800-810-1885
Home > Blog > Archives for Bill Dean

Author Archives: Bill Dean

Attorneys: Be Aware When Reviewing Emails in Outlook

By Bill Dean | Published: January 10, 2012
Bill Dean

Bill Dean, Director of Computer Forensics

I am well aware that the use of Microsoft Outlook to review email is a perceivably convenient and low cost method to review small volumes of email. However, this method is laced with potential issues that just aren’t worth the risks – and there are risks. This article will address some of these risks to hopefully encourage the use of better technology to review email, or at least educate you enough to understand the risks.

So your client produced his or her email for you to review in a PST format (Microsoft Outlook Email Database). You are already proficient in the use of Microsoft Outlook as it likely already dictates much of your day. Either you already know how to attach this file to Outlook or your “friendly” IT staff will do it for you. You have the email loaded and you are ready to begin, but before you start, let’s talk about keyword searching.

Google has been a great asset to our culture in many ways. For the litigation field, it has inadvertently educated you how to perform Boolean searches. When you search Google for “Trade secret theft” and “Case Law” in the same query, you have performed a powerful Boolean search. However, Boolean search features such as this are not as intuitive in Microsoft Outlook and require extensive effort to execute. Difficulty performing Boolean searches is the good news. The bad news is that Microsoft Outlook, by default, will not search the contents of attachments for the keywords. Your searches will only address the email fields and the contents of an email message, which could potentially omit responsive information. We will visit the danger of attachments later in this article.

The read receipt option on sent emails presents another concern. If an unread email you are reviewing has the read receipt option set, your review of that email could inadvertently send a message to the sender that the email has been read. Consider the implications for that for a moment. There is one instance in which the custodian was deceased and his widow received a read receipt “from beyond the grave”.

Read More »

Posted in Uncategorized | Leave a comment

The “Details” of Digital Forensics

By Bill Dean | Published: June 15, 2011

Before we begin, let’s dispel a myth or two about digital forensics: digital forensics is not what you see on CSI. For starters, you cannot power up a computer with potential evidence and begin pilfering through the information. Those actions will modify and destroy evidence potentially preventing admissibility into court (Attorneys: remind your clients of this). Secondly, digital forensic investigations can be very detailed and time-consuming: it isn’t going to happen in an hour. Lastly, we are not nearly as attractive as the people on television.

Digital forensics isthe ability to obtain great detail related to activities performed on computers. Digital forensics can also provide information typically not available from conventional eDiscovery requests; deleted information, Internet activities, social network usage, and detailed timeline activity of actions taken by a computer user.

Let’s walk through an example demonstrating the benefits from digital forensics.

Our client employed a valued engineer for years. This person was a model employee and contributed greatly to the success of the company. Unexpectedly, the employee resigned to work for a direct competitor. Our client indicated that they were very shocked at the resignation and were concerned that he may have taken their “widget” designs. We were asked to analyze the computer of the former employee.

The digital investigation uncovered many artifacts of value to the client and their counsel. Computers are very detailed when monitoring the activities that occur on them. This enables us to perform very detailed timeline analysis. In the analysis of the computer, we found that: Read More »

Posted in Computer Forensics | Tagged | Leave a comment

Facebook’s New “Download Your Information” Feature is an Early Christmas Present for Lawyers

By Bill Dean | Published: November 22, 2010

FacebookJust in time for the holiday season, Facebook has a free gift that attorneys will love. Facebook has recently enabled a new feature providing a very easy way to collect and preserve profiles.

In the past, preserving and collecting user profiles on Facebook was a daunting task of screenshots, printing pages, and downloading potentially hundreds of individual files and photos. A Facebook profile can now be obtained for review using the simple procedure outlined at the end of this post.

Time will tell why Facebook decided to implement this feature. Facebook may have become weary of responding to an avalanche of subpoenas and preservation letters. Perhaps they just haven’t found a way to charge for responding to legal requests as Google has. Regardless of the intent, this feature will greatly assist in gathering Facebook profiles in litigation.

Facebook Download Your InformationWhat Facebook Information is Downloaded?

  • Profile page with all of the user’s information.
  • The users’s “Wall” with all status updates.
  • Replies/comments to all user contents, including status updates and photos.
  • A complete list of Facebook friends.
  • Notes.
  • Events to which the person RSVP’d.
  • A listing of all photos with the time of the upload
  • A complete list of the elusive Facebook messages (email) with the entire conversation thread with timestamps.

Limits of the Downloaded Information

Read More »

Posted in Computer Forensics, Electronic Discovery, Social Media | Tagged | 2 Comments

Free eDiscovery Training Webinar

By Bill Dean | Published: November 18, 2010
It has been my experience that there are many misconceptions of the complexities of eDiscovery. When properly leveraged, eDiscovery should provide efficiencies rather than frustrations. With this in mind, Forensic Discoveries, a division of Sword & Shield Enterprise Security,  is now offering free eDiscovery webinarForensic Discoveriess for you and your firm from the convenience of your office. The material is similar to what I have presented for CLE credit to both state and local BAR associations as both a solo trainer and in conjunction with eDiscovery attorneys and federal judges.

 

The presentation addresses the following topics:
  •  eDiscovery Lifecycle (EDRM)
  • Technical Interpretations of the Updated Federal Rules of Civil Procedure
  • Digital Forensics Basics
  • eDiscovery Challenges

If you are new to eDiscovery, this one hour presentation will provide the foundation you need to succeed with eDiscovery. If you are experienced in eDiscovery, this webinar can provide an opportunity to ask specific technical questions about the process.

We are also working to produce a 15-minute video that you can share with your clients to introduce the importance of eDiscovery. More information on this video will be posted sooon.

Depending on the location, we may be able to work with you to provide CLE credit for the webinar. A listing of our previous speaking engagements and papers written can be found here

Plesase contact me directly at bill.dean@forensicdiscoveries.com or call 865-244-3505 to schedule.

Posted in Electronic Discovery, Training | Leave a comment

Sword & Shield Develops New Standard for eDiscovery Pricing

By Bill Dean | Published: October 6, 2010

Forensic Discoveries, a division of Sword & Shield Enterprise Security Inc, has announced a new eDiscovery Forensic Discoveries pricing model that covers the entire lifecycle of eDiscovery. The new pricing model provides many advantages over the conventional and complex pricing models that are based on processing alone, including:

  • Standard, predictable pricing for all technical phases of the eDiscovery lifecycle.
  • Standard pricing that covers one year of document hosting.
  • Pricing is up to 75% less than other eDiscovery vendors.
  • All technical aspects of the project are managed by eDiscovery experts acting as liaison between legal and technical teams.
  • Our technology is provided on a SaaS (Software as a Service) model protecting our clients from expensive technology infrastructure costs.
  • Documents may be accessed, reviewed, and analyzed using any computer, even Apple iPads, from any location in a secure manner without installing additional software.
  • Complete technical training is provided at no additional cost.

Our new eDiscovery pricing addresses the major issues facing today’s eDiscovery industry; uncontrollable costs and communication challenges between legal and technical teams” said Bill Dean, Director of Computer Forensics and eDiscovery.

Posted in Company News, Computer Forensics, Electronic Discovery | Leave a comment

eDiscovery or Computer Forensics – Which Do You Need?

By Bill Dean | Published: October 6, 2010

I am often asked the question, “What is the difference between electronic discovery and computer forensics?” There is often confusion between the disciplines of electronic discovery (eDiscovery) and computer forensics, but from a civil litigation perspective the same rules apply to both.

While both provide value in litigation, the differences are distinct. For starters, the pricing model is typically different. eDiscovery is often billed by the volume of data involved and the computer forensics pricing model typically revolves around hourly rates.

However, the most important difference between eDiscovery and computer forensics is who analyzes the information. Simply defined, eDiscovery is the process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation. The computer forensics process involves identifying, preserving, collecting, analyzing, and reporting on digital information.

As you can see they are very similar until the crucial difference, the responsible party for analyzing the information. In an eDiscovery matter, the role of the expert is to provide the information to legal teams in a reviewable format for analysis. However when leveraging computer forensics, the expert will perform the analysis of the information and report the findings to the legal teams. The party performing the analysis of the electronic information, in my opinion, is the primary differentiator between eDiscovery and computer forensics.

Extra Information Computer Forensics Can Provide

Since most of you are fluent in how to properly leverage eDiscovery, I will discuss additional information of interest that is provided by computer forensics: Read More »

Posted in Computer Forensics, Electronic Discovery | Leave a comment

eDiscovery – Someone Has to Say It

By Bill Dean | Published: September 1, 2010

This will be the first article in a series that I plan to write about the industry of eDiscovery. For a topic this large, I feel it will be easier to eat the elephant one bite at a time. I am also confident that I am not going to make any friends in the litigation support vendor market with this series of articles and may actually loose a couple, but someone has to say it.

eDiscovery is a mess. It is comprised with complexities, frustration, confusion, and uncontrolled expense. As many of you are aware, I have worked in the eDiscovery industry as a technologist for years. I would often wonder why more legal teams did not embrace the efficiencies of eDiscovery.  As I step back and look at the industry, along with reading and hearing the war stories surrounding eDiscovery, I can’t say that I blame them. eDiscovery, when implemented properly, should  be the extension of the discovery process that includes electronic information. When conducted properly, it should facilitate the success and efficiencies of the discovery process. But eDiscovery appears to create additional problems and foster uncontrollable expense. For these reasons, I am going to dedicate the next few issues of this newsletter  attempting to simplify and demonstrate methods of both efficiency and cost savings through each phase of the EDRM lifecycle.

As I begin this series of articles, I will start by describing my role in the eDiscovery market so there is an understanding of my perspective. My eDiscovery career began as many did, somewhat by accident. I had the responsibility of digital forensic investigations for a large healthcare company that became involved in John B. v Goetz.

When my company was presented with the situation, I agreed to lead the effort. I made this decision because the process to complete the request for electronic information was similar in approach and tools that I used for forensic investigations, and the vendor quotes seemed astronomical. I could not have asked for a better opportunity to learn about the challenges of eDiscovery. Since that time, I have been an eDiscovery consultant. My company is not an eDiscovery processing shop, nor do we have a capital investment in technology that I feel compelled to promote. We promote and provide the tools that best meet the needs of our clients. Our role is to assist our clients at any and every phase of the EDRM lifecycle to meet their needs in a successful manner. Within this role, we find that there are efficiencies in each stage of the EDRM lifecycle and I would like to share some of them with you. Read More »

Posted in Electronic Discovery | 1 Comment

The “Safe Harbor Rule”

By Bill Dean | Published: April 29, 2010

In early 2006, many companies were closely watching the progression and adoption of the updated Federal Rules of Civil Procedure. Speaking from those trenches, we thought the sky was falling. For those companies that were not paying close attention to the rules themselves, the software vendors ready to solve all of the problems with the magic “black box” were very helpful in teaching us some of the rules. Businesses perceived that these laws would force us to keep digital information perpetually. We did not completely understand Rule 37(f), the “Safe Harbor Rule”.  Rule 37(f), TN Rule 37.06, allows information technology departments to continue with business as usual, until litigation occurs (or is anticipated).

As companies began planning for the updated Federal Rules, I began speaking with other large companies in various industries and serving on discussion panels to address how to prepare for these rules. Finally when serving on a discussion panel with a Federal Judge, the significance of Rule 37(f) was given clarity. Rule 37(f) states, “absent exceptional circumstances a court may not impose sanctions on a party for failing to provide ESI lost as a result of routine, good-faith operation of an electronic information system.”  This recognizes that some computer systems routinely alter and delete information without specific direction from an operator. While the software vendors were informative and persuasive in their sales presentations, they failed to convey the significance of this rule.

Although the price of storage for digital information continues to decrease, we continue to create and store digital information at an unbelievable pace. According to IDC, by 2010, there will be more bits of data than grains of sand on all the world’s beaches (a bit is the smallest increment in which digital information is stored). For various reasons, it is fiscally difficult for companies to keep digital information eternally. Long before the updated Federal Rules were in place, companies already had  “routine, good-faith operations of an electronic information system” in the form of electronic data retention practices. The details of a company’s data retention practice will be dictated by the regulatory environment in which the company operates and influenced by internal concerns of those within the company.  The policies will often address purging age based email, office documents, database records, and voicemail, just to name a few.

Now that companies have realized that they can continue to practice their data retention policies, they must be aware of the important details of the “Safe Harbor Rule”:

  1. When litigation begins or is “reasonably anticipated”, companies must cease relevant aspects of their data retention policies and properly preserve the information under litigation hold requirements.
  2. The company should have a documented and approved data retention policies that they have been following leading up to litigation. If the company has not been following their document retention policy, they cannot implement it when litigation begins. Enron already demonstrated that this is not a good strategy.
  3. Companies cannot implement new electronic document retention policies during litigation. See “Policy was created as part of a litigation strategy

Many companies were preparing for the updated Federal Rules of Civil Procedure in early 2006 and were very concerned about the impact of these rules on their operations. The “Safe Harbor Rule”, is interpreted to allow businesses to continue to purge information from their electronic systems based on documented and approved policies that are currently being followed. Under Federal Rule 37(f) and TN Rule 37.06, the company will not be responsible for data that has been purged based on this routine operation. Once litigation begins however, the operation must cease where applicable and all potentially relevant information must be preserved.

Posted in Electronic Discovery | Leave a comment

Electronic Discovery of Data in the Cloud

By Bill Dean | Published: March 25, 2010

Like most industries, information technology sometimes suffers confusion between which is most valuable: products or marketing. The newest struggle in this fight is “cloud computing.”

I find great enjoyment in watching commercials that market “the cloud”, and then do not attempt to describe what it is or why companies are using it. The common definitions and explanations of cloud computing are very complex in describing a relatively simple concept, storing data and applications somewhere else. While eDiscovery can be challenging enough, clients using “the cloud” will add another level of complexity to the process, but it is manageable. From an eDiscovery perspective, this means that the ESI isn’t “there.”

What is Cloud Computing?

“Cloud Computing” is defined by Wikipedia.org as Internet (“cloud”) based development and use of computer technology (“computing”). In concept, it is a paradigm shift whereby details are abstracted from the users who no longer need knowledge of, expertise in, or control over the technology infrastructure “in the cloud” that supports them.

I hope that clears things up for you. Now you understand why the commercials are so abstract. I define “cloud computing” as “a very large and successful marketing initiative to sell the idea of storing applications and data somewhere else.” From the viewpoint of a company, it is appealing from a financial perspective to add computing power, application upgrades, and data storage without the need for large capital investments. In addition, cloud computing can prevent additional operational costs required to employ additional IT professionals to support the growth of the technical infrastructure.

With all of the confusion surrounding cloud computing, the fact is many of you have or are currently using it. The truth is, the basic concept and operational features of cloud computing have been in place for years. Google’s Gmail and GoogleApps, Microsoft’s Hotmail, Salesforce.com, and YahooMail! are simple examples of cloud computing. Another great use of cloud computing are Internet backup services such as Carbonite.com.

When Electronically-Stored Information Isn’t “There”

If your eDiscovery vendor has given you the ability to remotely search and review electronically-stored information (ESI) that could be relevant to your case, that too is cloud computing. While your clients may be using cloud computing in different forms and none should be ignored, there are two specific uses that legal professionals need to pay very close attention to in eDiscovery: email and backups.

