DOCSLIB.ORG

Publication Encase Legal Journal

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Publication Encase Legal Journal LAW Guidance Software is the leader in digital investigation solutions. EnCase® Enterprise is used by numerous government agencies and 65 of the Fortune 100. Market-leading solutions EnCase® eDiscovery, EnCase® Cybersecurity, and EnCase® Analytics help organizations respond to e-discovery requests, security incidents, and emerging internal and external threats. EnCase® Legal Journal 5th Edition Official Legal Citation: EnCase L.J. (2014) .Copyright © 2014 Guidance Software Inc ,All rights reserved. No part of this book may be reproduced, stored, or transmitted by any means—whether auditory, graphic mechanical, or electronic—without written permission of both publisher and author, except in the case of brief excerpts used .in critical articles and reviews. Unauthorized reproduction of any part of this work is illegal and is punishable by law ISBN: 978-1-4834-0915-3 (sc) ISBN: 978-1-4834-0914-6 (e) Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do .not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them The information provided herein is general information only and does not constitute legal or other professional advice or any opinion of Guidance Software, Inc. or its contributing authors. For this reason, it is recommended that you seek the .advice of a lawyer who can advise you on the specific legal issues that may be applicable to your business concerns Any people depicted in stock imagery provided by Thinkstock are models, and .such images are being used for illustrative purposes only .Certain stock imagery © Thinkstock Lulu Publishing Services rev. date: 3/24/2014 Acknowledgements Guidance Software Editorial Board • Victor T. Limongelli, Editor-in-Chief, President & CEO • Chad McManamy, Managing Editor, Assistant General Counsel Guidance Software would like to thank the following authors for their generous contribution to this edition of the EnCase® Legal Journal: • Patrick J. Burke, Attorney, Reed Smith LLP • Dominic Jaar, Associate Partner, Information Management and E-Discovery, KPMG • Scott A. Carlson, Partner, Seyfarth Shaw • Denise Backhouse, Associate, Morgan, Lewis & Bockius, LLP • Chris Dale, E-Disclosure Information Project • John Blumenschein, Counsel, Seyfarth Shaw LLP • Daniel Lim, E-Discovery Attorney • Siddartha Rao, E-Discovery Attorney Preface ver the last twenty years, the field of computer forensics and electronic discovery (e-discovery) Ohave expanded greatly, mirroring the explosion of digital data in society at large. What began .as a practice of a select few technical experts has become a field in which thousands are involved Computer evidence is now a mainstay not only in criminal matters, but also in civil discovery, ,internal corporate investigations, and computer security incident response. In each of these situations the authentication and presentation of electronic evidence at trial is either a primary goal or, at a minimum, a consideration that the computer investigator must take into account. This EnCase® Legal Journal is provided with three goals in mind: It reports on court decisions involving EnCase® software, as well as notable court decisions .1 .involving computer evidence in general It addresses how the EnCase process facilitates the authentication and admission of electronic .2 evidence in light of evolving industry practices and the current status of the law, providing investigators and their counsel with an added resource when addressing questions involving .computer forensics and the use of EnCase software (It focuses on how the rules regarding e-discovery of Electronically Stored Information (ESI .3 have been interpreted by various courts and how EnCase software facilitates compliance with .those rules The EnCase Legal Journal is provided for informational purposes and is not intended as legal advice, nor should it be construed or relied upon as such. Each set of circumstances may be different .and all cited legal authorities should be confirmed and updated Just as Guidance Software is committed to ongoing product research and development, so must we also be on top of the latest legal developments impacting this field. As such, this journal should be .considered as a work perpetually in progress A special thanks to the Guidance Software Associate General Counsel (AGC) team for updating this edition. If you have any questions, comments or suggestions for future revisions, please feel free to contact the editors at LegalJournal@EnCase.com vii Contents New in the Fifth Edition ................................................................................................ xi Authentication of Computer Evidence ............................................................................1 Overview ..........................................................................................................................................1 1.0 § Authentication of Computer Data ................................................................................................1 1.1 § Authentication of the Recovery Process ......................................................................................4 1.2 § Authentication of the EnCase Recovery Process .......................................................................7 1.3 § Challenges to Foundation Must Have Foundation ....................................................................8 1.4 § Evidentiary Authentication Within the EnCase® Enterprise Process .....................................8 1.5 § Cases Involving the Use of EnCase Enterprise and Other Relevant Authority ...................11 1.6 § Validation of Computer Forensic Tools ........................................................................ 