tag:blogger.com,1999:blog-92052017662133491912024-03-08T03:47:57.795-08:00Computer Forensics InternationalCFI provides our clients a straight-forward cost effective approach to e-Discovery, electronic evidence retrieval, analysis, neutral expert and expert witness services in support of civil, criminal and internal human resources investigations.Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-9205201766213349191.post-89567824999798157552014-05-28T09:20:00.001-07:002014-05-28T09:20:26.218-07:00Digital Evidence Has Become the New DNA in Criminal Cases, Says Expert<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
In 1911, it was fingerprints. In 1990, it was DNA. "In 2014, its digital evidence that's now playing a lead role at determining the fate of criminal defendants," says<span class="Apple-converted-space"> </span><span class="xn-person" itemscope="" itemtype="http://schema.org/Person" style="font-family: Helvetica, Arial, sans-serif;"><span itemprop="name" style="font-family: Helvetica, Arial, sans-serif;">Mark J. McLaughlin</span></span><span class="Apple-converted-space"> </span>of Computer Forensics International.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
The ability to place someone at the scene of a crime is typically done by eyewitnesses, or through something unique they leave behind like fingerprints or DNA. And when a solid chain of custody is made, it rarely can be refuted. But while digital evidence from personal computers or mobile devices can place a defendant at the scene, it can also show they were actually miles away or didn't commit the crime.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
Three months ago there was a home invasion robbery and kidnapping in<span class="Apple-converted-space"> </span><span class="xn-location" itemprop="contentLocation" itemscope="" itemtype="http://schema.org/Place" style="font-family: Helvetica, Arial, sans-serif;"><span itemprop="geo" itemscope="" itemtype="http://schema.org/address" style="font-family: Helvetica, Arial, sans-serif;"><span itemprop="addressLocality" style="font-family: Helvetica, Arial, sans-serif;">Los Angeles</span></span></span>. One of the victims made a positive identification on the young defendant. The kid was arrested and faced a list of serious charges that, if convicted, would have placed him behind bars for over 25 years. But he always proclaimed his innocence and said he was at school during the robbery.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
However, school attendance records were inconclusive. His family offered up a printed picture of their son standing next to a friend on campus, and printouts of text messages as proof he was at school. The Court said that's not good enough.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
"We live in a Photoshopped world where any original image can be easily made to look like something it's not. It was clear the original digital photograph needed to be recovered and examined to establish a solid chain of custody," says McLaughlin.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
A Los Angeles Superior Court Judge appointed McLaughlin to authenticate that photograph and the purported text messages. He examined 4 iPhones and recovered not one, but a series of 8 photographs taken in rapid succession. The photograph's hidden metadata showed the creation time of the photographs and text messages were the same time as the robbery 5 miles away. The case was dismissed.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
What type of digital evidence can be involved in a case? It always should begin at the source and could involve; a mobile phone, personal computer, USB thumb drive or email account. And then the target data recovered could be in the form of; specific date and time stamps from relevant computer files, surveillance video, hidden metadata, Wi-Fi connections, GPS coordinates, unique IP addresses, or recoverable text from a deleted document or email.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
However, it's up to the defense attorney to recognize the possible involvement of digital evidence and bring in a forensic expert. Unfortunately, that always doesn't happen because many attorneys are not trained on what questions to ask or what to look for. McLaughlin added, "the attorneys that do, are giving their client's the best chance for a successful resolution of their case."</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
