Preserving Electronic Evidence for Trial: A Team Approach to the Litigation Hold, Data Collection, and Evidence Preservation 0128093358, 9780128093351
The ability to preserve electronic evidence is critical to presenting a solid case for civil litigation, as well as in c
304 93 6MB
English Pages 192 [194] Year 2016
Table of contents :
Cover
Title Page
Copyright Page
Dedication
Contents
Author Biographies
Introduction
Chapter 1 - Your Critical Task: Learn Another Language
A Computer forensics expert looks at legalese
The Civil Lawsuit—A Pretrial Tour, with Vocabulary
The Litigation Process, Word by Word
The real first step—the triggering event
ESI in the Rules, or How to Aggravate the Judge
Keeping it in Proportion, Round 1: Training
Keeping it in Proportion, Round 2: the Price of Compliance, or Not
Chapter 2 - Preserving, Not Corrupting—Hold It!
How far does preservation stretch? information versus evidence
The Hold Notice—A Brief Introduction
A historical footnote
In the Present, Spoliation Versus Integrity of Evidence
Bad Acts: Examples from Reported Cases
Destruction by Omission
Destruction by Commission
Experts (Or Not)
In-house IT Employees
Outside IT “Consultants”
Outside IT Litigation Consultants
The Other Route—Destruction with Permission
Curative Action and Sanctions
The General Theory—Courts Must Maintain Their Integrity
The Balancing Act
The Hammer Falls
The Cell Door Slams, Occasionally
Each Attorney’s Independent Preservation Duty
The Key to the Hold Notice: Name the Key Players Asap
More Thoughts About “Keys” to an Effective Hold—The Wider View
Zubulake, Pension Committee, Rimkus and More
Zubulake (I–V)
The 2006 Rules Amendments on ESI
Pension Committee
Meanwhile, in Texas: Rimkus
Chin v. Port Authority—A Clarification
The Rules—Contemplating Amendment, Again
And, back in the courtroom—Sekisui American
The Rules Amendment Process, Again—Looking Forward From Dec., 2015
Chapter 3 - Incident Response While Avoiding Evidence Disaster: The Team
The Team: Functional and Procedural Issues
Securing ESI Repositories: A Brief Consideration of the Dark (Criminal) Side
When to Act in Criminal Incidents: When There is Suspicion of Misconduct
Internal Misconduct by an Individual or Group (Whether Criminal or Not)
Other Criminal Misconduct, Fraud, etc., by an Individual or Group
When Something is Wrong and the Origin is Unknown: Log Access is Critical
When Immediate Action is Needed
When Criminal or Civil Litigation is Likely: Expanding the Team as Needed
When Litigation is in Progress
Who Needs to Act: Whoever Handles the Problem is on the Team
Information Technology Personnel
Human Resources Personnel
Financial Personnel
Other Management Personnel
The Lawyers
In-House Counsel Team—Lawyers Plus Paralegals
Litigation Counsel Team—Lawyers Plus Paralegals
The Digital Forensic Expert or Consultant
Other Expert Consultants and Expert Witnesses
Preparing the Team
Planning—Prepare the Team for Various Situations Before Anything Happens
Identifying Key Team Positions for Various Situations
Training Individuals for Team Positions (Including Their Support Staff)
Pre-Crisis Forensic and Litigation Training—The Heart of a Successful Team
Identifying Outside Training Consultants, Especially the Forensic Consultant
Dedicated Internal Forensic Teams—Advantages and Disadvantages
Making Sure Everyone Knows Who’s Going To Do What in Various Situations
Team Members
Everyone Else
Chapter 4 - Understanding Information Systems
Introduction to the digital forensic world
Computer systems
Stand-Alone Computers
Computer Architecture
Evidence in Computers
Collecting from Personal Computers
Collected ESI Preservation
Best Practices for Data Collection
Networked Computers
Disaster Recovery and Continuity of Operations
Database Replication
Automated Replication
Network Metadata
Network Device Log Information
Servers
Small Enterprise Servers
Server Groups and Enterprise Computing
Distributed Computing
Mainframes and Large Scale Systems
Firewalls and Security Devices
Routers and Firewalls
Switch Traffic and Logs
Administrative Logs
Log Aggregation Tools
Chapter 5 - In Addition to the System—Other Devices
Mobile devices
Cell Phones and Tablets
Laptops and Industrial Portable Devices
BYOD—Bring Your Own Device Issues
Without predicting
Chapter 6 - Collecting Data
Understanding the systems in the organization: Information governance
Why system structural information is necessary—the data map
The People who Should Know
Identifying the Forensic Consultant and Internal Forensic Team
Data collection strategies, looking forward
Chapter 7 - Teamwork Prep for Data Management
Gathering Systems Operating Information for Digital Forensic Use
In-House Counsel’s Perspective
The Litigator’s Perspective
The Forensic Consultant’s Perspective
The IT Department’s Perspective
Data Inventories Management: What Data and Why
What is a Data Inventory and What Should it Contain?