17 Overview .......................................................................................................................................17 2.0 § Frye/Daubert Standard and Judicial Notice .............................................................................17 2.1 § Computer Forensics as an Automated Process ........................................................................22 2.2 § Commercial vs. Custom Forensics Software and Authentication Issues ..............................25 2.3 § Expert Witness Testimony ��������������������������������������������������������������������������������������������29 Overview........................................................................................................................................29 3.0 § Threshold Under Rule 702 ...........................................................................................................29 3.1 § Importance of Well-Established Certifications, such as the EnCE for Expert Testimony .32 3.2 § Illustrations of Testimony ...........................................................................................................32 3.3 § The Best Evidence Rule ����������������������������������������������������������������������������������������������� 47 Overview .......................................................................................................................................47 4.0 § Original” Electronic Evidence ..................................................................................................47“ 4.1 § Presenting Electronic Evidence at Trial ....................................................................................49 4.2 § Compression and the Best Evidence Rule .................................................................................51 4.3 § United States v. Naparst – The EnCase Evidence File Validated as Best Evidence ..............52 4.4 § Legal Analysis of the EnCase Evidence File .................................................................55
Load more

Recommended publications
  • Maximum Internet Security: a Hackers Guide - Networking - Intrusion Detection
    - Maximum Internet Security: A Hackers Guide - Networking - Intrusion Detection Exact Phrase All Words Search Tips Maximum Internet Security: A Hackers Guide Author: Publishing Sams Web Price: $49.99 US Publisher: Sams Featured Author ISBN: 1575212684 Benoît Marchal Publication Date: 6/25/97 Pages: 928 Benoît Marchal Table of Contents runs Pineapplesoft, a Save to MyInformIT consulting company that specializes in Internet applications — Now more than ever, it is imperative that users be able to protect their system particularly e-commerce, from hackers trashing their Web sites or stealing information. Written by a XML, and Java. In 1997, reformed hacker, this comprehensive resource identifies security holes in Ben co-founded the common computer and network systems, allowing system administrators to XML/EDI Group, a think discover faults inherent within their network- and work toward a solution to tank that promotes the use those problems. of XML in e-commerce applications. Table of Contents I Setting the Stage 1 -Why Did I Write This Book? 2 -How This Book Will Help You Featured Book 3 -Hackers and Crackers Sams Teach 4 -Just Who Can Be Hacked, Anyway? Yourself Shell II Understanding the Terrain Programming in 5 -Is Security a Futile Endeavor? 24 Hours 6 -A Brief Primer on TCP/IP 7 -Birth of a Network: The Internet Take control of your 8 -Internet Warfare systems by harnessing the power of the shell. III Tools 9 -Scanners 10 -Password Crackers 11 -Trojans 12 -Sniffers 13 -Techniques to Hide One's Identity 14 -Destructive Devices IV Platforms
    [Show full text]
  • ED381174.Pdf
    DOCUMENT RESUME ED 381 174 IR 055 469 AUTHOR Klatt, Edward C.; And Others TITLE Windows to the World: Utah Library Network Internet Training Manual. INSTITUTION Utah State Library, Salt Lake City. PUB DATE Mar 95 NOTE 136p. AVAILABLE FROMWorld Wide Web at http://www.state.lib.ut.us/internet.htm (available electronically) or Utah State Library Division, 2150 S. 3rd W., Suite 16, Salt Lake City, UT 84115-2579 ($10; quantity price, $5). PUB TYPE Guides Non-Classroom Use (055) EDRS PRICE MF01/PC06 Plus Postage. DESCRIPTORS Access to Information; *Computer Networks; Computer Software; Electronic Mail; *information Networks; *Information Systems; *Librarians; Online Catalogs; Professional Training; Telecommunications IDENTIFIERS *Internet; Utah ABSTRACT This guide reviews the basic principles of Internet exploration for the novice user, describing various functions and utilizing "onscreen" displays. The introduction explains what the Internet is, and provides historical information. The introduction is followed by a listing of Internet hardware and software (freeware and shareware), both lists including information fo: PC-compatibles and Macintosh computers. Users are introduced to and instructed in the use of the following Internet systems and services: EWAN telnet; OPACS (Online Public Access Catalogs); CARL (Colorado Alliance of Research Libraries; FirstSearch; UMI (University Microfilm Inc.); Deseret News; Pegasus E-Mail; Listservs; WinVN Newsreader; Viewers; Netscape; Mosaic; Gopher; Archie; and FTP (File Transfer Protocol). Over 100 computer screen reproductions help to illustrate the instruction. Contains 16 references and a form for ordering additional copies of this guide are provided. (MAS) *********************************************************************** Reproductions supplied by EDRS are the best that can be made from the original document.
    [Show full text]
  • Usenet News HOWTO
    Usenet News HOWTO Shuvam Misra (usenet at starcomsoftware dot com) Revision History Revision 2.1 2002−08−20 Revised by: sm New sections on Security and Software History, lots of other small additions and cleanup Revision 2.0 2002−07−30 Revised by: sm Rewritten by new authors at Starcom Software Revision 1.4 1995−11−29 Revised by: vs Original document; authored by Vince Skahan. Usenet News HOWTO Table of Contents 1. What is the Usenet?........................................................................................................................................1 1.1. Discussion groups.............................................................................................................................1 1.2. How it works, loosely speaking........................................................................................................1 1.3. About sizes, volumes, and so on.......................................................................................................2 2. Principles of Operation...................................................................................................................................4 2.1. Newsgroups and articles...................................................................................................................4 2.2. Of readers and servers.......................................................................................................................6 2.3. Newsfeeds.........................................................................................................................................6
    [Show full text]
  • 3. Internet – Participating in the Knowledge Society
    3. Internet – Participating in the knowledge society “Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” Kofi Annan, former Secretary General of the United Nations, January 1997-December 2006 CHECKLIST FACT SHEET 10 – SEARCHING FOR INFORMATION Do you read the disclaimer when you are consulting a website? How can you be sure the information you find is factual and objective? Do you consult several websites to check your facts? CHECKLIST FACT SHEET 11 – FINDING QUALITY INFORMATION ON THE WEB Before downloading files, do you check that your anti-virus software is active? If you get your news from the Internet, do you seek multiple perspectives on the same story? Clean out your cookies from time to time to avoid being “profiled” by search engines. CHECKLIST FACT SHEET 12 – DISTANCE LEARNING AND MOOCs Choose a method of distance learning that is appropriate for you: determine what type of learning (synchronous, asynchronous, open schedule, hybrid distance learning) will best help you reach your goals. Before selecting a distance learning course, research the reviews – both from students and teachers. Take adequate precautions to ensure that your computer equipment and software is secure from hackers, viruses and other threats. CHECKLIST FACT SHEET 13 – SHOPPING ONLINE Do not make online purchases on unsecure Internet connections. Understand and agree to the key information provided about the product or service. Disable in-app purchases on your smartphone or tablet. Do not believe all user recommendations you see, creating “user” recommendations can also be a money-making business. Fact sheet 11 Finding quality information on the Web he original idea behind the creation of the Internet1 was to develop an electronic library for the Teasy access and distribution of information2.
