Electronic Evidence Joe Kashi Todays Program Types of - - PowerPoint PPT Presentation

▶

Dec 25, 2022 232 likes •378 views

Electronic Evidence Joe Kashi Todays Program Types of Electronically stored information Accessibility and effect upon discovery Where and how to find ESI ESI forensics and indicators of tampering Revised FRCP regarding ESI

SLIDE 1

Electronic Evidence

Joe Kashi

SLIDE 2

Today’s Program

 Types of Electronically stored information  Accessibility and effect upon discovery  Where and how to find ESI  ESI forensics and indicators of tampering  Revised FRCP regarding ESI  Some thoughts on authenticating photos  Demonstration of ESI forensic software  Electronic Brief demonstration

SLIDE 3

Electronically Stored Information (“ESI”)

 Used by revised FRCP as the “official” term of

art for electronic evidence FRCP 26,30,33,34,37

 ESI is pervasive

 recent studies conclude that ESI accounts for 93% -

to 98% of all original “documents”

 arguably, ESI is now the “best evidence”  Paper prints, though often easier to use in the

courtroom, are usually secondary copies

SLIDE 4

General Types of ESI

 Few original paper documents, mostly

signed or hand-written items

 Locally generated documents  Networks – local, enterprise, Internet  Personal Digital Assistants, i.e., Palm,

Blackberry, smart cell phones

SLIDE 5

Internet uploads and downloads

 Text, audio, video, photo, music  Personal web pages number in the tens of

millions; example “MySpace”

 Internet collaborative documents

 Usually free services  Example Google Docs

SLIDE 6

Third Party ESI

 Voice mail, typically stored on hard disks  Email, web hosting, Google Docs, usually

stored in about 4 locations

 Cell phones

 voice messaging  wireless video/photo/Email  GPS or cell tower locating

SLIDE 7

Non-computer ESI

 Fax and copier memory  Digital cameras and camcorders  Blackberry and iPod type devices  VHS, CD and DVD  Audio recorders

SLIDE 8

ESI - Is It Accessible?

 Critical distinction under new FRCP  If accessible, existence and location must be

disclosed as a matter of course during initial disclosures

 If not readily accessible, then other factors

become prominent, including whether to

rder discovery, sampling of records, and

cost-shifting

SLIDE 9

Accessibility depends upon media type

 Active data

 Easily accessed dynamic data that can change

r be lost due to ordinary use

 “Near line”

 Not everyday storage but can be mounted

and searched without too much difficulty.

 Examples: CD or DVD disks and backups,

portable hard disks, small USB “thumb” drives, digital camera memory cards

SLIDE 10

“Not Readily Accessible” ESI

 These may require significant effort to be

usable and searchable

 Examples:

 Backup tapes; each needs to be restored,

mounted and searched individually; often requires new hardware

 Old data or file formats not readable by

current software

SLIDE 11

Practical Guides for Trial Judges

 Guidelines for State Trial Courts Regarding

Discovery of Electronically Stored Evidence – Conference of Chief Justices, August 2006

 US District Court for the District of Kansas

pretrial order

 Zubulake and Coleman decisions  December 2006 revisions to FRCP  Sedona Principles

SLIDE 12

Preliminary Information

 Types of computer systems  How networked  IT personnel  How backed up and how often  Disaster Recovery Plans  Logging of activities – very useful  What programs are used?  File formats and data formats  What data is maintained and where

SLIDE 13

“Delete” does not mean deleted

 Persistence  Broad storage  Duplicative storage  Actually harder to discard than paper files  Automatic logging and System Registry  File fragments