Preserving Electronic Evidence for Trial

The ability to preserve electronic evidence is critical to presenting a solid case for civil litigation, as well as in criminal and regulatory investigations. Preserving Electronic Evidence for Trial provides everyone connected with digital forensics investigation and litigation with a clear and practical hands-on guide to the best practices in preserving electronic evidence.Corporate management personnel (legal & IT) and outside counsel need reliable processes for the litigation hold – identifying, locating, and preserving electronic evidence. Preserving Electronic Evidence for Trial provides the road map, showing you how to organize the digital evidence team before the crisis, not in the middle of litigation. This practice handbook by an internationally known digital forensics expert and an experienced litigator focuses on what corporate and litigation counsel as well as IT managers and forensic consultants need to know to communicate effectively about electronic evidence.You will find tips on how all your team members can get up to speed on each other’s areas of specialization before a crisis arises. The result is a plan to effectively identify and pre-train the critical electronic-evidence team members. You will be ready to lead the team to success when a triggering event indicates that litigation is likely, by knowing what to ask in coordinating effectively with litigation counsel and forensic consultants throughout the litigation progress. Your team can also be ready for action in various business strategies, such as merger evaluation and non-litigation conflict resolution.

Dedication Author Biographies Introduction Chapter 1: Your Critical Task: Learn Another Language Abstract A Computer Forensics Expert Looks at Legalese The Civil Lawsuit—a Pretrial Tour, with Vocabulary The Real First Step—the Triggering Event ESI in the Rules, or How to Aggravate the Judge Keeping it in Proportion, Round 1: Training Keeping it in Proportion, Round 2: The Price of Compliance, or Not Chapter 2: Preserving, Not Corrupting—Hold It! Abstract How Far does Preservation Stretch? Information Versus Evidence A Historical Footnote In the Present, Spoliation Versus Integrity of Evidence Bad Acts: Examples from Reported Cases The Other Route—Destruction with Permission Curative Action and Sanctions Each Attorney’s Independent Preservation Duty The Key to the Hold Notice: Name the Key Players Asap Zubulake, Pension Committee, Rimkus and More The Rules—Contemplating Amendment, Again And, Back in the Courtroom—Sekisui American The Rules Amendment Process, Again—Looking Forward From Dec., 2015 Chapter 3: Incident Response While Avoiding Evidence Disaster: The Team Abstract The Team: Functional and Procedural Issues Who Needs to Act: Whoever Handles the Problem is on the Team Preparing the Team Chapter 4: Understanding Information Systems Abstract Introduction to the Digital Forensic World Computer Systems Stand-Alone Computers Networked Computers Servers Firewalls and Security Devices Chapter 5: In Addition to the System—Other Devices Abstract Mobile Devices BYOD—Bring Your Own Device Issues Without predicting Chapter 6: Collecting Data Abstract Understanding the Systems in the Organization: Information Governance Why System Structural Information is Necessary—the Data Map The People Who Should Know Identifying the Forensic Consultant and Internal Forensic Team Data Collection Strategies, Looking Forward Chapter 7: Teamwork Prep for Data Management Abstract Gathering Systems Operating Information for Digital Forensic Use Data Inventories Management: What Data and Why Data Destruction Policies and Hold Management: Who Decides and Who Acts How Long do We Hold this Data? Regulatory Requirements and Industry Norms on Data Destruction Personally Identifiable Information (PII) Restrictions Data, Ready for the Team Chapter 8: Data Policies and Procedures—Get the Details Abstract Understanding Specific Information for the ESI Preservation Process Small, Large, Fortune 500 and International—The Economics of Structure and Scale Delegation of Authority for Data Destruction Policies Communicating with the Rank-and-File Employees Business Operations (Policy versus Reality)—Who Knows What and Who Does What? Document the Day-to-Day Flow and Control of ESI Who Has What Kinds of Devices, and Who Knows Where They Are? Controlling Electronic Device Information—Three Issues Dealing With Data Security and Classification Data Security in Employee-Related Incidents Chapter 9: The Cloud and Other Complexities Abstract Cloud Computing Complex Environments It’s All Happening Right Now Chapter 10: Putting it All Together: When the First Alarm Sounds, Hold It! Abstract The Critical Moment to Begin Preservation A Great Question That Has Already Been Answered For You Identifying the Scope of the Preservation Hold by Communicating Within the Team After the Notice: Executing the Hold and Preserving ESI for Analysis Storing ESI Is Cheap—Stop Routine Storage/Destruction Procedures ASAP Communication Between Counsel–The Team and Effective Use of Rules 26 & 34 The “Other” Hold Notice—When You Intend to Sue Someone After the Hold, The Long View of ESI Analysis Chapter 11: The Rule 26 Meet-and-Confer—Your Best Chance to Control the ESI Exchange Abstract Newly Amended Rule 26 Means What It Says Another Brief Tour Through the Amended Rules Stay Focused on the E-Discovery Goals The Team’s Pre-Meeting Strategy Session The Meet-and-Confer: A Strategic Overview The Operative Word is “Confer” Preservation Orders—Be Quick, Be Precise The Final Product of a Good Meet-and-Confer Chapter 12: A Glance at International Issues— Never Assume! Abstract International Issues in ESI Preservation and E-Discovery—A Very Brief Look There Is Not Here—A Brief Consideration of Common Law and Civil Law Traditions Cross-Border Transactions in General—Some Structural Considerations Data-Related Cross-Border Issues: Personal Data Privacy Laws Are Serious A Separate Issue: Company Operations Across International Borders Multinational Corporations—Multiple Complexities International ESI Issues—A Few Status Notes ISO E-Discovery Standards Are Now in Development—Stay Tuned The Triggering Event—Your International Team Is Ready Sharing Team Leadership Cross-Border— A Great Idea Conclusion Resource Appendix Subject Index