    [Show full text]
  • Newsreaders.Com: Getting Started: Netiquette
    Usenet Netiquette NewsReaders.com: Getting Started: Netiquette I hope you will try Giganews or UsenetServer for your news subscription -- especially as a holiday present for your friends, family, or yourself! Getting Started (Netiquette) Consult various Netiquette links The Seven Don'ts of Usenet Google Groups Posting Style Guide Introduction to Usenet and Netiquette from NewsWatcher manual Quoting Style by Richard Kettlewell Other languages: o Voila! Francois. o Usenet News German o Netiquette auf Deutsch! Some notes from me: Read a newsgroup for a while before posting o By reading the group without posting (known as "lurking") for a while, or by reading the group archives on Google, you get a sense of the scope and tone of the group. Consult the FAQ before posting. o See Newsgroups page to find the FAQ for a particular group o FAQ stands for Frequently Asked Questions o a FAQ has not only the questions, but the answers! o Thus by reading the FAQ you don't post questions that have been asked (and answered) ad infinitum See the configuring software section regarding test posts (only post tests to groups with name ending in ".test") and not posting a duplicate post in the mistaken belief that your initial post did not go through. Don't do "drive through" posts. o Frequently someone who has an urgent question will post to a group he/she does not usually read, and then add something like "Please reply to me directly since I don't normally read this group." o Newsgroups are meant to be a shared experience.
    [Show full text]
  • How Ro Download a File on Giganews How to Download Using Usenet
    how ro download a file on giganews How to Download Using Usenet. wikiHow is a “wiki,” similar to Wikipedia, which means that many of our articles are co-written by multiple authors. To create this article, 16 people, some anonymous, worked to edit and improve it over time. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 149,534 times. Just as we once debated between Blockbuster and Hollywood Video, we have many choices when it comes to downloading. One of the oldest and best downloading sites is Usenet. Usenet downloads from a single server, making it among the safest and fastest ways to download. It’s slightly more complicated than other options, and it does have a small price tag, but it’s worth it: Usenet has a wealth of media, it’s secure, and thanks to Usenet’s strict policies, the risk of piracy is low. The following article will guide you through the process downloading with Usenet and get you on your way to enjoying the vast Usenet community. So Your Download Is Incomplete? Alas, this is something every Usenet user goes through sometime in his career. You’ve found the file you were searching for, started downloading, and were already imagining watching the movie, listening to the piece of music or otherwise using it, and there it is, the whole, ugly truth: Your download is damaged beyond repair, no chance to do anything about it. Or is there? First, let us briefly explain what exactly happened here.
    [Show full text]
  • Between the Lines: Newsgroups As an Information Source for Social Historians
    In: Zimmermann, Harald H.; Schramm, Volker (Hg.): Knowledge Management und Kommunikationssysteme, Workflow Management, Multimedia, Knowledge Transfer. Proceedings des 6. Internationalen Symposiums für Informationswissenschaft (ISI 1998), Prag, 3. – 7. November 1998. Konstanz: UVK Verlagsgesellschaft mbH, 1998. S. 123 – 136 Between the lines: Newsgroups as an information source for social historians Sylva Simsova Mrs Sylva Simsova DATA HELP, 18 Muswell Avenue, London N10 2EG tel/fax 0181 883 6351, [email protected] Contents 1 Introduction 2 Use of written material as a source of data 3 Mass-Observation methods 4 Oral history methods 5 Analysis of texts by the content analysis method 6 Analysis of texts by the qualitative research method 7 Methods chosen for this research 8 The sample 9 The classification of articles 10 UK material 11 Contributors 12 Contributions 13 Content analysis 14 Conclusion Summary The aim of this pilot study was to show the potential usefulness of Usenet discussions to future social historians and to explore possible methods for analysing the data. A survey of 42 Usenet newsgroups was made in November 1996 to explore the patterns of information formed by the contributors. The 5541 articles written by 2130 persons were analysed to identify UK participants and topics related to the UK; to measure the frequency of contributions and relate it to their authors' interests; to draw a comparison between moderated and non- moderated groups; and to indicate the most commonly discussed topics, using keywords taken from headers. A content analysis was used to check adherence to a point of netiquette and to find out to what extent two selected themes (the forthcoming election and violence in society) occupied the minds of contributors.
    [Show full text]
  • Netizens: an Anthology
    Netizens: An Anthology Table of Contents Foreword: By Tom Truscott Preface: What is a Netizen? Introduction: Participatory Networks Part I - The Present: What Has Been Created and How? Chapter 1 - The Net and the Netizens: The Impact the Net has on People’s Lives Chapter 2 - The Evolution of Usenet: The Poor Man’s ARPANET Chapter 3 - The Social Forces Behind the Development of Usenet Chapter 4 - The World of Usenet Part II - The Past: Where Has It All Come From? Chapter 5 - The Vision of Interactive Computing and the Future Chapter 6 - Cybernetics, Time-sharing, Human-Computer Symbiosis and On-line Communities: Creating a Super-community of On-line Communities Chapter 7 - Behind the Net: Computer Science and the Untold Story of the ARPANET Chapter 8 - The Birth and Development of the ARPANET Chapter 9 - On the Early History and Impact of UNIX: Tools to Build the Tools for a New Millennium Chapter 10 - On the Early Days of Usenet: The Roots of the Cooperative Online Culture Part III - And the Future? Chapter 11 - The NTIA Conference on the Future of the Net Creating a Prototype for a Democratic Decision Making Process Chapter 12 - “Imminent Death of the Net Predicted!” Chapter 13 - The Effect of the Net on the Professional News Media: The Usenet News Collective and Man-Computer News Symbiosis Chapter 14 - The Net and the Future of Politics: The Ascendancy of the Commons Chapter 15 - Exploring New York City’s On-Line Community: A Snapshot of NYC.General Part IV - Contributions Toward Developing a Theoretical Framework Chapter 16 - The Expanding Commonwealth of Learning: Printing and the Net Chapter 17 - ‘Arte’: An Economic Perspective Chapter 18 - The Computer as Democratizer Bibliography Glossary of Acronyms Appendix Proposed draft Declaration of the Rights of Netizens Foreword Netizens: On the Impact and History of Usenet and the Internet is an ambitious look at the social aspects of computer networking.
    [Show full text]
  • Los Newsgroups Políticos
    Hablar de política en La Red: los newsgroups políticos * Sara Bentivegna Facultad de Sociología Universitá di Roma La Sapienza Traducción de Eva Aladro (*) Corresponde al capitulo cuarto del libro de esta misma autora: LA POLíTICA IN RETE, Roma. Meltemi. 1999. Traducido con la autorización de la editorial y la propia autora. LA RED COMO OCASIÓN PARA CONVERSAR ntre las oportunidades que La Red ofrece se considera sin duda una de las más E importantes el establecimiento de una interacción entre sus usuarios, lo que per- mite el intercambio de opiniones, solicitud de informaciones, ofertas de sugerencias, toma de posturas y otros muchos servicios. En síntesis, la red permite la discusión de los más diversos argumentos en un contexto que reproduce algunas de las caracte- rísticas de la comunicación directa entre individuos aún cuando tenga lugar en un ámbito mediático. En particular, los newsgroups <grupos de discusión o de noticias) —que ponen en marcha una comunicación que sucede en modalidad asincrona1— pue- den situarse, dentro de un hipotético continuum que abarca desde la comunicación interpersonal cara a cara a la comunicación establecida a través de los media tradi- cionales, en una posición intermedia que conjuga la interactividad de la primera con la amplitud y simultaneidad de la segunda. Entre las personas que participan en un newsgroup se da de hecho la interactividad, pero al mismo tiempo tal interactividad desaparece para los sujetos que se limitan a asumir un papel de espectadores. Se trata, además, de una interactividad sui generis, de naturaleza diversa ala que pode- mos encontrar en la comunicación cara a cara: en este caso, el sujeto que interactúa exhibe directa y/o indirectamente señas de identidad, mientras que en el newsgroup el anonimato o incluso la operación de spoofing (alias humorístico), oculta al sujeto a los ojos de su interlocutor.