Last June, McLaughlin helped defend another robbery case where the defendant claimed he was 40 miles away at home, and working remotely on his laptop connected to a college computer system. Records were obtained from the defendant's college login account that showed multiple accesses during the robberies. Then an examination of the laptop recovered his unique college login with matching dates and times. And lastly, the unique IP address from his parent's home Internet Service Provider that matched the college records. The case was dismissed.</div>
<div itemprop="articleBody" style="-ms-word-wrap: break-word; -webkit-text-stroke-width: 0px; background-color: white; color: #464646; font-size-adjust: none; font-stretch: normal; font: 12px/1.33em Helvetica, Arial, sans-serif; letter-spacing: normal; margin: 0px; padding: 0px 0px 10px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
Over the last 18 years, McLaughlin has handled over 500 criminal, civil and internal investigations and examined over 2,000 digital items. He testifies in court as an expert and even trains attorneys on how to enhance their cases through digital evidence. McLaughlin says, "you can rest assured if there's evidence of a defendant's innocence in digital form, we'll find it."</div>
Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com1tag:blogger.com,1999:blog-9205201766213349191.post-50968434927161158392014-01-29T12:38:00.001-08:002014-01-29T12:38:18.530-08:00Attorney-client privilege: a checklist for digital communications<a href="http://www.lexisnexis.com/communities/corporatecounselnewsletter/b/newsletter/archive/2014/01/06/attorney-client-privilege-a-checklist-for-digital-communications.aspx">http://www.lexisnexis.com/communities/corporatecounselnewsletter/b/newsletter/archive/2014/01/06/attorney-client-privilege-a-checklist-for-digital-communications.aspx</a>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-62077913578372979462014-01-28T13:09:00.001-08:002014-01-28T13:09:29.609-08:00Changing Federal Rules to Reduce Discovery Costs<a href="http://www.corpcounsel.com/id=1202640349441?kw=Changing%20Federal%20Rules%20to%20Reduce%20Discovery%20Costs&et=editorial&bu=Corporate%20Counsel&cn=20140128&src=EMC-Email&pt=Afternoon%20Update">http://www.corpcounsel.com/id=1202640349441?kw=Changing%20Federal%20Rules%20to%20Reduce%20Discovery%20Costs&et=editorial&bu=Corporate%20Counsel&cn=20140128&src=EMC-Email&pt=Afternoon%20Update</a>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-87492328245045599492014-01-14T22:22:00.000-08:002014-01-14T22:22:11.329-08:00
<br /><br />
<div align="center" style="line-height: 200%; margin: 0in 0in 10pt; text-align: center;">
<b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Digital Evidence Became
Smoking Gun In A-Rod Investigation</span></u></b></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Los
Angeles, California<span style="mso-spacerun: yes;"> </span>(January 14, 2013 )
- Coded text messages and documents detailing an elaborate doping scheme were
reportedly recovered that ultimately became the crucial evidence needed by
Major League Baseball in the case against the Yankees Alex Rodriguez. </span></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">“Merely
testifying that a paper document is authentic just isn’t enough anymore”, says Digital
Forensic Examiner Mark McLaughlin of Computer Forensics International. “That’s
why we’re brought into all types of cases where digital evidence may be found”,
he added.</span></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Today,
nearly all the world’s information was initially created from a digital device.
Plus it’s widely understood that by using Word or Photoshop, you can easily
make anything look authentic. So unless you’ve verified the source, the
authenticity of printouts as evidence are always questionable. That’s why Digital
Forensic Examiners establish a verifiable chain of custody to prove what you’re
looking at, is an exact representation of the original. </span></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Examiners
like McLaughlin, routinely use cutting edge software tools like EnCase and
Lantern when analyzing computers and cellphones on civil and criminal cases.
They start by making an exact forensic copy of the entire device – which
includes active and deleted data. </span></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Then
just the copy is searched, either visually or by using keywords for relevant hits.
And those searches can produce tens of thousands of hits that all must be manually
reviewed. “That may seem daunting, but considering the alternative, it’s a walk
in the park”, adds McLaughlin.</span></div>
<div style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">Over
the last 17 years, McLaughlin has handled over 500 cases and examined over
2,000 digital items. He testifies in court as an expert and even trains
attorneys on how to enhance their cases through digital evidence. McLaughlin
says, “I really enjoy the sleuthing part of what we do. Because when we find
that smokin’ gun, it’s pretty much game over”. </span></div>
<br /><br />
<div align="center" style="line-height: 200%; margin: 0in 0in 10pt; text-align: center;">
<span style="font-family: "Times New Roman","serif"; font-size: 11.5pt; line-height: 200%;">#
# #</span></div>
<br />Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-35577286403851585122011-12-19T23:50:00.000-08:002011-12-19T23:50:52.030-08:00Agent: Soldier's laptop had sensitive files<strong><span style="font-size: large;">Agent: Soldier's laptop had sensitive files</span></strong><div class="info"><div class="byline_timestamp"><h3><span id="byLineTag">By Joe Gould, Army Times</span></h3><div id="updated">FORT MEADE, Md. -- Computer forensics investigators testified Monday that the computer of a soldier accused of sharing military secrets contained thousands of sensitive files and logs of conversations between himself and a former hacker who turned him in.</div></div></div><div><div class="inset"><div class="photo-block"><more> </more></div></div><div class="inside-copy">Investigators said they found evidence Army Pfc. <a href="http://content.usatoday.com/topics/topic/Bradley+Manning" title="More news, photos about Bradley Manning"><span style="color: #00529b;">Bradley Manning</span></a> downloaded thousands diplomatic cables, Guantanamo assessment documents, video from a controversial 2007 airstrike in Baghdad and military records of a 2009 <a href="http://content.usatoday.com/topics/topic/U.S" title="More news, photos about U.S."><span style="color: #00529b;">U.S.</span></a> airstrike in Gerani, Afghanistan, in which dozens of civilians were found dead.</div><div class="inside-copy"><br />
</div><div class="inside-copy">As the evidentiary hearing for Manning entered its fourth day, the government had called 13 witnesses and was expected to ask eight more to testify before the defense presents its case. Expected to last several more days, the hearing will help determine whether Manning should be court-martialed on 22 charges, including aiding the enemy. If convicted at court-martial, Manning could face life in prison.</div><div class="inside-copy">Manning, 24, of Crescent, Okla., is accused of giving the secrets-sharing website WikiLeaks a trove of government material while working as an intelligence analyst in Iraq in 2009 and 2010, including Iraq and Afghanistan war logs, and <a href="http://content.usatoday.com/topics/topic/Organizations/Government+Bodies/US+State+Department" title="More news, photos about State Department"><span style="color: #00529b;">State Department</span></a> cables.</div><div class="inside-copy"><br />
</div><div class="inside-copy">On the stand Monday, digital-crimes investigator David Shaver said he recovered more than 100,000 State Department cables and other sensitive information on a secure computer that Manning used.</div><div class="inside-copy">The cables were contained in a deleted .csv file, ordered by a message record number that indicated the embassy where they originated.</div><div class="inside-copy"><br />
</div><div class="inside-copy">"It seemed like someone wanted to make sure they got all of them," said Shaver, who is special agent with the Computer Crime Investigative Unit of Army Criminal Investigation Command.</div><div class="inside-copy">In open session, prosecutors and defense attorneys sparred over the potentially damaging evidence. Under cross examination, Shaver said to defense attorney Capt. Paul Bouchard that some of the cables did match those published by WikiLeaks. The damaged file could only be opened with special tools, which could explain why those documents weren't published.</div><div class="inside-copy"><br />
</div><div class="inside-copy">Based on an examination of Manning's computer, Shaver said he recreated Manning's searches, which led to downloads of detainee assessments that have been published by WikiLeaks.</div><div class="inside-copy">On Manning's personal laptop, a <a href="http://content.usatoday.com/topics/topic/MacBook+Pro" title="More news, photos about MacBook Pro"><span style="color: #00529b;">MacBook Pro</span></a>, CCIU investigator <a href="http://content.usatoday.com/topics/topic/People/Athletes/MLB/Mark+Johnson" title="More news, photos about Mark Johnson"><span style="color: #00529b;">Mark Johnson</span></a> said he found chat logs between Manning and hacker Adrian Lamo.</div><div class="inside-copy"><br />
</div><div class="inside-copy">On Sunday, Shaver said in court that "it stood out" that on one of Manning's laptops, Firefox's homepage was set to Intelink, considered the main search engine for the U.S. intelligence community's secure networks, and that it was set not to record its browsing history.</div><div class="inside-copy"><br />
</div><div class="inside-copy">From the time Manning arrived in Iraq in October 2009 to May 2010 when he was arrested, Manning had conducted many intelligence searches using key words including "WikiLeaks," "Julian Assange" (WikiLeaks' founder), "Iceland" and "retention of interrogation videos," Shaver said. The last term corresponds with a solicitation from WikiLeaks.</div><div class="inside-copy"><br />
</div><div class="inside-copy">Investigators concluded that hundreds of documents, image and video files that had been downloaded through Manning's computer profile that were connected to a controversial U.S. airstrike in May 2009 at Gerani village. Shaver said files included documents about burn victims and aerial reconnaissance video.</div><div class="inside-copy"><br />
</div><div class="inside-copy">Shaver said he found two versions of a 2007 video, called "Collateral Murder" by WikiLeaks: The "released version from WikiLeaks and another version that seemed to the source for it." WikiLeaks used the gunsight video from Apache helicopters involved in a series of air-to-ground attacks in 2007 in which 11 people died, including two employees of the Reuters news service.</div><div class="inside-copy"><br />
</div><div class="inside-copy">Defense attorneys have focused on supervisors' failure to pull Manning's security clearance in spite of his erratic and sometimes violent behavior, as well as broader security lapses in the facility on Forward Operating Base Hammer where Manning worked. Fifteen people, including the noncommissioned officer in charge of the facility, have been disciplined in the case.</div><br />
<i>Contributing: The Associated Press</i><br />
<br />
<a href="http://www.usatoday.com/news/military/story/2011-12-19/manning-wikileaks-hearing/52074010/1?csp=34news">http://www.usatoday.com/news/military/story/2011-12-19/manning-wikileaks-hearing/52074010/1?csp=34news</a></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-23037907004280595982011-12-07T22:14:00.000-08:002011-12-07T22:14:29.452-08:00Making It! Featured Entrepreneur Mark McLaughlin of Computer Forensics International<div class="separator" style="clear: both; text-align: center;"><object width="320" height="266" class="BLOGGER-youtube-video" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" data-thumbnail-src="http://i.ytimg.com/vi/gd_wLSWIjwc/0.jpg"><param name="movie" value="http://www.youtube.com/v/gd_wLSWIjwc?version=3&f=user_uploads&c=google-webdrive-0&app=youtube_gdata" /><param name="bgcolor" value="#FFFFFF" /><embed width="320" height="266" src="http://www.youtube.com/v/gd_wLSWIjwc?version=3&f=user_uploads&c=google-webdrive-0&app=youtube_gdata" type="application/x-shockwave-flash"></embed></object></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-38483919461281027142011-11-01T12:02:00.000-07:002011-11-01T12:02:51.611-07:00Documents Show 'A Culture' of Illegal Phone-Hacking At The News of The WorldReprint from The Hollywood Reporter - <span style="color: #959595; font-size: xx-small;"><span style="color: black; font-size: small;">10:13 AM PDT 11/1/2011 by Mimi Turner</span> </span><br />
<br />
<div class="main_article_image_placeholder" style="width: 349px;"><div class="main_article_image"><a href="http://www.hollywoodreporter.com/news/james-murdoch-phone-hacking-scandal-news-corp-255869?utm_source=SilverpopMailing&utm_medium=email&utm_campaign==?utf-8?B?TWFpbGluZyBEb2N1bWVudHMgU2hvdyAnQSBDdWx0dXJlJyBvZiBJbGxlZ2FsIFBob25lLUhhY2tpbmcgQXQgVGhlIE5ld3Mgb2YgVGhlIFdvcmxkKDExLzAxLzIwMTEgMDE6Mjg6MjAgUE0p?=&utm_content">http://www.hollywoodreporter.com/news/james-murdoch-phone-hacking-scandal-news-corp-255869?utm_source=SilverpopMailing&utm_medium=email&utm_campaign==?utf-8?B?TWFpbGluZyBEb2N1bWVudHMgU2hvdyAnQSBDdWx0dXJlJyBvZiBJbGxlZ2FsIFBob25lLUhhY2tpbmcgQXQgVGhlIE5ld3Mgb2YgVGhlIFdvcmxkKDExLzAxLzIwMTEgMDE6Mjg6MjAgUE0p?=&utm_content</a>=</div><div class="main_article_image"> </div><div class="main_article_image"> </div><div class="main_article_image"><img alt="James Murdoch" id="mytest" src="http://www.hollywoodreporter.com/sites/default/files/2011/10/118966094_a_p.jpg" width="349" /></div><div class="main_media_credit">Bloomberg/Getty Images</div></div><h2 class="main_article_deck"> </h2><h2 class="main_article_deck">A 2008 legal opinion from Michael Silverleaf QC will put further pressure on James Murdoch to explain whether he was part of a cover-up.</h2><div class="article_body">LONDON - Pressure is mounting on <strong>James Murdoch </strong>to explain his knowledge of phone-hacking allegations after the Parliamentary Culture Media and Sport Committee Tuesday published a cache of devastating documents showing that phone-hacking was known about by senior executives at News International as early as 2008, almost three years before the publisher admitted that the problem was systemic.</div><br />
A legal opinion dated June 2008 prepared for News International lawyer by Queen's Counsel <strong>Michael Silverleaf, </strong>said that there was "overwhelming evidence" that senior journalists were involved in what amounted to "a culture" of illegal phone-hacking at the newspaper.<br />
<br />
The lawyer also said that <em>News of The World </em>investigator <strong>Glenn Mulcaire </strong>appeared to have been hired purely "to engage in illegal gathering."<br />
<br />
Silverleaf was hired as an external senior barrister in 2008 to advise News International on the legal case being brought against it by <strong>Gordon Taylor</strong>, head of the Professional Footballers' Association.<br />
<br />
James Murdoch later approved a payment of almost $3 million to keep the case out of court.<br />
The damning legal opinion tells News International's legal team that the chance of winning the case is "slim to non-existent" because of the amount of "truly damaging" information that Taylor's legal team had obtained after getting a court order to access the documents in a previous legal case against Glenn Mulcaire, who was jailed for four months in relation to hacking the phones of members of the Royal family.<br />
<br />
"In addition there is substantial surrounding material about the extent of NGN journalists' attempts to obtain access to information illegally in relation to other individuals." The Silverleaf legal Opinion went on.<br />
<br />
"In the light of these facts there is a powerful case that there is (or was) a culture of illegal information access used at News Group Newspaper in order to produce stories for publication.<br />
The Silverleaf memo was sent to <strong>Tom Crone</strong>, the <em>News of The World's </em>internal lawyer.<br />
<br />
"Not only does this mean that NGN is virtually certain to be held liable to Mr Taylor, to have this paraded at a public trial would, I imagine, be extremely damaging to NGN's public reputation. If the trial proceeds there would seem to be little doubt that Mr Taylor's case will be advanced on the basis that Mr Mulcaire was specifically employed by NGN to engage in illegal gathering."<br />
These new documents could prove immensely damaging to James Murdoch's claim that he had not been aware of the suggestion that phone-hacking had gone beyond one reporter when he authorised the near $3 million payment.<br />
<br />
Murdoch will face tough questions on what he knew about the payment when he is recalled on November 10, given the extent to which the information about illegal behaviour was known internally.<br />
But it is still unclear the extent to which James Murdoch, then chief executive of News International was fully informed.<br />
<br />
In a handwritten memo of a conversation between former News of The World editor <strong>Colin Myler </strong>and an advisor to Silverleaf, <strong>Julian Pike </strong>of Farrar's Solicitors, about five reporters under investigation, Pike appears to quote Myler in a handwritten scrawl: "Les no longer here - James wld say get rid of them - cut out cancer."<br />
<br />
The most likely interpretation of the - note could be that Myler had told Pike that James Murdoch would not have entertained keeping the reporters on, however senior.<br />
<br />
James Murdoch is due to give evidence again to the House of Commons Parliamentary Committee on November 10Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-13174013813008094292011-10-06T12:01:00.000-07:002011-10-06T12:01:29.672-07:00Interview by the Making-It TV series<a href="http://www.facebook.com/video/video.php?v=1190547372953">http://www.facebook.com/video/video.php?v=1190547372953</a>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-76338442288190422412011-10-05T18:18:00.000-07:002011-10-05T18:18:35.732-07:00Jackson Death Trial Showcases iPhone Forensic Capabilities<div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 200%;">Los Angeles, California<span style="mso-spacerun: yes;"> </span>(<u>October 5, 2011</u>) - “iPhone users would be stunned to learn the amount of recoverable data we can get”, says Mark McLaughlin of Los Angeles based Computer Forensics International. “When you hit delete it doesn’t necessarily mean that message, text or picture is gone forever. You’re just telling the iPhone, don’t show it to me anymore and it flags that deleted data so it can be overwritten. So depending on the activity after the deletion, we may be able to bring it back like it was never deleted.”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 200%;">DEA Computer Forensics Examiner Stephen Marx testified today in the Michael Jackson Death Trial that he found emails the defendant Dr. Conrad Murray had sent hours before Michael Jackson died on June 25, 2009. Not only did Marx recover critical timeline emails, he also discovered digital medical charts thought to be non-existent. But the key piece of evidence was a damaging audio recording of an impaired Michael Jackson reportedly made by Murray. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 10pt; text-indent: 0.5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 200%;">Computer forensic examiners like McLaughlin, routinely use very sophisticated software tools, such as EnCase, on civil and criminal cases. They start by first making a copy of the iPhone’s entire memory – which includes active and deleted data. This exact copy doesn’t disturb the original data which makes the examination forensically sound and admissible in court. Then the copy can be searched either visually or by using keywords. The recovered data is ultimately put into known iPhone categories and displayed. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt; text-indent: 0.5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 200%;">McLaughlin says, “our SmartPhone forensic capabilities have improved exponentially. But it stands to reason because they’re just pocket computers, and we’ve been searching them successfully for nearly 20 years now. So I guess people need to realize that if it’s there, we’re usually going to find it”.<o:p></o:p></span></div><br />
<div align="center" class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt; text-align: center;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 200%;"># # #</span></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-48863491398188562002011-09-25T22:36:00.000-07:002011-09-25T22:36:47.027-07:00False Social Security Number Sinks California Worker’s Failure-to-Hire Case<h2><span style="font-size: small;">Reprinted from Jackson Lewis - Workplace Resource Center</span></h2><a href="http://www.jacksonlewis.com/resources.php?NewsID=3900">http://www.jacksonlewis.com/resources.php?NewsID=3900</a><br />
<h2><span style="font-size: small;">by </span><a href="http://www.jacksonlewis.com/people.php?PeopleID=178" title="Mark S. Askanas"><span style="font-size: small;">Mark S. Askanas</span></a></h2><table class="artDetails"><tbody>
<tr><td class="col1">Date:</td><td>9.22.2011</td></tr>
</tbody></table><br />
An employee who uses false documentation to secure employment with an employer has no recourse for an allegedly wrongful failure to hire, the California Court of Appeal has ruled. <em>Salas v. Sierra Chemical Co</em>., No. C064627 (Cal. Ct. App. Aug. 9, 2011). In addition, the “after-acquired-evidence” doctrine (where, after an allegedly discriminatory termination or refusal to hire, the employer discovers employee or applicant wrongdoing that would have resulted in the challenged termination or refusal to hire regardless of any discrimination) provides a complete defense to the employee’s claims the employer discriminated against him due to an on-the-job injury, refused to accommodate his disability, and denied him employment as punishment for filing a claim for workers’ compensation benefits. His claims also will be barred by the doctrine of unclean hands if his misrepresentation jeopardizes the employer.<br />
<h4> </h4><h4>Alleged Discrimination and Refusal to Hire</h4>Sierra Chemical hired Vicente Salas as a seasonal production line worker. Salas claimed that the company refused to rehire him following a seasonal layoff as retaliation for his previous workers’ compensation claim for an on-the-job back injury. He also claimed that the company violated the California Fair Employment and Housing Act (FEHA) by discriminating against him because of the injury. Salas alleged that rather than provide a reasonable accommodation for his disability or engage in an interactive process to determine whether an accommodation could be reached, the company refused to allow him to return to work.<br />
<br />
The company countered that the after-acquired-evidence doctrine provided a complete defense to these claims because: (1) Salas used a Social Security number that belonged to another person in order to secure his employment with the company; and (2) the company would not have hired him had it known of this misrepresentation. The trial court granted the company’s motion for summary judgment.<br />
<h4> </h4><h4>Submission of False Documents</h4>The Court of Appeal affirmed, ruling that the company produced evidence that the Social Security number Salas used to obtain employment belonged to another person. Salas misrepresented a job qualification imposed by the federal government, i.e., possessing a valid Social Security number that does not belong to someone else. As a result, he was not lawfully qualified for the job. This violated the company’s “long-standing policy” that “precluded the hiring of any applicant who submitted false information or false documents in an effort to prove his or her eligibility to work in the United States.”<br />
Moreover, Salas placed the company in the position of submitting a false I-9 form and filing inaccurate returns with the Internal Revenue Service and the Social Security Administration. These facts entitled the company to judgment as a matter of law based on the after-acquired-evidence doctrine.<br />
<br />
Additionally, because Salas’s misrepresentation exposed the company to penalties for submitting false statements to several federal agencies and Salas was disqualified from employment based on governmental requirements, his claims are barred under the doctrine of unclean hands. This doctrine applies when it would be inequitable to provide a plaintiff — who is guilty of unconscionable, bad faith, or inequitable conduct — any relief and is a complete defense to both legal and equitable causes of action.<br />
<br />
Salas also claimed that California Senate Bill No. 1818 precluded application of the after-acquired-evidence and unclean hands doctrines in this case. SB 1818 provides, in relevant part:<br />
<br />
<div style="padding-left: 30px;">… (a) All protections, rights, and remedies available under state law, except any reinstatement remedy prohibited by federal law, are available to all individuals regardless of immigration status who have applied for employment, or who are or who have been employed, in this state.</div><div style="padding-left: 30px;"><br />
</div><div style="padding-left: 30px;">… (b) For purposes of enforcing state labor, employment, civil rights and employee housing laws, a person’s immigration status is irrelevant to the issue of liability, and in proceedings or discovery undertaken to enforce those state laws no inquiry shall be permitted into a person’s immigration status except where the person seeking to make this inquiry has shown by clear and convincing evidence that the inquiry is necessary in order to comply with federal immigration law.</div><div style="padding-left: 30px;"><br />
