Archive for June, 2008


Technical Considerations in Review Process of E-Discovery

Wednesday, June 25th, 2008

Decision-making, backing up your data and managing a review database to acquire digital data in your company is no longer a solvency for your problem in E-discovery, though you decide to go with the legal attorney for review process in E-Discovery. Data collection plays a key role in review process. There are some technical issues that need to be considered, which will help the legal team in identifying potential problems as well as successful review in E-Discovery.

Following are checklist of technical issues that can aid in this review process of E-discovery:

ISP (Internet service provider) will look simple but in most cases they are overlooked. Reliability, network speed and throughput can have a tremendous impact supplied by the ISP. Consult your network engineer and find who you’re ISP (Internet service provider) is and how reliable are they. So that Ip addresses at the main location can be rerouted. For eg: When you access your personal E-mail from your own Internet service provider, chances are your E-mail comes to you from your ISP’s E-mail servers in one of three ways POP (Post office protocol), IMAP (Internet mail access protocol), MAPI (Messaging Application Programming Interface) or HTTP (Hyper text transfer protocol),which helps in finding out the e-mail.

Bandwidth: Routers, hubs, firewalls, cables, and modems all these will effect the actual bandwidth. The bandwidth fluctuates time to time. An average sampling of this bandwidth should be taken every day. This is very important because the reviewers are going to access the data online and check whether they have the actual bandwidth speed. Use the online support tools to measure the speed of bandwidth that provide upload and download speed.

Map out the number of hops associated with each computer and review location Tracert is a network command tool used to show the route taken by the packets across an IP network i.e. the information from your computer to one you specify. This tracert command lists all the routers it passes through, until it reaches its destination and will also tell you how long each ‘hop’ from the router to router takes. This will provide lots of relevant information to the networker.

Use web analytic software to view the reviewers and location This will impact adversely if 100 reviewers are trying to access the same information, resources or website from the same physical location at the same time, verses only 10 reviewers doing the same. By making a list of total number of reviewers and their physical access location, we can estimate how long a review will take and from which place.

Software Configuration In order to ensure that Web usage is consistent it is necessary to ensure that software’s are configured in a consistent manner. You should ensure that the Web server is configured so that appropriate information is recorded and that changes to relevant server options or data processing are documented.

Not all the time the web usage data might give true indication of usage of data. This is due several factors such as effects of caches, cookies, browser types, auditing tools, etc. Despite these reservations collecting and analyzing usage data can provide valuable information.

Fire wall operation The loss of files, e-mails, financial records can be avoided in conjunction with the other security issues, with the help of Firewall. Firewall is necessary for almost every review process, because they it plays a vital role in overall performance of network. Check whether your firewall is blocking your ports or whether it is accessing the internet through identified specific ports? Most of the firewall has the devices such as NAT(Network address translation) which protects you by hiding the internal ip address to outsiders from reaching your internal network and also inspects the incoming visitors, and also has additional features by terminating the VPN (Virtual private network) which allows the users to securely communicate using encrypted traffic.

Data collection always plays a key role in review process of E-Discovery. After gathering the information based on the checklist of technical issues make a decision by sharing with your technical support team, whether these are with in normal parameters. This will enable the legal team to address for developing the solutions to potential issues and will set up a successful E-Discovery review. www.datatriage.com is the best practice for the corporate firms, who possess both the technical and legal knowledge to set up a successful claim.

 

E-Forensics Supports Your Ongoing Investigation by Capturing The Legal Defensible Data

Thursday, June 12th, 2008

E-Forensics is the application of electronic investigation, which has the capabilities of recovering data or visible to the user in legal proceedings. The deleted files often contain the Electronic files that do not show up which is important to your case, but identifying the deleted files plays the key role in e-forensic.

The latest technology of e-forensics makes sure that the information is legally justifiable by maintaining a proper document chain of custody, identifying the electronic data capturing methods and gain the knowledge of latest technologies used in e-forensics.

Electronic discovery is the process of extracting data from electronic documents that contains electronic data such as e-mail, word processing files, accounting files ,spread sheets, presentation files, databases, CAD and some form of computer records stored, where the CPU caches are generally managed by hard drives which includes cache memory, magnetic disks, optical disks such as DVD’S,CD’S. Often such information or data that is recorded on any type of electronic media has the possibility of discovery of data in the claim, which can be shown as evidence.

E-forensic applies special scientific methods to determine the scope and presence of information contained on digital media. E-forensic differs from electronic discovery and is used only in case of potential crime involved. The data that is not accessible by the user which includes information such as deleted files, hidden files, web based files, password protected files and special devices such as ipods, Mp3 player’s, storage area network and cellphones can also be discovered with E-forensics

Capturing electronic media forensically:

The original media is copied using specific capture applications with features so that there are no changes made to the original one. Security Hash algorithms are provided to take initial measurement of each file. A form of digital finger print is applied before and after processing activities to prove whether the file is changed or not during processing. Most common types of hash algorithms use MD5 (128 bit algorithm) and SHA1 (160 bit algorithm) which is primarily used in computer forensics.

There are two methods to copy the process: Bit-by-Bit copy and Forensic image.

* Bit-by-Bit Copy: To make the exact copy of the device, each specific byte in the device is copied to the new device and the write blocker software or hardware is utilized to prevent any changes to the data. This creates the exact copy that requires no manipulation of the data to recreate the original media.

* Forensic Image: All the files on original media are contained inside the forensic image file, where it contains a wrapper which protects the files. To create this image file special software is required and this cannot be altered without the change of hash algorithm. In addition a cross validation test is performed to validate the process.

By this process of capturing the data, e-forensic tool provides a solution to the individuals, government agencies and private industry in tracking the things by this scientific equipment tool which provides the required analyzes and interpretation to a court. www.DataTriage.com is the best e-forensic service expert providing the cost effective approach to support ongoing investigation.