    [Show full text]
  • September 1994
    Contents Features DENNIS CHAMBERS Baltimore's most monstrous drummin' son just keeps on going. John McLaughlin, Steve Khan, the Brecker Brothers— jazz giants left and right are squeezing Dennis into their plans these days. Get the latest from the drummer many consider the greatest. • Robin Tolleson 20 JIM CHAPIN Asking your average drummer about Jim Chapin's Advanced Techniques For The Modern Drummer is like asking your aver- age Jesuit priest about The Bible. This month MD taps the mind of one of drum-dom's acknowledged sages. • Rick Mattingly 26 SIM CAIN Henry Rollins is a seriously fierce performer. His band obvious- ly has to kick equally serious butt. Drummer Sim Cain describes the controlled chaos he negotiates every day—and the surprisingly varied back- ground that feeds his style. • Matt Peiken 30 DRUM THRONES UP CLOSE Everyone knows the drummer is king, so it's no accident our stool is called "the drum throne." But the drummer's job also depends on comfort—and our seat needs to serve that "end" as well as possible. In this spe- cial report, MD covers today's stool scene from AtoZ. • Rick Van Horn 34 Volume 18, Number 9 Cover photo of Dennis Chambers by Michael Bloom Jim Chapin by Rick Malkin Columns EDUCATION NEWS EQUIPMENT 48 LATIN 8 UPDATE SYMPOSIUM Phillip Rhodes of Applying The Clave Gin Blossoms, BY CHUCK SILVERMAN Brother Cane's Scott Collier, Akira Jimbo, and Jeff Donavan of 56 Rock'N' the Paladins, plus News JAZZ CLINIC Doubling Up: Part 2 120 INDUSTRY BY ROD MORGENSTEIN HAPPENINGS 74 JAZZ DRUMMERS' DEPARTMENTS WORKSHOP
    [Show full text]
  • 2014-Ibm-Annual-Report.Pdf
    2014 IBM Annual Report 2014 IBM Annual Report A Letter from the Chairman 1 Dear IBM Investor: The cover of our report to you last year asked: “What will we make of this moment?” This was the critical and urgent decision that we — and our clients — faced. Would we seize upon the major shifts that are reordering our industry and opening up vast new applications of information technology? In my letter, I described our answer: • IBM would help transform industries and professions with data. • We would remake enterprise IT for the era of cloud. • We would reimagine work by helping clients build systems of engagement, underpinned by the imperative of security. At the same time, we would address significant challenges in some of our businesses, principally hardware. We knew we faced a critical year of transformation. It proved to be just that. The work of transforming IBM continues, and much remains to be done. But I am pleased to report that we made significant progress and built momentum in 2014. In this letter I will describe what we have done, and continue to do, to transform and differentiate your company and to position ourselves for leadership in the new era now taking shape. 2 VIRGINIA M. ROMETTY Chairman, President and Chief Executive Officer A Letter from the Chairman 3 Continuing to move to higher value Information technology is one of the most dynamic, fast- changing and fiercely competitive industries in the world, characterized by relentless cycles of innovation and commoditization. Our choice is clear: We pursue a model of high-value innovation, rather than commodity technology, products and services.
    [Show full text]
  • Forensic Examination of Digital Evidence: a Guide for Law Enforcement U.S
    U.S. Department of Justice Office of Justice Programs APR. 04 National Institute of Justice Special REPORT Forensic Examination of Digital Evidence: A Guide for Law Enforcement U.S. Department of Justice Office of Justice Programs 810 Seventh Street N.W. Washington, DC 20531 John Ashcroft Attorney General Deborah J. Daniels Assistant Attorney General Sarah V. Hart Director, National Institute of Justice This and other publications and products of the U.S. Department of Justice, Office of Justice Programs, National Institute of Justice can be found on the World Wide Web at the following site: Office of Justice Programs National Institute of Justice http://www.ojp.usdoj.gov/nij APR. 04 Forensic Examination of Digital Evidence: A Guide for Law Enforcement NCJ 199408 Sarah V. Hart Director This document is not intended to create, does not create, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal. Opinions or points of view expressed in this document represent a consensus of the authors and do not represent the official position or policies of the U.S. Department of Justice. The products, manufacturers, and organizations discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. This document was prepared under Interagency Agreement #1999–IJ–R–094 between the National Institute of Justice and the National Institute of Standards and Technology, Office of Law Enforcement Standards. The National Institute of Justice is a component of the Office of Justice Programs, which also includes the Bureau of Justice Assistance, the Bureau of Justice Statistics, the Office of Juvenile Justice and Delinquency Prevention, and the Office for Victims of Crime.
    [Show full text]