Monday, June 30, 2008

litsupport summary for the week ending on 6/29/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. Is there software that will scan images for skin tone to determine if it is porn, with the goal of removing porn from review?
A. ContentPurity, ImageAnalyzer, LTU, X-Ways Forensics.

Q. What are the possible approaches to reconstitute a PST, that is, to pluck the desired messages from the source PST and to put it into the target one?
A. OutIndex xPress, Trident (lighweight), write a VB.NET or VBA app using the Redemption COM objects, more heavyweight: LAW, EnCase.

Q. What are the pros and cons of producing messages in a PST format?
A. Pros: It is an accepted practice in some situations, with existing tools to support it; The PST file format is great, although Outlook as a forensic viewer of PST's is not so great; MSG format is a possible alternative, but it has its own problems.
Cons: danger of requesting party plugging it into a live server and sending a reply by accident during their review; danger of read receipts being sent out; lack of ability to create production number per email or per record basis; the original file path could be spoliated if they click and drag into folders they create.

This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner (mkerzner@top8.biz) and edited by Aline Bernstein (aline.bernstein@gmail.com).

Monday, June 23, 2008

litsupport summary for the week ending on 6/22/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. How to print emails showing complete headers, such as complete recipient's email? A. ABC Amber Outlook Converter, for about $20, will handle a PST, and provide a multitude of options for output.

Q. How to move messages from a mobile phone to another format that would not disturb the data while still living in a format that would be accepted by the court?
A. You can use BitPim (or P2KCommader) to copy the text messages; a vendor can get a complete forensic image of the phone.

Q. How does one produce YouTube videos?
A. You can use a website such as http://vixy.net/ that will convert and
download any YouTube video available in various formats. There are also
freeware apps such as Free Video Downloader.

Q. How does one capture and produce web sites, such as MySpace?
A. (a) Create screen captures; (b) use a tool such as HTTrack which is a website copier; (c) a service to capture websites called iterasi, and it has a plugin for Firefox.

This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner (mkerzner@top8.biz) and edited by Aline Bernstein (aline.bernstein@gmail.com).

Friday, June 20, 2008

A gap a in the knowledge of eDiscovery trips a lawyer

It was a radical proposition from one of the funds’ managers, and Mr. Tannin took the precaution of not using Bear’s e-mail system, prosecutors said. He sent the note to the e-mail account of Mr. Cioffi’s wife.

Complete post from Craig Ball here...


Thursday, June 19, 2008

On NPR: 90 percent of the cost of a lawsuit may be eDiscovery

E-mail and other electronic communications have dramatically changed the contemporary legal landscape. By some estimates, more than 90 percent of the cost of a lawsuit today can come from sorting through e-mails and other electronic documents to determine which ones are relevant to the case.
More on NPR...

Monday, June 16, 2008

litsupport summary for the week ending on 6/15/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. What is an easy way to create 2MB PDFs? Some courts will not accept PDF files that exceed 2MB.
A. Here are the possible ways: (a) if you can export your electronic files to PDF, it will result in smaller PDF's; (b) if scanning, select the lowest dots per inch (dpi) resolution (such as 150 dpi) black & white for straight-text documents and gray scale for documents with tones, and avoid color; (c) A-PDF Size Splitter; (d) zip the pdf file and span the zip into pieces of an acceptable size, the court will unzip the main file and it rebuilds the original file from the pieces; (e) PDF Optimizing utility within Acrobat Pro; (f) pdfDocs Desktop; (g) build images in IPRO as PDFs and set size limit; (h) if everything else fails, you may have to print and submit paper documents :).

Q. What is the future of Bates Numbers used in litigation?
A. This is a ubiquitous question, so at the risk of making a mistake, let us summarize the opinions: (a) for internal reference, use DocId and hash values; for production to the opposing side, use Bates numbers, especially if you want to refer to pages, and this is the practice preferred by lawyers; in evidence use Exhibit or Attachment; (b) in cases where stamping is still required look for something that is the least physically destructive to the human body and get the trick of waving it properly to do paper, especially in a confined space; (c) Mr. Bates died many years ago. It is time that we buried him; (d) Bates terminology will never die.

Q. How to deal with encrypted or password-protected documents in EDD processing?
A. Your best bet is to ask (in writing) the responsible attorney on a case by case (or client standard policy) basis BEFORE you process the data how s/he wants you to handle encrypted ESI, and document what you do; (b) if the client is giving you their password, note the date and time it was received and who had the information; (c) it may be a standard procedure to break passwords and document that, - but keep that type of information even more confidential.

This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner (mkerzner@top8.biz) and edited by Aline Bernstein (aline.bernstein@gmail.com).

Sunday, June 15, 2008

Autonomy announces end-to-end hosted eDiscovery solution

The announcement can be found here. You send your CD's or DVD's to them, and they do the processing and make it available to you on the web.

However, I have described this idea, and the architecture for my system a while back. See here. All elements are the same, including the team behind the scene :). Still, it remains to be seen if the time for my idea is still to come. The difference? My system is totally open-standards, and based on open-source components. (For techies, Linux for OS, Lucene for search, JavaSpaces for grid computing, and IBM's UIMA for concept search). You can build the whole thing on Amazon EC2 cloud with just a credit card. See this post as a predecessor.

The domain for my system, eddontheweb.com, is still waiting.

Friday, June 13, 2008

80% of security breaches could have been prevented if...

proper policies were in place, says Verizon Wireless study. The “2008 Data Breach Investigations Report” spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported.

