A recent article on Law.com (part one of a seven part series) discusses the importance of legal holds for the preservation of electronically stored information (ESI) and other documents.

Why are courts placing so much emphasis on this ministerial step in preservation of issuing a written litigation hold? It appears that patience is running thin for lost ESI in federal court. More importantly, ignorance of litigation hold requirements is no excuse. Also, the days of he-said-she-said litigation hold arguments are numbered. Courts want to see a transparent and credible process by simply looking at a few documents such as the written hold notice, distribution list, follow-up interview reports or logs, as examples.

As articulated by Judge Scheindlin in Pension Committee v. Banc of America, courts definitely do not want to wade through stacks of motions papers and days of hearings to determine if preservation efforts were sufficient to prevent the destruction of ESI and other documents. As a result, it is imperative for an organization to have in place a litigation hold policy and adequate procedures necessary to avoid going down the litigation “detour” of discovery sanctions motions.

via Law.com – Step 1 for Legal Holds: Trigger Events.

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics’ CIO, Andrew Hoog, earns Certified Computer Examiner designation

Chief Investigative Officer of viaForencis, Andrew Hoog, recently obtained his (CCE)® certification from the International Society of Forensic Computer Examiners

Chicago, Feb 19, 2010 –  The CIO of the computer/mobile forensic and e-discovery firm viaForensics, Andrew Hoog, has earned the Certified Computer Examiner (CCE) designation awarded by the International Society of Forensic Computer Examiners, an internationally recognized professional organization dedicated to upholding standards in the computer forensics community.

CCE certification is awarded to individuals who demonstrate knowledge and proficiency of skills related to the practice of digital forensics. Applicants for certification must complete an approved amount of training or professional experience and pass a four-part test.

Mr. Hoog adds this recognition to his list of credentials which includes the Global Information Assurance Certified Forensic Analyst (GCFA) designation and membership in the International High Technology Crime Investigation Association (HTCIA).

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

# # #

Legal Informatics Blog posted a couple of interesting developments in the e-discovery world:

National, Case-Based Civil Rules Survey: Preliminary Report to the Judicial Conference Advisory Committee on Civil Rules (October 2009)
<snip>
Second, this month the United States Court of Appeals for the Seventh Circuit launched an Electronic Discovery Pilot Program, and published a Statement of Purpose and Preparation of Principles (Oct. 1, 2009) respecting that program.

via eDiscovery Developments in US Federal Courts « Legal Informatics Blog.

The Litigation Manual “What Works: Evidence from a Trial Judge’s Perspective” Click the link below.

The Litigation Manual: First Supplement – Google Books.

The Volokh Conspiracy has a nice article discussing District Judge William K. Sessions III ruling compelling a defendant to decrypt his hard drive for an investigation against him.  The defendant tried to invoke Fifth Amendment protection against self-incrimination however Judge Sessions ruled his prior compliance in the investigation rendered the protection invalid:

“Where the existence and location of the documents are known to the government, “no constitutional rights are touched,” because these matters are a “foregone conclusion.” Fisher, 425 U.S. at 411. The Magistrate Judge determined that the foregone conclusion rationale did not apply, because the government has not viewed most of the files on the Z drive, and therefore does not know whether most of the files on the Z drive contain incriminating material. Second Circuit precedent, however, does not require that the government be aware of the incriminatory contents of the files; it requires the government to demonstrate “with reasonable particularity that it knows of the existence and location of subpoenaed documents.”

Boucher accessed the Z drive of his laptop at the ICE agent’s request. The ICE agent viewed the contents of some of the Z drive’s files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive “adds little or nothing to the sum total of the Government’s information” about the existence and location of files that may contain incriminating information. Fisher, 425 U.S. at 411.

Boucher’s act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the Government with access to the Z drive. The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication.

Because Boucher has no act of production privilege to refuse to provide the grand jury with an unencrypted version of the Z drive of his computer, his motion to quash the subpoena . . . is denied.”

via The Volokh Conspiracy – District Court Overturns Magistrate Judge in Fifth Amendment Encryption Case:.

The following is my often updated list of forensic resources I frequent on the web:

Tools

• Computer Forensic Resources
• Open Source Forensic Tools

Weblogs

• Windows Incident Response

General

• The Electronic Evidence Information Center

I stumbled across a searchable database of e-discovery case law and have left it open in my Firefox tabs for weeks now.  I’ve done a few preliminary searches and found it interested.  The site seems to be maintained by a large law firm (K&L Gates) and through a blog site they maintain called Electronic Discovery Law.  From their excerpt about the database:

“Search hundreds of cases collected from state and federal courts involving electronic discovery issues by keyword, or by any combination of 28 different case attributes, including on-site inspection, format of production, allegations of spoliation, or involving data that is “not reasonably accessible,” etc.”

Hope you find this resource helpful and kudos to the team at K&L that support this.