“Digital justice: It's tough to pull a Houdini in cyberspace” |
| Digital justice: It's tough to pull a Houdini in cyberspace Posted: 18 Dec 2010 09:36 PM PST By TOM HOWELL JR. It might require an MIT diploma to fully understand, but this much is true: That computer image or e-mail you just deleted isn't really gone. Rather, the discards go into unallocated space on the hard drive and remain there until new material writes over it. The same is true of cell phones. "You might take the card out of the card catalog, but that book is still on the shelf," said Lt. Mark Rozek, who handles tech issues for the Sparta Police Department. Indeed, the cyber age has redefined posterity. Data pops up or disappears with the push of a keypad button -- cleansing the slate of information tucked behind the glass screen -- but hard-drives, backup servers and advanced forensic recovery techniques ensure its In litigation, electronic forensics can be game-changer. E-mails, computer files and cell phone texts can hold valuable information about a sexual discrimination suit in the workplace, a child porn investigation and more. While criminals are often caught red-handed, recent court rules also require civil litigants to preserve potential electronic evidence when legal action is pending or anticipated. And when people aren't forthcoming, the computer consultants dig in. FRED will find it When the Sparta Police Department obtained a Forensic Recovery of Evidence Device, or "FRED," it was prime fodder for an inside joke. Fred Geffken was chief of the department at the time. But the FRED and similar devices are essential tools in law enforcement computer labs, allowing investigators to extract evidence from a computer without altering it. The Sparta Police lab also has a "Neutrino" gadget that allows officers to extract data from cell phones, including deleted text messages from the SIM card. Under the lab counter, there are rows of plastic boxes with every cell phone adapter cord under the sun. In digital forensics, a write-block device is used to allow extraction of data without modifying the computer in any way. Merely turning on a computer can update files, so investigators must not expose themselves to courtroom claims of tampering with evidence. The Sparta Police Department uses EnCase, a line of products from a Pasadena, Calif.-based company called Guidance Software. Cas Purdy, a company spokesman, said the firm has grown steadily as computer-based investigations and electronically stored information have become essential parts of modern-day "A lot of people know us as EnCase, or they use it as a verb," Purdy said. "One of the things we're known for is being court-validated." Robert Botchek, the senior vice president of Guidance Software's forensic business unit, has ample experience in the more-than-meets-the-eye nature of computer data. He said it's important to recognize the dual nature of the data -- there is the stuff you created on-screen, and there is the way the operating system tracks that content. When a file is deleted, the "table of contents" is modified, but the actual material still exists. "It just took away the pointers," Botchek said. Short of destroying the computer with a sledgehammer, it's rather difficult to scrub the hard drive clean. "There's still a lot of nooks and crannies," Botchek said. Most guilty parties are too careless to cover their tracks, or it is more trouble than it's worth. And if criminals do erase the evidence trail, their troubles are just beginning. This is court, The folks at Sparta law firm Laddey, Clark & Ryan have a special letter that goes out prior to or during employment litigation. It lets their adversaries know they must preserve "relevant and critical" electronically stored information on employee computers and other devices. The potential evidence, commonly known as e-discovery, can include e-mails, text messages, instant messages, website history, voice mails, spreadsheets, databases, file fragments, digital images and more. Destruction of the electronic evidence is prohibited by law, so the letter demands its recapture or preservation. Managing partner Tom Ryan said preservation of e-documents, especially e-mail, can be vital in his area of practice, especially cases involving discrimination or wrongful termination. The material can actually benefit an employer, too, if there is a history of communication about an employee's performance. Many companies understand their obligations, although some small companies are caught off-guard by the ins and outs of data preservation. Associate attorney Larry Supp, who handles commercial and property rights litigation, said parties in one of his cases, a complicated environmental matter involving 300 entities, set up a special website to transfer electronic discovery. The courts, especially in the federal system, have addressed the destruction, or "spoliation," of electronic material and counsel's obligation to ensure that clients preserve or recapture potential evidence. Failure to abide by these rules can result in economic and legal consequences. In August, a federal judge in the Southern District of New York issued a sanction of $150,000 against a defendant company for failing to disclose laptop data and e-mails in a lawsuit pitting, ironically, two software companies against each other. And in Zubulake v. UBS Warburg, a groundbreaking case heard in 2003-2005 in the same New York district, a federal judge imposed sanctions on the defendant in the form of an adverse instruction. In other words, she told the jury it was at liberty to assume that certain materials were eradicated because they hurt the defendant's interests. Newton attorney Kevin Kelly has become adept at discovering relevant e-discovery, especially in cases involving government entities that are expected to maintain public records. The best way for these entities to avoid problems, he said, is to have separate e-mail accounts for work and private life. "It's only when you mix the two that you open up everything to discovery requests," Kelly said. To avoid chicanery, one trick is to request materials from both sides of suspected correspondence. If one party has a litany of e-mails that the other side does not produce, there's a problem. "You can run but you can't hide. Once it's there, it's there forever," Kelly said. "You see where the gaps are. It's not hard to do." The Value of a "Hash" Disclosure of a private e-mail or text message may be embarrassing, but what about material that is inherently criminal? Well, investigators are keeping tabs on that, too. The National Center for Missing and Exploited Children keeps a database of "hash values" -- integers that identify individual pieces of electronic data -- corresponding to images and videos of child pornography. Two main programs, a voluntary one for the public and electronic service providers and a separate one for law enforcement, facilitate the center's collection of the hash values, according to John Shehan, executive director of the exploited child division. Teams at the NCMEC have received 980,000 reports involving 8 million files through its voluntary Cyber Tipline since 1998, and 25,000 cases involving 42 million files through its Children Victim Identification Program. Hash values are fragile and duplicate images can exist, but the index has helped prosecutors identify victims of child porn, proving which images involved real children and not virtual productions. The need to establish a real victim was the result of a 2002 U.S. Supreme Court decision in Ashcroft v. The Free Speech Coalition, which ruled that prohibitions on material that "appears to be" and "conveys the impression" of child pornography were over-broad and vague portions of the Child Pornography Prevention Act of 1996. Now in beta form, a portal that allows law enforcement to quickly review a hash value in its system against a national database of verified child porn is slated for release in early 2011. "Law enforcement is looking forward to this," Shehan said. "There's a wealth of information in the victim-identification evidence." The future The anticipated release of a database to detect child porn is reflective of the major trends in law enforcement and electronic evidence procurement since the early 1990s. From digital fingerprinting and searchable criminal databases to simplified data recovery, the cyber age has emphasized both speed and information-sharing. Efficiency doesn't always come with an advantage -- "You still have to read it all," noted Ryan, the Sparta attorney, of voluminous e-documents -- and sometimes it comes with a price. An exhaustive review of electronic information can be costly and time-consuming, especially in light of attorney-client privilege. In large-scale litigation, firms spend thousands on lawyers who review computer documents for information that shouldn't be released to the other side. After all, one push of the wrong button could have serious consequences. The tech gurus are working on it, however, with Guidance Software touting future products that will make it easier to sift through electronic data for relevant information. After all, cyberspace is an expansive world that is only going to get bigger. "I thought I had heard it all," said Purdy, the company spokesman. "But really it's just shocking how much information is on your machine." This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php |
| You are subscribed to email updates from Content Keyword RSS To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment