –Freeware and shareware products can be used E-discovery can be time consuming –Going through all the information stored on a terabyte hard drive could take a legal team years Cost and time can be reduced by: –Asking “Which information is needed to prove a case” –Be specific and narrow the focus E-Discovery: An Introduction to Digital Evidence20

21 © Cengage Learning 2014 Federal Rules in U.S. Courts Three sets of rules govern the conduct of federal court cases: –Federal Rules of Civil Procedure (FRCP) –Federal Rules of Criminal Procedure (FRCrP) –Federal Rules of Evidence (FRE) Each state has its own interpretation of these rules E-Discovery: An Introduction to Digital Evidence21

22 © Cengage Learning 2014 The Federal Rules of Civil Procedure Established in 1938 by the U.S. Supreme Court Those involved with e-discovery need to be aware of the following rules: –FRCP Rule 16 –FRCP Rule 26 –FRCP Rule 33 –FRCP Rule 34 –FRCP Rule 37 E-Discovery: An Introduction to Digital Evidence22

23 © Cengage Learning 2014 The Federal Rules of Criminal Procedure Established in 1944 by the U.S. Supreme Court FRCrP rules specify that when dealing with someone charged in a criminal case: –The rights of the individual take precedence Main rule that addresses digital evidence is: –Rule 41: Search and Seizure 2002: the Department of Justice “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations” document E-Discovery: An Introduction to Digital Evidence23

24 © Cengage Learning 2014 The Federal Rules of Evidence Drafted by the U.S. Supreme Court and became law in 1975 –Applies to all evidence presented in court for both civil and criminal cases Introduction of digital evidence hasn’t changed the FRE extensively –Does add many new interpretations of old rules –Example: hearsay rule Text messages and emails might prove the recipient had been told something; however, messages can’t prove the information’s accuracy E-Discovery: An Introduction to Digital Evidence24

25 © Cengage Learning 2014 The Federal Rules of Evidence FRE rules that have an impact on how e-discovery is preformed: –Article I, Rule 103 –Article I, Rule 105 –Article I, Rule 106 –Article IV –Article VII –Article VIII –Article X E-Discovery: An Introduction to Digital Evidence25

26 © Cengage Learning 2014 Rules and Policies Governing Digital Evidence Important aspect of ESI is its overwhelming volume –Digital information may be stored in several physical locations or moved to indeterminate locations as a result of load balancing Location of data can affect which country’s laws are in effect for e-discovery purposes –Emails can potentially be transmitted to anywhere in the world E-Discovery: An Introduction to Digital Evidence26

27 © Cengage Learning 2014 Sedona Principles Sedona Principles - created by a group of lawyers and other professionals as guidelines for handling electronic documents –Emerged from a conference held in 2007 –Designed to ease the burden of e-discovery and speed the process along –Lists 14 principles that link to the FRCP –Lay the framework for what a company must do to prepare for possible litigation E-Discovery: An Introduction to Digital Evidence27

28 © Cengage Learning 2014 FRCP Amendments April 2006: U.S. Supreme Court ordered that the FRCP be amended to address e-discovery –Require companies to protect data that might be subject to discovery in anticipated litigation The Advisory Committee on Civil Rules incorporated the Sedona Principles into the 2006 amendments Rule 26(b)(2) - permits parties to avoid discovery of ESI that isn’t reasonably accessible because of “undue burden or cost” –Includes electronic information that has to be converted or recovered to be usable E-Discovery: An Introduction to Digital Evidence28

29 © Cengage Learning 2014 FRCP Amendments FRCP Rule 34(b) - dictates that ESI be provided in a form that is readily usable –If requesting party specifies another form, the producing party has the option of objecting to the form and proposing its own form Organizations that scan paper documents and replace them with electronic documents in PDF or TIFF formats: –Improve information-management capabilities –Are better positioned to handle litigation E-Discovery: An Introduction to Digital Evidence29

30 © Cengage Learning 2014 FRCP Amendments Besides scanning documents, some organizations index the text –Using optical character recognition (OCR) software OCR software examines scanned pictures of documents and “recognizes” letters and numbers Use of PDF-scanned copies instead of a native file is disputed in the legal community –Native files can be searched without further processing and metadata still exists E-Discovery: An Introduction to Digital Evidence30

31 © Cengage Learning 2014 FRCP Amendments Lawyers have a duty to preserve evidence that’s relevant to actual or potential litigation Amended FRCP Rule 37 (f) states the court can’t impose sanctions when a party destroys ESI as part of its “routine, good faith” operations –Spoliation: a party wrongfully destroying evidence Companies should put their ESI retention policies in writing and be able to prove that the policies are followed routinely –Procedures should also be drafted to place a “litigation hold” on all potentially relevant ESI E-Discovery: An Introduction to Digital Evidence31

32 © Cengage Learning 2014 FRCP Amendments FRCP clarifies how ESI is handled during discovery ESI should be destroyed when it’s no longer legally or operationally required –ESI retention might be affected by IRS rules, corporate policy, or ongoing projects Policies and procedures should be reviewed and updated as needed E-Discovery: An Introduction to Digital Evidence32

33 © Cengage Learning 2014 State Amendments Related to ESI Many states have adopted provisions to address procedural issues with e-discovery –Texas developed rules for ESI discovery even before the FRCP amendments were passed States’ rules can be more stringent than federal rules but not more lenient 30 states have adopted e-discovery procedural rules reflecting the 2006 FRCP amendments –8 other states have some form of e-discovery legislation pending E-Discovery: An Introduction to Digital Evidence33

34 © Cengage Learning 2014 United Nations Model Law Developed as a result of burgeoning e-commerce in the late 1990s With multinational corporations –Cases can span several continents and jurisdictions The United Nations Model Law’s focus was on civil procedures –Has been used as a basis for both digital forensics law and e-discovery worldwide E-Discovery: An Introduction to Digital Evidence34

35 © Cengage Learning 2014 European Corporate Laws Most European companies that conduct business in the US feel compelled to improve internal controls –In response to U.S. demands The European Union’s 8 th Company Law Directive: –Sometimes described as the European Sarbanes- Oxley Act –Slightly different from the U.S. Sarbanes-Oxley Act –Foreign corporations that want to be listed on the U.S. stock exchanges have to comply with Sarbanes-Oxley provisions E-Discovery: An Introduction to Digital Evidence35

36 © Cengage Learning 2014 European Corporate Laws European government authorities want more accountability and transparency among European companies The European Union (EU) has amended the following directives: –4 th directive 78/660/EEC –7 th directive 83/349/EEC –8 th directive 84/253/EEC E-Discovery: An Introduction to Digital Evidence36

37 © Cengage Learning 2014 European Corporate Laws In accordance with the amendments, EU countries are enacting new laws –Informally known as “EuroSox” –Reflect modern expectations that companies should open themselves to more scrutiny through disclosure and third-party review E-mail communication is a crucial component –E-mail records should be maintained in a format that facilitates searching so that third parties can review transactions and relationships E-Discovery: An Introduction to Digital Evidence37

38 © Cengage Learning 2014 Canadian Rules of Civil Procedure In 2006, a subcommittee of the Canadian Discovery Task Force was created to deal with e- discovery issues in Canadian courts –Group created a list of guidelines for e-discovery –Also created additional guidelines under the Sedona Canada Working Group In 2010, Ontario amended its rules of civil procedure to address ESI discovery One of the biggest challenges: –Legal profession’s lack of knowledge in dealing with e-discovery E-Discovery: An Introduction to Digital Evidence38

39 © Cengage Learning 2014 Canadian Rules of Civil Procedure In 2010, Ontario created a rule: –Parties in a lawsuit agree on and file a written discovery plan within 60 days after close of pleadings Discovery plan shall be in writing and include: –Intended scope of document discovery –Dates for the service of each party’s affidavit of documents –Information respecting the timing, costs and manner of the production of documents –Any other information intended to complete discovery process E-Discovery: An Introduction to Digital Evidence39

40 © Cengage Learning 2014 Canadian Rules of Civil Procedure Important principles related to ESI: –Principle 1 - Electronically Stored Information is discoverable –Principle 3 - Parties must consider their obligation to take reasonable and good faith steps to preserve potentially relevant ESI as soon as litigation is anticipated –Principle 4 - Parties and counsel should meet and confer soon and on an ongoing basis –Principle 5 - Parties should be prepared to produce relevant ESI that is reasonably accessible in terms of cost and burden E-Discovery: An Introduction to Digital Evidence40

41 © Cengage Learning 2014 Canadian Rules of Civil Procedure Important principles related to ESI (cont’d): –Principle 8 - Parties should agree early on the format in which ESI will be produced –Principle 9 - Parties should agree on or seek judicial direction to protect privilege and confidentiality E-Discovery: An Introduction to Digital Evidence41

42 © Cengage Learning 2014 Canadian Rules of Civil Procedure The Sedona Canada principles and the Ontario checklist for preparing a discovery plan are part of Canadian procedural law Rule 29.1.05 of Ontario Rules of Civil Procedure states: –The court can refuse to award any costs if parties haven’t agreed on a discovery plan –The court can impose cost penalties and other sanctions E-Discovery: An Introduction to Digital Evidence42

43 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence43 Summary E-discovery is the accumulation of digital information for use in litigation Digital evidence can be found in a variety of forms and on a wide range of devices The methods used to acquire digital evidence can determine its effectiveness and admissibility in court A number of software tools are designed for e- discovery Cost and time considerations affect what tools a company selects for e-discovery and ESI retention

44 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence44 Summary In the US, the Federal Rules of Civil Procedure, along with laws such as the Sarbanes-Oxley Act, govern the ways in which corporations preserve data and data is presented or exchanged during legal proceedings The Federal Rules of Evidence in the US have a direct bearing on how evidence is collected and maintained in both civil and criminal cases The Federal Rules of Criminal Procedure take into account the U.S. Constitution and defendants’ rights under the Bill of Rights

45 © Cengage Learning 2014 E-Discovery: An Introduction to Digital Evidence45 Summary The UN Model Law was created to address e- commerce investigations Other countries, such as Canada and members of the European Union, have similar rules and procedures for governing e-discovery The Sedona Principles are 14 rules that can be used to help mitigate costs and preserve evidence in e- discovery cases

Download ppt "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."

Similar presentations

Williams v. Sprint/United Management Co.

Williams v. Sprint/United Management Co.
Electronic Evidence Joe Kashi. Todays Program Types of Electronically stored information Types of Electronically stored information Accessibility and.

Electronic Evidence Joe Kashi. Todays Program Types of Electronically stored information Types of Electronically stored information Accessibility and.
Review Questions Business 205

Review Questions Business 205
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.

E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.

E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.
INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.

INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.
Www.frostbrowntodd.com Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.

Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
5 Vital Components of Every Custodian Interview David Meadows, PMP, Managing Director – Discovery Consulting, Kroll Ontrack Dave Canfield, EJD, Managing.

5 Vital Components of Every Custodian Interview David Meadows, PMP, Managing Director – Discovery Consulting, Kroll Ontrack Dave Canfield, EJD, Managing.
E-Discovery for System Administrators Russell M. Shumway.

E-Discovery for System Administrators Russell M. Shumway.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.

No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY 40202.

W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
April 11-13, 2011 www.techshow.com Session Title Presenters {Name} April 11-13, 2011 www.techshow.com PRESENTED BY THE Managing E-Discovery in Small to.

April 11-13, Session Title Presenters {Name} April 11-13, PRESENTED BY THE Managing E-Discovery in Small to.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,

1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:

Similar presentations

Ads by Google