Hello E-Discoverers!

Welcome to EDEN’s “E-Discovery in the News,” our new blog series where we examine real life court cases and see how e-discovery played a role.

Throughout this series, we will be interviewing EDEN members with subject area expertise.  We are interested in speaking with all of our EDEN members with a certain area of expertise: attorneys, litigation support professionals, computer forensic experts, paralegals, and more.  If you would like to participate, please contact Carl Powers (cpowers@edenhub.com).

(Story Found in New York Times, official court document)

E-Discovery processes may have helped to save Citadel, a Hedge Fund in Chicago, from a breach of security that could have jeopardized their entire operations.

In late March 2010, Citadel’s internal monitoring systems alerted management of unusually high levels of activity originating with the user account of Yihao “Ben” Pu, a Quantitative Engineer at Citadel assigned to work on the development of Citadel’s proprietary trading strategies.

When questioned regarding the activity, Mr. Pu’s response was that he had merely uploaded music and academic documents onto his phone.  However, this didn’t really jibe with the activities detected.  Citadel’s internal investigation established that Mr. Pu had secretly created two “virtual machines” on his Citadel computer running Ubuntu Linux, which permitted Mr. Pu to bypass strict security protocols at Citadel barring data transfer to external devices.

With Citadel on to him, Mr. Pu had to figure out what to do with the electronic evidence of his activities, namely hard drives from his home computers to which he had been transferring the Citadel data.  Launching into full “Lorraine Bracco from Goodfellas” mode Mr. Pu desperately tried to get rid of the evidence.  Unlike cocaine, though, you can’t flush hard drives down a toilet.  So, Mr. Pu did the next best thing: he worked with one of his coworkers to erase the hard drives and dump them in a canal.  Aware of the need to cover their tracks, Mr. Pu and his accomplice resorted to communicating via prepaid, disposable mobile phones in classic movie gangster style.

Read more »

Due to popular demand, EDEN now offers opportunities to partner with EDEN for mobile phone forensic services.   We invite EDEN members to read below and learn how to offer your existing clients leading mobile phone forensic services.

The Electronic Data Extraction Network (EDEN) has partnered with Blank Law + Technology, a Seattle-based law firm and computer forensic expert, to provide mobile phone forensic services to the wider EDEN community.

Why EDEN?

EDEN is your trusted and reliable partner or referral source.  EDEN supports – and does not undermine – your customer relationships.  EDEN will ensure that the job is done right, every time.  EDEN’s work is technically and legally defensible, and will stand up in court.  Finally, as a valued EDEN member, each of your referrals entitles you to a $150 referral fee.

How do I partner with EDEN for mobile phone forensic services?

EDEN is flexible in our partnership arrangements, and we are available to support our EDEN members in a number of ways.

We recognize that the equipment necessary to conduct a thorough, forensically sound mobile phone investigation can be expensive.  If you do not have the necessary equipment, we can refer you to Blank Law + Technology’s forensic experts.  The team at Blank Law + Technology supports clients with a decade of experience in computer forensics and a record of hundreds of successful investigations. Read more »

This is a continuation of the Digging for Dirt: E-Discovery Tools All Lawyers Should Know article by guest contributor, Eric P. Blank, Esq. 

Part 3: Computer Forensics Tools

As an attorney, you are not expected to know how to operate the tools that help IT professionals mine for information, just as you are not expected to know how to operate a 40-ton excavator.  However, you will get along much better with the person doing the actual work—and be much more aware of potential benefits and pitfalls—if you have some basic familiarity with the equipment’s capabilities and don’t just stand there staring.  Spend some time learning.  To get started, here are some common e-discovery tools:

Five Tools Every Investigator Should Know:

1.       Keyloggers.  Available as hardware or software applications, keyloggers record users’ keystrokes.  As a legitimate tool, keyloggers are important quality assurance aides in software development and customer service.  On the dark side, keyloggers record passwords, login names, bank account and credit card numbers, websites visited, etc. 

2.       Web Filters.  Many companies use web browsing security applications, either a Cloud-computing service or through installed software or hardware.  Web filters screen for viruses and are useful security tools.  However, sophisticated filters also limit internet access and log internet activity, including time spent on the internet, sites visited, data transferred, and even search terms.  Simple user tools pull up this information on a user-by-user basis. Read more »

This is a continuation of the Digging for Dirt: E-Discovery Tools All Lawyers Should Know article by guest contributor, Eric P. Blank, Esq. 

Part. 2: Sources of Electronically Stored Information

To be an effective attorney in the 21^st Century, you must be computer literate.  You do not need to be able to program computers, or assemble them, but you must at least understand the basics of electronically stored information and networks.  In the paper world, you did not need to know how to type, but you did need to understand that some documents are typed, and others are handwritten.  To represent your clients effectively today, you must understand how employers and employees generate and preserve electronic information. 

Every company is a little different; each company has its own unique software, protocols or processes that will affect where you should look for data.  At the same time, every company is a little bit the same.  So, you should be comfortable starting off with:

Five Places to use computer forensics (and what to look for):

1.       Employee Workstation/Laptop.  Look for live files, including user-archived email messages and attachments, with full metadata (author, creation date, last access date, last written date, etc.); Office-type files; internet files, including internet mail files (think Gmail or Hotmail) and attachments; deleted files; fragmentary files; files from slack space, drive free space and unallocated space; drafts and redlines; computer usage patterns, including identification of internet mail, internet surfing/downloading patterns, file copying and download behavior, print and save destinations; login/out times; password identification and extraction; and the presence of suspicious files.

