1 / 33

Computer Forensics - Why it Makes Sense

Computer Forensics - Why it Makes Sense. Presented by: Craig Reinmuth CPA,CFF, MST, EnCE President, Expert Insights, P.C. Scottsdale, AZ (480)443-9064 www.expertinsights.net. Overview. Distinguish “E-discovery” from “Computer Forensics” Using CF in every stage of litigation process

lewis
Download Presentation

Computer Forensics - Why it Makes Sense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Forensics - Why it Makes Sense Presented by: Craig Reinmuth CPA,CFF, MST, EnCE President, Expert Insights, P.C. Scottsdale, AZ (480)443-9064 www.expertinsights.net

  2. Gammage & Burnham P.L.C.

  3. Overview • Distinguish “E-discovery” from “Computer Forensics” • Using CF in every stage of litigation process • Benefits of Pursuing/Risks of Not Pursuing CF • How to Convince Your Clients to Use CF • Where to Look: Computer forensics is now “Digital” Forensics • Case examples throughout

  4. ESI Build UP – Recent Landmark Cases • Zubulake – “Virtually all cases involve the discovery of electronic data”; attorneys to educate their clients on e-discovery • Qualcomm – Attorneys also face sanctions; risked losing license/livelihood • Pension Committee of U of Montreal defining “negligence” for purposes of sanctions • 323 e-discovery decisions in 2010 (including every Federal District) * * Based on year-end study by Gibson Dunn

  5. 93% of information is created on computer

  6. Litigation Support Services E Discovery

  7. Computer Forensics(Beyond E-Discovery) Programs – when run Operating system changes CD Burning Activity Internet Browsing History File signature/renaming Recover web-based email Social Networking data On-line chatting data All ESI (cell phones, PDA, etc) • Recover/analyze deleted files; search unallocated space • Uncover spoliation • Detect use of external devices/USB history logs • Recent files • Determine user intent/ Timeline analysis • Review “restore points” • Documents printed/when

  8. Sample USB Report Arizona State Bar

  9. Computer Forensics(Beyond E-Discovery) Programs – when run Operating system changes CD Burning Activity Internet Browsing History File signature/renaming Recover web-based email Social Networking data On-line chatting data All ESI (cell phones, PDA, etc) • Recover/analyze deleted files; search unallocated space • Uncover spoliation • Detect use of external devices/USB history logs • Recent files • Determine user intent/ Timeline analysis • Review “restore points” • Documents printed/when

  10. Case Example – Without Digital Forensics • 7/14 (evening) Human Resource Department receives email from EE indicating he/she wants to meet with boss the next day • 7/15 Terminates employment

  11. Timeline with Computer Forensics • 6/6 Warm fuzzies re: business r/ship (gmail) • 6/11 Go to social event together (gmail) • 6/15 Forwards resume to competitor (gmail) • 6/17 Competitor invites EE to meeting on 6/19 (gmail) • 6/19 EE attends meeting at competitor office (gmail) • 6/20 (Sat) Install 1TB Backup storage device (USB) • 6/20 Accesses company projects on server(recent) • 6/20 (eve) Accesses company projects on server(recent) • 6/20 (eve) Goes to Google documents account (cookie) • 6/21 Apple computer in EE possession (deleted email) • 6/22 Proprietary project files sent to competitor (gmail)

  12. Timeline with Computer Forensics (continued) • 6/22-6/28 Employment negotiations (gmail) • 6/25 EE connects USB thumb drive in LT (USB) • 6/25 EE accesses server/files from home laptop (recent) • 7/8 EE connects card reader for first time (USB) • 7/8 Empties trash (recover deleted files) • 7/14 (evening): • EE connects same backup drive to laptop (USB) • EE accesses project files from server (recent) • Email indicating EE wants to meet with boss (gmail) • EE communicating with b/friend re: computer on BB (phone) • EE access web mail account; forwards “opportunities” file (internet activity) • 7/15 Terminates employment (from client)

  13. Computer Forensics(Beyond E-Discovery) Programs – when run Operating system changes CD Burning Activity Internet Browsing History File signature/renaming Recover web-based email Social Networking data On-line chatting data All ESI (cell phones, PDA, etc) • Recover/analyze deleted files; search unallocated space • Uncover spoliation • Detect use of external devices/USB history logs • Recent files • Determine user intent/ Timeline analysis • Review “restore points” • Documents printed/when

  14. Defense Side Computer Forensics • Is your client telling you “the whole truth” • Be Proactive • Up-front strategy • Information on your clients’ computer they did not put there • Assist with demands of opposition • Turn claims into counter claims • Working knowledge of case law • Rebuke opposing experts’ credentials/methodology/findings • Deposition line of questioning

  15. Computer Forensics is nowDigital Forensics

  16. Smartphones (Blackberry, Droid, iphone) On the Device Other items uncovered Remote access programs (e.g. Log Me In, VNC, Homepipe) Web based email – specific providers Where else to go to get info • Call logs • Text/Instant messaging • Pictures • SIM card information • Emails and attachments (e.g. Outlook) • Phone directories • Internet history • GPS tracking

  17. Cellphones and Pictures

  18. Smartphones (Blackberry, Droid, iphone) On the Device Other items uncovered Remote access programs (e.g. Log Me In, VNC, Homepipe) Web based email – specific providers Where else to go to get info • Call logs • Text/Instant messaging • Pictures • SIM card information • Emails and attachments (e.g. Outlook) • Phone directories • Internet history • GPS tracking

  19. iphone GPS Tracking

  20. GEO Logging – GPS tracking

  21. Computer Forensics is nowDigital Forensics

  22. Computer Forensics is nowDigital Forensics

  23. Get Head Into the Clouds!

  24. Cloud Computing

  25. Cloud Computing Tools MegaUpload Yousendit Idiskme Carbonite ibackup My account Idrive Kineticd Datadepositbox Flipdrive…… • MyDropbox • Docs.google • Skydrive • 4shared • Box.net • Mozy • Streamload • Drop.io • Livedrive • sugarsync

  26. HomePipe Remote Access

  27. Social Networking Obtainable Data

  28. Computer Forensics in Each Stage of Litigation Process Testimony Case Strategy Discovery Analysis • Data preservation • Identify Electronic Evidence Sources • Assist with Cost/ Benefit Discussions with Clients • Interrogatory assistance • Avoid Exposure to Sanctions • For defense, view what is/is not on computer • TRO • Attend Meet and Confer • Types of Electronic Evidence to Request • Secure Collection & Preservation • Detect use of Storage Devices/ Data Downloads • Motion to Compel • Opposing Expert – • Deposition/Rebuke • Findings • Attend meetings with Judge • Getting all data needed to represent client • Determine user intent • Restoration of • Deleted Files • Review all relevant ESI • Printing/burning activity • Internet activity • Spoliation of Evidence • Knowledge of case law • Defendable Reports • Understandable Testimony • Integrity of Data • Vulnerability Assessment • Opposing Expert Cross Examination • Prior Experience Reputation Arizona State Bar

  29. How to Convince Your Clients to Use Computer ForensicsZubulake – “Virtually all cases involve the discovery of electronic data” • Getting the data needed to represent your properly represent clients • Enhance Chances for Winning • Avoid exposure to sanctions (at client and attorney level) • Case dismissal potential • Professional fees potentially paid • Potential for turning claims into counterclaims

  30. Summary • ESI/E-discovery/Computer Forensics are here to stay • Benefits of pursuing can far outweigh risks of not • Should be considered in all types of litigation (including Defense) and at every stage • Consider all locations for computer/digital information • The technological world continues to evolve • Smartphones are mini-computers and data sometimes does not go any further than palm of the hand • Cloud computing is here to stay and will grow in size • Recall example presented and the types of information that can only be obtained via computer/digital forensics

  31. Expert Insights Dependable Defensible

More Related