So how do you deal with ESI that is “in the cloud”? The simplest analogy for attorneys is to treat it like paper. For some of your clients, all of their paper documents of relevancy may not be stored in their facilities. They may rely on vendors like Iron Mountain to handle or assist with their records management and storage of paper documents.

While the methodologies and tools will differ, the strategies for obtaining paper documents from a vendor such as Iron Mountain are the same as retrieving email from Google. The information isn’t “there” and additional efforts will be endured to obtain it. The success in obtaining ESI from the cloud will depend on the technical expertise that you have assisting you. The truth of the matter is, even if ESI is stored somewhere else, it belongs to your client and information of relevancy may need to be reviewed and produced in litigation.

As explanations vary from source to source, cloud computing is one of the most confusing marketing initiatives in the information technology field. Remote applications and storage have been used for years and the substantial product offerings will continue to evolve. Whether email or data backups, it is likely that you will encounter a situation in which your client has, or you are requesting, ESI that is stored in a cloud-computing platform. Rest assured that the “cloud” is not falling; it will just require some additional expertise to identify, preserve, process, and review the information that has potential relevance to your matter.

Posted in Electronic Discovery | Tagged | Leave a comment

Computer Forensics in Employment Defense

By Bill Dean | Published: March 10, 2010

Due to the massive layoffs our country has experienced through this recession and the inability for much of that workforce to obtain new jobs, employment litigation is currently a focal point for attorneys representing employers. There are many standard practices that employers should follow when terminating an employee, but one of the most valuable steps is often overlooked. The potentially most valuable resource to defend employment matters could be the company issued phones and computers. With the proper acceptable computer usage policies in place, the digital evidence in the employer’s possession could contain the information needed to successfully defend the suit.

For the majority of today’s workforce, the lines between business and personal lives no longer exist. The majority of employees today work during their personal time and conduct personal business while at work. The primary tool for work and personal activities is technology of some flavor. Until recently, it was routine for employees to conduct personal conversations primarily via email, both using the company email system and personal email accounts typically not logged by the company (Gmail, Hotmail, etc).

Social Media

However with the recent explosion of social networking sites, email is now combined with Facebook, MySpace, and Twitter communications just to note a few. If you currently have a Facebook account, you can test this theory. Analyze the times of status updates for your Facebook “friends” and note the times of the posts. Or simply look to see who is online with the Facebook system during periodic times during the workday.

I want to be clear that this is not an indication of someone’s dedication to his or her work, but the culture shift. It is likely that those with even those with the most stringent work ethic will participate in these activities during business hours, the lines between work and personal lives are eroding. Combining email and social networking sites with detailed Internet activities, research, personal pictures, and other activities performed on their work computer or mobile phone may provide an unintentional diary that will aid in your employment litigation matters.

Now that the stage has been set for the value of digital technology in employment litigation, let’s be sure the appropriate paperwork is in place. As case law has demonstrated, just because the company owns the asset that this information is located does not necessarily guarantee that it can be accessed and reviewed. As the “Time to Review Corporate Computer Policies” article in this newsletter states, companies need to be certain that the appropriate acceptable usage policies for corporate technology is in place before issues arise that will benefit from leveraging this information. The above mentioned article outlines three good examples of “loopholes” in the policies that prevented crucial information from being leveraged in employment matters and provides tips for tighten up the policies for your clients.

With everything in place, let’s apply digital forensics to routine employment litigation.

Employment Litigation in Action

Let’s start with a sexual harassment case in which the plaintiff accused a superior of sexual harassment and filed suit. Leveraging digital forensics discovered thousands of Facebook chat messages, Internet activity, and deleted emails with pictures attached confirming that the relationship was mutual and that the superior had actually tried to end the relationship numerous times. Read More »

Posted in Computer Forensics, Electronic Discovery, Social Media | Leave a comment