1 / 14

Software CSI -- Effects of Computer-Resident Evidence

Software CSI -- Effects of Computer-Resident Evidence . September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove, P.E., Fellow NAFE Cosgrove Computer Systems Inc. JCosgrove@computer.org , www.CosgroveComputer.com. Outline.

angus
Download Presentation

Software CSI -- Effects of Computer-Resident Evidence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software CSI--Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove, P.E., Fellow NAFE Cosgrove Computer Systems Inc. JCosgrove@computer.org, www.CosgroveComputer.com

  2. Outline • Part I - Computer Issues 3 • Part II – Doing the Work 8 • Example Case 13 • Summary 14 Cosgrove Computer Systems Inc.

  3. Part I – Computer Issues • Computer Issues • Impacts on Litigation • E-Discovery & New Federal Rules • ESI Evidence - Software CSI Cosgrove Computer Systems Inc.

  4. Computer Issues • Most evidence is computer resident • Volume of billions & trillions (GB & TB) common • Automated assistance required • Computer Forensics • Computer evidence handling • Chain of custody • CSI-type bag & tag – ESI version • Data recovery - deleted and archived • Establishing authenticity - Metadata • Electronic discovery – new Federal Rules • Electronically Stored Information (ESI) defined Cosgrove Computer Systems Inc.

  5. Impacts on Litigation • Most cases involve ESI in some way • Electronic discovery standards • New Federal Rules for E-discovery – 12/1/06 • May need to help counsel write subpoena for discovery of evidentiary data • Standard-of-Care not yet established • Legal name for process maturity • Projects with computer components • E.g., Water system SCADA • Computer-aided-design Cosgrove Computer Systems Inc.

  6. E-Discovery New FedRules -12/1/06 • “…most court battles … some electronically-stored information.“ (ESI) • Includes electronic documents as discoverable • Recognizes need for special guidance for e-documents • E-documents often exponentially larger in magnitude • Context, environment, collateral content, etc., often critical • Special rules for non-active (i.e., deleted) files Cosgrove Computer Systems Inc.

  7. ESI Evidence – Software CSI • Computer evidence handling • Separate issue from E-discovery • Chain-of-custody rules for electronic data • E.G., ESI version of “bag and tag” • Rules for computer evidence • Forensic software at work – why Encase? • Inherently invisible evidence • Protect integrity of evidence • Adapt legal precedents for authenticity • Avoiding being challenged -- reproducibility • Added Issues in Criminal Proceedings • Establish reliable common evidence baseline Cosgrove Computer Systems Inc.

  8. Part II -- Doing the Work • Litigation Fact Finding • Finding the Critical Facts in Gigabytes • Making Technical Issues Understandable • Subpoena wording • Example case Cosgrove Computer Systems Inc.

  9. Litigation Fact-finding Data, deleted and otherwise Allegations, counterclaims Extraction Expert “Crushing” amounts of Emails, Documents, Records Data Expert Domain Expert Data Expert Issues, Timelines, Narratives Tech↔ Legal Translator Opinion Myself Cosgrove Computer Systems Inc. Source – M Chock

  10. Finding the Critical Facts in Gigabytes • Size matters • Tools and techniques must match size • Analogy with foundation of multi-story building • Information may be buried in GB of unsearchable print-image files • Common tactic by opposition • Document “provenance” lost • Metadata is electronic provenance • Subtle modifications can occur • Organizing data and extracting meaning • 10s of Ks of project emails, status, etc • Use appropriate tools – SSs, character analysis, etc. Cosgrove Computer Systems Inc.

  11. Making Technical Issues Understandable • Legal concept of “Teaching the court” • Insist on foundation building with technical issues • Problem is magnified for jury trials • Creative use of analogies is effective • Example of analogy to explain buffering • Show complex event interactions in timelines - SS • Make explanation separate from proof • Avoid MEGO (My Eyes Glaze Over) • Separate Summary opinion from fully substantiated Analysis with references • Plausible explanation section often useful for counsel Cosgrove Computer Systems Inc.

  12. Subpoena wording • All information for Project #x, dates 12/0x - 3/0y. • Any form such as paper, scanned images or ESI files. ESI form preferred (Fed. Rule) • If Electronic • Media - disk drives or tape storage • Attributes - “metadata” must be included • Database (e.g. emails) or log-file entry – entire file with context • Custom Application (e.g. AutoCAD) issues Cosgrove Computer Systems Inc.

  13. Example Case – Show Chronology of Issues Cosgrove Computer Systems Inc.

  14. Summary • Computer Technology is involved in most litigation • Trend is for this to increase • Some computer skills needed in most technical cases: • Find the relevant evidence • Organize the complexity • Interpret the meaning Cosgrove Computer Systems Inc.

More Related