Managing and Updating Data Inventories
Data Destruction Policies and Hold Management: Who Decides and Who Acts
Managing the Hold When Data Destruction is Suspended—Choking on Data
How long do we hold this data?
Regulatory Requirements and Industry Norms on Data Destruction
Personally Identifiable Information (PII) Restrictions
Data, Ready for The Team
Chapter 8 - Data Policies and Procedures—Get the Details
Understanding Specific Information for the ESI Preservation Process
In-House Counsel’s Perspective
The Litigator’s Perspective
The Forensic Consultant’s Perspective
Small, Large, Fortune 500 and International—The Economics of Structure and Scale
Delegation of Authority for Data Destruction Policies
Communicating with the Rank-and-File Employees
Business Operations (Policy versus Reality)—Who Knows What and Who Does What?
Departments or Divisions That Operate Autonomously
Divisions or Operations in Multiple States
Document the Day-to-Day Flow and Control of ESI
Who Has What Kinds of Devices, and Who Knows Where They Are?
Controlling Electronic Device Information—Three Issues
Information Entering Through Company Devices
Information Leaving Company Devices
Portable Devices: Phones, Laptops, Portable Hard Drives, and Transit Media
Dealing With Data Security and Classification
Data Security Procedures and the Litigation Hold
Data Classification—Preserving Value While Preserving Data for Litigation
Data Security in Employee-Related Incidents
Voluntary Termination
Company-Owned Devices: Collection and Inspection
Employee-Owned Devices at Voluntary Termination
Involuntary Termination Scenarios
Termination of Access to the System and Other Devices
Collection of Company-Owned Devices at Involuntary Terminations
Data Deletion from BYOD Devices
Special Personnel with Special Privileges
Chapter 9 - The Cloud and Other Complexities
Cloud Computing
Cloud Service Models
IaaS—Infrastructure as a Service
PaaS—Platform as a Service
SaaS—Software as a Service
Forensic Limitations and Challenges of Cloud Computing
Complex Environments
Software Defined Networks
Big Data
Internet of Things
It’s All Happening Right Now
Chapter 10 - Putting it All Together: When the First Alarm Sounds, Hold It!
The Critical Moment to Begin Preservation
Preservation Responsibilities—Avoiding the Fatal Pre-Litigation Error
Key Players—Revisiting the Concept
A Great Question That Has Already Been Answered For You
The Sedona Conference®
International Organization for Standardization (ISO)
Identifying the Scope of the Preservation Hold by Communicating Within the Team
The Litigation Hold Notice—Think Carefully, Act Quickly
Communicating From the Team to the Rest of the Organization—No Surprises
After the Notice: Executing the Hold and Preserving ESI for Analysis
Isolating Electronic Devices and Storing Data—CIO and IT’s Roles
Analyzing Electronic Information—Your Digital Forensic Consultant’s Role
Storing ESI Is Cheap—Stop Routine Storage/Destruction Procedures ASAP
Communication Between Counsel–The Team and Effective Use of Rules 26 & 34
The “Other” Hold Notice—When You Intend to Sue Someone
After the Hold, The Long View of ESI Analysis
Chapter 11 - The Rule 26 Meet-and-Confer—Your Best Chance to Control the ESI Exchange
Newly Amended Rule 26 Means What It Says
The Lawsuit Has Been Filed—Now Where Are We?
Another Brief Tour Through the Amended Rules
Stay Focused on the E-Discovery Goals
Keep Calm—The Seventh Circuit E-Discovery Pilot Program Has the Answers
The Team’s Pre-Meeting Strategy Session
The Meet-and-Confer: A Strategic Overview
What to Offer
As You Offer, You Also Ask
Accept No Excuses
Use Your Technical Knowledge to Support Your Legal Negotiations
No Delivery of ESI Content Without Metadata— When Paper is Not an Option
Going Native, or Not
The TIFF Trap—Don’t Fall Into It
The Operative Word is “Confer”
Search Terms—Think About Dispute Details, So ESI Searches Are Productive
Technical Oversight of E-Discovery Production
Preservation Orders—Be Quick, Be Precise
The Final Product of a Good Meet-and-Confer
Looking For A Form To Start From? A Few Resources
Chapter 12 - A Glance at International Issues—Never Assume!
International Issues in ESI Preservation and E-Discovery—A Very Brief Look
There Is Not Here—A Brief Consideration of Common Law and Civil Law Traditions
Common Law—A Shared British Heritage of the U.S., Canada, and the Commonwealth
Civil Law—The Codified Law is Comprehensive: Mexico and Other Non-British Countries
Cross-Border Transactions in General—Some Structural Considerations
A National Government or Its Agency May Be Your International Partner
Cross-Border Dispute Resolution: It’s In The Contract, Maybe
Discovery in International Arbitration
Discovery in International Mediation
Before the Contract Decisions, the Team Analyzes the Dispute Resolution Issues
Data-Related Cross-Border Issues: Personal Data Privacy Laws Are Serious
An Extremely Brief Survey of Some Countries’ Data Privacy Laws
Canada
Mexico
The European Union and its Member Countries
China
Japan
India and other Asian Nations
You Get the Idea—Ask First
Addressing Problems with the American Approach to Evidence
A Separate Issue: Company Operations Across International Borders
Multinational Corporations—Multiple Complexities
International ESI Issues—A Few Status Notes
Evidence Handling Issues in the Courtroom
Cross-Border Forensic Practices
Don’t Forget the Economics of Preservation
ISO E-Discovery Standards Are Now in Development—Stay Tuned
INCITS
E-Discovery Standards Issued and In Progress
The Triggering Event—Your International Team Is Ready
The Team Members Are Identified and Ready: Communication
Assessing the Skills Your Team Already Has—Don’t Assume
Sharing Team Leadership Cross-Border—A Great Idea
Conclusion
Resource Appendix
General resources
Publications
Organizations
Chapter 1
Publications
Chapter 2
Publications
Organizations
Blogs
Chapter 3
Organizations
Chapter 4
Blogs
Chapter 5
Blogs
Chapter 6
Organizations
Chapter 8
Blogs
Chapter 9
Publications
Chapter 10
Publications
Organizations
Blogs
Chapter 11
Organizations
Blogs
Chapter 12
Publications
Organizations
Blogs
Mexico Privacy Law
China Privacy Law
Subject Index
Back cover
![Computer Evidence: Collection and Preservation [2 ed.]
1584506997, 9781584506997](https://dokumen.pub/img/200x200/computer-evidence-collection-and-preservation-2nbsped-1584506997-9781584506997.jpg)
![Computer evidence: collection and preservation [2nd ed]
2009928938, 9781584506997, 1584506997, 158450708X](https://dokumen.pub/img/200x200/computer-evidence-collection-and-preservation-2nd-ed-2009928938-9781584506997-1584506997-158450708x.jpg)
