in discovery
play

in discovery Sept. 25 th , 2019 1 People. Partnership. Performance. - PowerPoint PPT Presentation

Jul 16, 2023 •131 likes •670 views

San Diego ACC Paralegal Institute Forensics strategies for emerging data sources in discovery Sept. 25 th , 2019 1 People. Partnership. Performance. epiqglobal.com Slack Overview Account Types Collection Method Channels vs Direct

  1. San Diego ACC Paralegal Institute Forensics strategies for emerging data sources in discovery Sept. 25 th , 2019 1 People. Partnership. Performance. epiqglobal.com

  2. • Slack Overview • Account Types • Collection Method • Channels vs Direct Messages Slack • Limitations • Processing / Review • Recap with step-by-step collection instructions 2 People. Partnership. Performance. epiqglobal.com

  3. Slack Stats • Released in 2014 • 3 million paid subscribers • 8 million daily users • More than 1,500 apps in Slack directory • 5.1 billion corporate valuation 3 People. Partnership. Performance. epiqglobal.com

  4. What is Slack? 4 People. Partnership. Performance. epiqglobal.com

  5. Public and Private Channels Direct and Multi- party Messages 5 5 People. Partnership. Performance. epiqglobal.com People. Partnership. Performance. epiqglobal.com

  6. Free, Standard, and Plus accounts require the end users credentials to collect their account 6 6 People. Partnership. Performance. epiqglobal.com People. Partnership. Performance. epiqglobal.com

  7. Enterprise accounts can be collected from an administrator login 7 7 People. Partnership. Performance. epiqglobal.com People. Partnership. Performance. epiqglobal.com

  8. Free Slack Account Limitations 8 People. Partnership. Performance. epiqglobal.com

  9. Slack Export Features • The native export for Plus and Enterprise accounts creates a JSON file • The JSON file includes a link to the native but not the actual native file. • The JSON file format is not easily rendered into a reviewable format. 9 People. Partnership. Performance. epiqglobal.com

  10. Slack Collections • Best Practice tools: • Capture Direct and Multi-party Messages • Selectively capture Public and Private Channels • Download and extract metadata from attachments • Retains the parent-child relationship with attachments • Generate a native file of the message conversation • Export is load ready for Relativity 10 10 People. Partnership. Performance. epiqglobal.com

  11. Slack Collection Recap • Is the client using Slack Enterprise or Free/Standard/Plus versions? • If Enterprise, we can collect the custodian’s direct messages and channels from an administrator account. • If no, we need the custodian’s credentials. • Does the client have two-factor, SSO, or SAML authentication enabled? • Determine what Public channels need to be collected and from whom. • Determine if Direct Messages need to be collected and from whom. • Confirm if a date filter should be applied to the collection. • The collections typically takes 1-2 days to download with an additional day or so to process and generate a load file. 11 11 People. Partnership. Performance. epiqglobal.com

  12. Mobile Devices 12 People. Partnership. Performance. epiqglobal.com

  13. • Corporate Policy and Mobile Device Management Considerations • Overview of mobile devices collections Mobile • Potential issues to consider with Apple and Android devices • Reporting, review, and production of mobile data 13 13 People. Partnership. Performance. epiqglobal.com

  14. mobile device preservation and collection • Mobile device data is: • Easily altered / spoliated • Challenging preserving and collecting − Encryption − Third party messaging apps − Evolving and changing technology − Enterprise Mobile Device Management Software • Differs in format from traditional computer data collections • Constantly changing when connected to a cell tower or Wi-Fi network 14 14 People. Partnership. Performance. epiqglobal.com

  15. • Corporate Mobile Policies – Universal Considerations

  16. BYOD • Bring Your Own Device (BYOD) • Increasing popularity • Users mix personal and business data − Does a policy exist? − Does IT implement a Mobile Device Management software solution? − Does preservation of BYOD data exist? − Does device accessibility exist (for example, passcode management) − Has collection of intermixed data been addressed? o Third-party and affiliated parties such as board members 16 16 People. Partnership. Performance. epiqglobal.com

  17. BYOD How do you address the privacy concerns to limit what is reviewed? • How do you address the intermingled data issues? • − Can you selectively export the requested conversations? 17 17 People. Partnership. Performance. epiqglobal.com

  18. Example BYOD collection method Forensics consultant will collect the device using Cellebrite. • All collected data will be saved to an encrypted hard drive. • The consultant will open the collection in Cellebrite Physical Analyzer (PA). • The consultant will prepare a Cellebrite PA report of the requested SMS, MMS, and Chat (if • supported), along with technical device details such as the device IMEI and serial number. The report will be made in two formats: Microsoft Excel and Cellebrite UFED Reader format. The reports will be saved to two (2) separate collection drives. The consultant will perform a QC check on the Cellebrite reports with counsel to ensure only • the identified data types and technical device information are included in the reports. The consultant will take possession of the collection reports and start an electronic Chain of • Custody on the collection report drives. The consultant will hand the original encrypted drive with the full collection data to the • custodian (or counsel) for retention. Forensics consultant will only leave the collection site with the Cellebrite reports of identified • text message/chat thread data. 18 18 People. Partnership. Performance. epiqglobal.com

  19. MDM • Mobile Device Management Software • Used by organizations to control device use and security − Allows security policy to be managed centrally − Allows remote wipe − May allow for passcode change (usually causes wipe) − Potential to inhibit the ability to collect data − AirWatch,MaaS360, MobiControl, XenMobile, others 19 19 People. Partnership. Performance. epiqglobal.com

  20. MDM • Examples of MDM restrictions 20 20 People. Partnership. Performance. epiqglobal.com

  21. • Mobile Collections

  22. Mobile Device Collections • Mobile device must be isolated from cell towers and Wi-Fi (radio frequencies – RF) to prevent changes/destruction (remote wiping) • Special faraday boxes can be used to forensically maintain RF isolation • Airplane mode is a common method for RF avoidance (use caution) 22 22 People. Partnership. Performance. epiqglobal.com

  23. Mobile Device Collection Tools • Tools currently available at Epiq: • Cellebrite • XRY • Blacklight* • Mobilyze* • Oxygen Forensics* Across all products support for over 10,000 mobile devices • * Limited to iOS and certain logical Android collections 23 23 People. Partnership. Performance. epiqglobal.com

  24. Cellebrite Collection Method Overview Industry standard in mobile collections, • application decoding, forensic analysis, and advanced reporting. Apple iOS collections • − Advanced Logical Method 1 & 2 Android • − Physical (if supported) − Logical − File System (typically Android Backup) 24 24 People. Partnership. Performance. epiqglobal.com

  25. Collection Time Phone sizes have increased 10x • over the last five years with volume of text and chat messages growing at a similar rate. With the growth in device capacity, the time to collect a large phone is comparable to imaging a workstation at 3-5 hours. 25 25 People. Partnership. Performance. epiqglobal.com

  26. • Mobile Collection Issues to Consider

  27. Encryption Types • Encryption is becoming more popular on mobile device hardware, software, and on the application level. • Hardware/File Based − Blackberry, Android, and iOS • Software − iTunes Backup Encryption • Application Level − Messaging Apps: Signal and Wickr 27 27 People. Partnership. Performance. epiqglobal.com

  28. iTunes Backup Encryption One-time password • It can be user initiated or implemented via • a MDM policy. iTunes (installed version) does not support a • forgotten password feature for the backup encryption. The device can be collected, however we • need the password to decrypt the image. https://support.apple.com/en-us/HT205220

  29. iTunes Backup Encryption Removal For iOS 11 and newer, a setting reset can be • performed to remove the password, but it also resets numerous other phone settings. Once you apply the reset, it can not be undone. This • should only be used as a last resort. Consider downloading an iCloud backup as an • alternative method to getting to the data on the encrypted device. 29 29 People. Partnership. Performance. epiqglobal.com

  30. Apple iOS collection issues The new iPhones support 512 GB of storage making the • collection times longer than most custodian’s will want to be without their device. iTunes Backup Encryption • MDM client software restricting what applications can • be backed up. 30 30 People. Partnership. Performance. epiqglobal.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Watson Discovery Spring 2020 Discovery pipeline Using NLU, document conversion, and UI tools

Watson Discovery Spring 2020 Discovery pipeline Using NLU, document conversion, and UI tools

Watson Discovery Spring 2020 Discovery pipeline Using NLU, document conversion, and UI tools Watson Discovery use cases The need to search thousands of product reviews at once: Create a Discovery collection and build a UI to query the

657 views • 9 slides
From Search to Discovery in our Future Library From Search to Discovery W e see a spectrum of

From Search to Discovery in our Future Library From Search to Discovery W e see a spectrum of

From Search to Discovery in our Future Library From Search to Discovery W e see a spectrum of di ff erence between Search & Discovery, Search being more targeted and specific and Discovery being more open and vague. This slide also

650 views • 53 slides
Share the joy of discovery. Fostering Curiosity Joy of discovery Inquisitiveness

Share the joy of discovery. Fostering Curiosity Joy of discovery Inquisitiveness

Share the joy of discovery. Fostering Curiosity Joy of discovery Inquisitiveness Promoting Innovation Risk-taking Continuously raise the bar Empowerment through inclusivity Access for everyone Welcoming

532 views • 15 slides
Home Learning Event NSS Discovery: National benchmarking February 2020 What is NSS Discovery?

