Forensic data collections are expansive. They can be anything from a single email account or cell phone to all the computers of upper management in a large corporation. Regardless of size, they all need to be collected in a safe forensic manner. You might ask why it matters how it is collected. If the document, email, database or folder can be read, then what is the worry? The worry you should have is admissibility in court.
Let us help you ensure the facts you need can be used in court. The Importance of Defensible Forensic Data This is done by looking at the metadata. When data is not collected in a forensically sound manner, you inherently change the metadata, whether you mean to or not. Once opposing counsel objects because of spoiled metadata, it is out, and sanctions and/or summary judgment on your case can be right around the corner. Data collections need to be performed by an independent third party. Having your client’s IT staff collect the data can present a conflict of interest, and it’s likely they do not possess the tools and skills to do this properly. Making sure the data is collected correctly is key to finding and using deleted data in your case. Problems in Forensic Data Collections
We’ve broken down six ways that forensic accounting and digital forensic experts can help your litigation case. How to Properly Collect Forensic Data On-site collections are the most standard form of forensic data collections. This is going on-site to collect data directly from laptops, servers, desktops and cell phones. Everything should be collected in a sound court-approved manner. This is normally done for larger collection batches of data. Remote collections are collections much like an on-site collection, only smaller in nature, which allows them to be performed remotely, thus saving you money. In order to perform remote collections, the third party will need to work with your IT staff to gain secure access to the network. Targeted collections are a collection of data performed either on-site or remotely for a specific set of data. This can be done by collecting a set of data by a certain time period or folder. This is best if you know exactly what it is that you need to be collected. Cloud collections are forensic data collections that require harvesting data from cloud storage areas. This would include Gmail, Yahoo, Hotmail, Dropbox, Google Drive, etc. It is possible to forensically extract cloud-based data for use in court. Social media forensic data collections have become more and more relevant in both civil and criminal cases. This is forensically collecting from Facebook, Twitter, Instagram, YouTube, to name a few. Mobile device forensic data collections are the collections of cellphones and tablets. Multiple tools are available for collecting from thousands of different types of mobile devices. Deleted text messages and other social media are among a few of the types of items that can be retrieved from cell phone forensic collections. Culled forensic data collections are the combination of any of the above-listed collection methods, but with the ability to cull only the responsive data while the collection is taking place. Culling data is the practice of narrowing a large data set into a smaller one for review, based on specific criteria such as dates or keywords. The Role of Deleted Data in Litigation Preservation Letter
Analyzing the Data Deleted data can reside in multiple places on a computer. It's important to find it and be able to explain why it was found in a certain area of the computer. Piecing together the puzzle can go rather quickly in many circumstances. Today, computer forensic software has evolved to allow the examiner to perform multiple tasks in a fraction of the time it used to take. Deleted data can uncover photos, videos, previous versions of documents, web history, chat logs and even deleted text messages. Presenting the Data A Lawyer’s Duty of Technical Competence What is the attorney’s role when it comes to data collection and technical competence? Fundamentally, an attorney’s ethical duty is to provide competent representation to his or her client. In maintaining competence, an attorney “should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology .”
A basic understanding of technology used in the practice of law Model Rules of Professional Conduct: Rule 5.3 Hiring an attorney who can navigate relevant technology is in a client’s best interest. The duty of technological competence does not mean an attorney or their paralegal needs to become a technology expert, but it does require basic understanding of the technology they use to practice law and the technology employed by their clients in legal matters. They also need to understand the electronic risks and benefits afforded by those pieces of technology. It is unlikely that technology will take a break from revolutionizing our world, and one can only expect that the required proficiencies for lawyers will also continue to grow. Just as the public seeks legal advice from a qualified attorney and not their legal assistant, a trained and vetted computer forensic expert can explain, for example, how or if documents were securely preserved and untampered. Utilizing Forensic and Digital Data in a Court Case Ensuring clients are satisfying their disclosure requirements as well as making sure opposing parties or third parties are preserving relevant documents is crucial to success. Common items such as internet history, deleted text messages, phone apps and social media all play a large part in a litigation case. |