A complete report is also available from them. Thank you, Verizon!

Thursday, June 12, 2008

EDD Staffing

An interesting post from Ari Senders, drawing on his experience in three firms across the country. Key ideas:

Firms now realize that demonstrating their comfort with the technology used by their clients is imperative to their success, so they rely upon a combination of internal resources and outside vendors and consultants for their EDD needs.

The pass-through cost involved in engaging third party expertise — particularly on matters with smaller budgets — has become prohibitive, so competent internal technical staff has become vital.

The OWASP Top 10

Yesterday Houston OWASP meeting with presentation by J Sawyer, Developer Evangelist of Microsoft, was very informative.

J went through the 10 top vulnerabilities for developers. Each of them he showed with explanation, examples, and mitigation - admittedly, all mitigation was focused on .NET. I was quite impressed and noted some aspects where IIS 7 is integrated with ASP.NET, so that default security settings are enforced. For example, for unauthorized file access.

J promised the slides on his blog. I also asked David Nester, the Houston OWASP president, about the same top 10 but mitigating in other technologies, such as PHP or Java.

Here is an interesting thing. The top 1 most used vulnerability, cross-site scripting, received least of all mitigation coverage. It is the hardest to protect against also. There is a XSS secure library from MS, and that is the approach that Jeremiah Grossman advocates too - secure libraries.

The added bonus came in the form of questions and answers. I asked J, what should an outside consulting company like ours do to help with security effort:
  1. Learn and implement latest security protection techniques;
  2. Educate software developers in companies;
  3. Educate management?
He said, all of the above. Then J added the bonus advice: start from the threat assessment. This will show that you are serious and will create a good foundation. In fact, this in itself is quite a value proposition. I noted the word "threat" which sounds so much better than "vulnerabilities". That is because "threat" is to you, and somebody else is to blame. But vulnerabilities, alas, leave the vulnerable party responsible.

The meeting took place at the MS Campus. Here is the view from the window.

Sunday, June 8, 2008

eDiscovery is a new weapon that lawyers must learn to wield

In an article by Chris Mondis, "Ediscovery profoundly changing lawyering", both sides of the argument are discussed: that it is more costly and easier to violate, on one hand, and that it is more fair, on the other. Regardless of which side you take, eDiscovery is an important weapon.

litsupport summary for the week ending on 6/08/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. What are the recommended procedures for dealing with ESI (Electronically Stored Information)?
A. FAQ from Orcatec: http://www.orcatec.com/file_download/4/ESI-FAQ.pdf.

Q. Any advice for tiffing multi-page VSD documents?
A. The free viewer that displays in IE and QuickViewPlus both do not cut it. Try Microsoft's Visio 2007 Viewer (free). Alternatively, print all the pages (using append) to one TIFF outside of LAW and then use the "Edit > Replace > Image from file" feature to bring it into LAW. You can also buy Visio 2003 or Visio 2007.

Q. How to restore data from a reformatted hard drive?
A. All formatting does is remove the MFT (Master File Allocation Table). Here are the programs that could help: Data Lifter, EnCase, FTK. One needs to understand the structure of FAT or NTFS and the recovery process. You will also need to carve out the drive's files. Many files will be fragmented as well because the files are not on consecutive sectors. On the Linux side, RIP(Recovery Is Possible) can be used, and UBCD (Ultimate Boot CD) has just about every hard drive manufacturers' diagnostic utility on it.

This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner (mkerzner@top8.biz) and edited by Aline Bernstein (Abernstein@mwe.com).

Thursday, June 5, 2008

Justice for all!

Not in the sense that everyone gets justice, at least not directly, but in the sense that everybody can learn about justice. An article about a new video game "Our Courts" lead by retired justice O'Connor, to teach how the justice system works. And here is a web site for the game, to see the current state of the project.

Monday, June 2, 2008

EDD trends - a personal touch

A wonderful post by Monica Bay describes both the trends and the people whose actions constitute those trends.

GRC Executive Summit ’08


I will be talking at the GRC on the subject of “Security Breaches And Incident Response - Handling Communication When Corporate Issues Have Been Exposed” - Track COCQA 8.3 OR Incident Response."

On the 28th of September. How exciting!

This photo is for GRC web site and marketing.

litsupport summary for the week ending on 6/01/08

A lot of important and useful information is posted to litsupport each week. The following is a distilled summary, in the form of questions and answers.

Q. How to become a "Summation Certified Litigation Support Professional"?
A. There is no such thing, at least none sponsored by Summation. However, one could become a Summation Certified Trainer or a Summation Reseller.

Q. How to record one's action on a web site for a demo?
A. Camtasia from TechSmith, Camstudio, HTTrack, Website Ripper Copier, Wondershare Democreator, VMWare recorder, PDF Creator, Jing, SnagIt. For "low-tech", get the best quality LCD monitor and record it on a video camera. If the video files themselves are needed, look at the html to see where they are coming from.

Q. How to review a client's AOL email?
A. ePreserver Forensic will get AOL e-mails from local storage as well as from the AOL mailbox itself (with the client's permission). If doing this manually, look for PCF or IDF file (depending upon setup) where the AOL emails are cached, and open it from within AOL. Watch out for attachments, which are stored locally and the local path is recorded. It is possible to write a utility to convert PCF to standard mail format, but it is not easy.

This summary from the Litsupport Group postings created by the wonderful and talented members of the group has been culled by Mark Kerzner (mkerzner@top8.biz) and edited by Aline Bernstein (Abernstein@mwe.com).