Home Learning Event NSS Discovery: National benchmarking February 2020 What is NSS Discovery?

Hospital at Home Learning Event NSS Discovery: National benchmarking February 2020 What is NSS Discovery? NSS Discovery is a management information system that provides approved users with access to a range of comparative health

579 views • 8 slides
Value-Driven Development with Continuous Discovery Introductions Prabhat Sinha Hello

Value-Driven Development with Continuous Discovery Introductions Prabhat Sinha Hello

Value-Driven Development with Continuous Discovery Introductions Prabhat Sinha Hello Vishnu Vijayan Padmanabhan Nice to meet you Jordan Ryan Agenda Why Discovery? Discovery Workshops Shortcomings of Discovery Workshops Agile

785 views • 56 slides
RNA Search and Whirlwind tour of ncRNA search & discovery Motif Discovery RNA motif

RNA Search and Whirlwind tour of ncRNA search & discovery Motif Discovery RNA motif

Outline RNA Search and Whirlwind tour of ncRNA search & discovery Motif Discovery RNA motif description (Covariance Model Review) Algorithms for searching Rigorous & heuristic filtering Motif discovery Lecture

809 views • 27 slides
Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please

Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please

Discovery & Monetisation Tom Greenaway Google @tcmg But fjrst Can someone please take notes? Why Discovery & Monetisation? Discovery Discovery Existing Efgorus Schema.org: https://schema.org/VideoGame Properuies: actor,

160 views • 13 slides
Im Impact of f Discovery ry Populist sentiment against Standard Oil was particularly strong

Im Impact of f Discovery ry Populist sentiment against Standard Oil was particularly strong

Im Impact of f Discovery ry Populist sentiment against Standard Oil was particularly strong at the time of the Spindletop discovery and the mega-corporation could not move in on the discovery due to state of Texas anti-trust laws. This

495 views • 4 slides
Higgs discovery and BSM Mihoko M. Nojiri 12 11 12 Higgs discovery at the

Higgs discovery and BSM Mihoko M. Nojiri 12 11 12 Higgs discovery at the

Higgs discovery and BSM Mihoko M. Nojiri 12 11 12 Higgs discovery at the LHC Higgs boson: The Last missing particle of the SM particles Probably starting point of the Beyond the stard model why we think

437 views • 31 slides
DOCTRINE OF CHRISTIAN DISCOVERY Taking on the Doctrine of Discovery Conference August

DOCTRINE OF CHRISTIAN DISCOVERY Taking on the Doctrine of Discovery Conference August

DOCTRINE OF CHRISTIAN DISCOVERY Taking on the Doctrine of Discovery Conference August 19, 2018 Joe Heath General Counsel, Onondaga Nation Tree of Peace by Oren Lyons Think back: a vanishing point of reference: 1768

600 views • 24 slides
UNESCO Discovery Centre reference image of education space UNESCO Discovery Centre Discovery

UNESCO Discovery Centre reference image of education space UNESCO Discovery Centre Discovery

UNESCO Discovery Centre reference image of education space UNESCO Discovery Centre Discovery Centre - Concept Design UNESCO Discovery Centre Discovery Centre - Concept Design UNESCO Discovery Centre Business Plan to cater for 55k-60k

363 views • 22 slides
E-Discovery Challenges In Healthcare Objectives To Identify and Discuss: E-Discovery? What

E-Discovery Challenges In Healthcare Objectives To Identify and Discuss: E-Discovery? What

E-Discovery Challenges In Healthcare Objectives To Identify and Discuss: E-Discovery? What is it? Are Healthcare Entities Ready? Unique Challenges to Healthcare 2 E-Discovery What is it? Lots of Definitions Electronic

218 views • 7 slides
FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional

FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional

Presenting a live 90 minute webinar with interactive Q&A FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional Certification of the Opt In Class WEDNES DAY, NOVEMBER 2, 2011 1pm Eastern |

676 views • 64 slides
FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional

FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional

Presenting a live 90 minute webinar with interactive Q&A FLSA Collective Action Discovery Strategies Discovery Tactics Before and After Conditional Certification of the Opt In Class WEDNES DAY, JANUARY 19, 2011 1pm Eastern |

1.1k views • 75 slides
Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery

Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery

Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery data sample x y z w samples 2 Causal Discovery assumptions, e.g. causal Markov causal faithfulness functional form etc.