2.       Business Cell Phone/Blackberry/PDA.  Look for email and Office-type files; contacts; calendar; pictures and video; suspicious applications (like packet sniffers); internet browsing history; data movement; geolocation information (from radio signal or cell tower logs); text messages, both live and deleted; password information. Read more »

EDEN is happy to introduce Eric P. Blank, Esq. as this week’s guest contributor to the Slack Space blog. 

Eric P. Blank is the founder and Managing Attorney of Blank Law & Technology P.S. (formerly Blank & Associates P.S.).  Mr. Blank has conducted hundreds of investigations into computer and software-related torts and employee misconduct.  He has provided defense and prosecution on an expedited basis of intellectual property claims, and the release and protection of new products.  Over the past several years, Mr. Blank and the other employees of Blank Law & Technology have counseled companies ranging from new businesses to a host of major corporations located across the United States and Canada and throughout the world.  The objective for each representation is the same: to provide insightful, dedicated, creative and efficient solutions that help clients succeed.  You can learn more about Mr. Blank and Blank Law & Technology at www.digital-legal.com.

(Editor’s note: This article was included with the written materials at the 2010 ABA Labor and Employment Law Conference in Chicago, and it was also included in a recent King County Bar Association seminar about Investigating Workplace Complaints.  This article and its predecessors are Mr. Blank’s original work in all respects.)

Part 1: Electronic Information in the Workplace

Whether we—or they—like it or not, the connected workplace is overflowing with information about employee behavior.  Much of this information is available to employers without a lawsuit, without a subpoena, and by simply pushing a few buttons on a computer’s keyboard.  In fact, enormous volumes of data describing employee conduct are visible to information technology personnel who are just doing their jobs.  Websites that employees are visiting, and for how long; passwords to private areas; destination and content of email messages; file downloading and uploading patterns; text messaging humor; and the logistics of intraoffice romances all travel through machines and storage areas that are examined, as part of normal operations, by IT personnel at all levels.  These facts have created the ridiculous but universal IT culture of “don’t ask, don’t tell,” in which IT personnel pretend not to see evidence of employee conduct when managing email accounts or sweeping computers for viruses.  Read more »

Yesterday, EDEN launched the new EDEN E-Discovery Community group on LinkedIn.

The EDEN E-Discovery Community is a forum for:

• project referrals
• opinions on important e-discovery topics, and
• discussion about technical standards

We look forward to hearing your opinions about popular e-discovery debates.  Today’s topic: is it reasonable to expect custodians to self-collect data?  Do you always need an expert?  We want to hear what you think!

Additionally, the group is open to the public and is a great resource for project referrals.  If you’re looking for a technician in a certain city or a subject matter expert, the group’s discussion board may be able to help you find the right fit.

We invite you to join the EDEN E-Discovery Community group on LinkedIn and join the conversation!

Okay, the title for this post may be a bit of a joke, but it’s also our way of making a point.  E-discovery is full of acronyms, and these can be a challenge to professionals new to the industry.

In looking at the companies and individuals who make up EDEN’s membership base, one word comes to mind: diversity.  EDEN members are not only diverse in their e-discovery education and background, but also in their industry vertical.  It can be challenging when trying to have an attorney or paralegal speak the same language as a CIO or network engineer.  For this Slack Space post, we wanted to list some of the most frequent acronyms you might come across in both the legal and technical vernacular of e-discovery.  Have any additions or an acronym that has been stumping you?  Please let the EDEN community know! 

COC – Chain of Custody

DAT – “Data” file type, very common in database load files Read more »

EDEN welcomes members from a diverse range of industries.  Each month, we update our Member Spotlight page  to showcase some of our newer members from around the nation. 

This month, we spotlight Firm Forensics.  Firm Forensics offers discrete, highly personalized, case-specific forensic analysis and litigation support services for law firms and corporate clients.  Their areas of expertise is fraud, computer forensics, and electronic discovery.  Firm Forensics assists in the investigation, handling and prosecution of computer-related crimes or misuse.

To see our other spotlight members, visit our Member Spotlight page.  If you are interested in sharing some of your company’s information with the EDEN community, please contact Cathy Lopez at clopez@edenhub.com or 877.837.7147.

Over the past 18 months, the Electronic Data Extraction Network (EDEN) has been hosting educational webinars about electronic discovery and computer forensics.  Topics have included Fundamentals of E-Discovery, Common Sources of ESI, Mobile Phone Forensics and Backup Tapes 101. 

EDEN had over 800 participants during the webinar series, including current EDEN members, lawyers, paralegals, IT service providers, law enforcement officials, government representatives and cloud computing providers.  Several organizations have participated as well, including Amazon, LEGO Systems, MetLife, RenewData, Hartford Insurance, FTI Consulting, Merrill Corporation, Delta Airlines and Bank of America.  Feedback included:

“As a paralegal it is my job to be educated for my attorneys, and this webinar was extremely helpful.  I had no idea how much ESI can be found on a mobile phone.”

“The use of the funnel to explain the e-discovery process was one of the better examples I have seen in the industry.”

“I have spent my entire career in IT and want to further my e-discovery education.  I found the presentation to be terrific.”

The team at EDEN definitely appreciated the feedback, and listened closely.  Based on comments and requests to introduce more advanced educational opportunities, EDEN is happy to announce 20 new e-discovery webinars for the end of summer and fall. 

Read more »