1.66k views • 144 slides
Discovery Logic / NIH Discovery Logic, Inc. Established in 2001 SBA 8(a) Certified in

Discovery Logic / NIH Discovery Logic, Inc. Established in 2001 SBA 8(a) Certified in

Discovery Logic / NIH Discovery Logic, Inc. Established in 2001 SBA 8(a) Certified in 2003 Woman-Owned Business Small Disadvantaged Business (SDB) GSA Schedule Unlimited ID/IQ Prime Contractor to HHS and

324 views • 10 slides
Ford of Europe Live Chat Backgr ckgroun und Approac proach Lesson ssons

Ford of Europe Live Chat Backgr ckgroun und Approac proach Lesson ssons

Ford rd of Europ rope e - Live ve Chat Ford of Europe Live Chat Backgr ckgroun und Approac proach Lesson ssons lear arnt Next xt step eps 2 20/03/2015 FoE CRC's - Live Chat Overview BREAKTHROUGH

370 views • 19 slides
IS CHANGING CUSTOMERS WANT CHOICE The choice to contact your business on the channel they

IS CHANGING CUSTOMERS WANT CHOICE The choice to contact your business on the channel they

COMMUNICATION IS CHANGING CUSTOMERS WANT CHOICE The choice to contact your business on the channel they prefer to use CUSTOMER SERVICE IS CRUCIAL 97% of customers tell others about very good or excellent customer service experiences.

604 views • 32 slides
VIRTUAL SITTINGS: TECHNOLOGICAL CHALLENGES AND SOLUTIONS MOHAMED HUSSAIN 6 MAY 2020 Agenda

VIRTUAL SITTINGS: TECHNOLOGICAL CHALLENGES AND SOLUTIONS MOHAMED HUSSAIN 6 MAY 2020 Agenda

PEOPLES MAJLIS VIRTUAL SITTINGS: TECHNOLOGICAL CHALLENGES AND SOLUTIONS MOHAMED HUSSAIN 6 MAY 2020 Agenda Overview Technologies and tools Scheduling and preparing for the session Maintaining a private channel with the

598 views • 18 slides
2Q FY2019 Results Briefing Densan System Co., Ltd. Tokyo Stock Exchange, First Section Nagoya

2Q FY2019 Results Briefing Densan System Co., Ltd. Tokyo Stock Exchange, First Section Nagoya

Presentation Materials for the 2Q FY2019 Results Briefing Densan System Co., Ltd. Tokyo Stock Exchange, First Section Nagoya Stock Exchange, First Section Securities Code: 3630 Forward-looking statements contained in this document are based on

430 views • 17 slides
Project Plan Project Plato GM DevBot The Capstone Experience Team GM Colin Coppersmith

Project Plan Project Plato GM DevBot The Capstone Experience Team GM Colin Coppersmith

Project Plan Project Plato GM DevBot The Capstone Experience Team GM Colin Coppersmith Simeon Goolsby Alex Lepird Matthew Eaton Tao Tao Department of Computer Science and Engineering Michigan State University From Students Spring

300 views • 10 slides
Microsoft Teams: Navigating the Essentials to Enable Remote Work Presenters Tim Sparks, MCP

Microsoft Teams: Navigating the Essentials to Enable Remote Work Presenters Tim Sparks, MCP

5/ 7/ 2020 Microsoft Teams: Navigating the Essentials to Enable Remote Work Presenters Tim Sparks, MCP Tiffany Bobbitt Senior Managing Consultant Senior Consultant BKD Technologies BKD Technologies tsparks@bkd.com tbobbitt@bkd.com 5/ 7/

785 views • 12 slides
Presentation March, 2018 Disclaimer Certain statements in this presentation concerning our

Presentation March, 2018 Disclaimer Certain statements in this presentation concerning our

Investor Presentation March, 2018 Disclaimer Certain statements in this presentation concerning our future growth prospects are forward-looking statements, which involve a number of risks, and uncertainties that could cause actual results to

350 views • 33 slides
The Sony channel New Channel Evaluation Fuel for Brilliant DECISIONS February 2013 Fuel for

The Sony channel New Channel Evaluation Fuel for Brilliant DECISIONS February 2013 Fuel for

The Sony channel New Channel Evaluation Fuel for Brilliant DECISIONS February 2013 Fuel for Brilliant DECISIONS Outline 1.Introduction i. Methodology ii.Who we spoke to 2.Main Findings in Detail i. Is there a need? ii.Could Sony do it?

692 views • 66 slides

More recommend