</div>The Court rejected this argument, saying that “while SB 1818 provides that undocumented workers are entitled to ‘[a]ll protections, rights, and remedies <em>available under state law</em>,’ the enactment does not purport to enlarge the rights of these workers, instead declaring that its provisions are ‘<em>declaratory of existing law</em>.’” Thus, the bill did not eliminate existing employment law defenses.Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-12367505489897051432011-09-23T14:05:00.000-07:002011-09-23T14:05:48.088-07:00Ex-employee accused in suit of hijacking firm's email, website<h1 class="story-title"><span style="font-size: small;">Yes it's obvious, but how many businesses routinely change passwords when employees are terminated. I'm my experience not all. </span></h1><h1 class="story-title"><span style="font-size: small;">***************************************</span></h1><h1 class="story-title"><a href="http://www.buffalonews.com/city/article566972.ece"><span style="font-size: x-small;">http://www.buffalonews.com/city/article566972.ece</span></a></h1><h1 class="story-title">Ex-employee accused in suit of hijacking firm's email, website</h1><div class="x140x460 eight-col"><!-- item.type --><div class="two-col column-1"><!-- areastring --><div class="byline author vcard">By <strong>Patrick Lakamp</strong></div><div class="author-title dotted-border-bottom push-bottom">NEWS STAFF REPORTER - buffalonews.com</div><div class="published_date published dotted-border-bottom push-bottom push-top">Published:<span>September 22, 2011, 10:07 PM</span></div><div class="published_date published dotted-border-bottom push-bottom push-top"> <script src="http://www.buffalonews.com/resources/js/fancybox/jquery.fancybox-1.3.4.pack.js" type="text/javascript">
</script> <script src="http://www.buffalonews.com/resources/js/fancybox/jquery.easing-1.4.pack.js" type="text/javascript">
</script> <script src="http://www.buffalonews.com/resources/js/fancybox/jquery.mousewheel-3.0.4.pack.js" type="text/javascript">
</script> <script type="text/javascript">
$("a#more-images-link").click( function() {
$("div.more-images-lower").slideToggle();
$(this).hide();
});
</script> <script type="text/javascript">
$("a#newName").click( function() {
$("div.newNameLower").slideToggle();
$(this).hide();
});
</script> <script type="text/javascript">
jQuery(function() {
$("a.grouped_elements").fancybox({
'titlePosition' : 'inside'
});
});
</script><span>Updated:</span> September 23, 2011, 7:43 AM</div></div><div class="six-col column-2"><div class="body storyContent" style="font-size: 100%;"> <script type="text/javascript">
//<![CDATA[
yld_mgr.place_ad_here("skyscraper_plus1");
//]]>
</script> <!-- SpaceID=2022775853 loc=AP35 noad --><img alt="" height="0" src="http://us.bc.yahoo.com/b?P=807a65f2-e625-11e0-a840-df4435775d1a&T=19civt9pc%2fX%3d1316810956%2fE%3d2022775853%2fR%3dncnwsloc%2fK%3d5%2fV%3d8.1%2fW%3d0%2fY%3dPARTNER_US%2fF%3d2823054558%2fH%3dYWx0c3BpZD0iOTY3MjgzMTU0IiBzZXJ2ZUlkPSI4MDdhNjVmMi1lNjI1LTExZTAtYTg0MC1kZjQ0MzU3NzVkMWEiIHNpdGVJZD0iMTM0NDU1MSIgdFN0bXA9IjEzMTY4MTA5NTY0NzkyOTMiIHRhcmdldD0iX3RvcCIg%2fQ%3d-1%2fS%3d1%2fJ%3dF10D8862&U=1284cdisj%2fN%3dq1nFBES0q5Y-%2fC%3d-1%2fD%3dAP35%2fB%3d-1%2fV%3d5" style="display: none;" width="0" /> <script>
// no ads
</script> <!-- fac-gd2-noad --><!-- gd2-status-2 --><!--cSctn has invalid value--><!--rTg has invalid value--><!--rTg has invalid value--><!----><!--QYZ ,;160x601;ipbtf;;2;--><br />
Brett Rawdin's bosses said they fired him two weeks ago, taking away his $125,000 salary, his expense account and his car allowance -- everything but his access to the company website and email system.<br />
<br />
They discovered that oversight, they said, a day after mailing his termination letter. That's when his former employer, TSC Construcsuittion Co., said it received an email confirming a change to the company password from GoDaddy.com, with whom it contracts for both website and email services.<br />
Rawdin, who lives in Clarence, changed the password after he was fired without telling anyone, giving himself sole access to and control of the company's email system and website, according to a lawsuit the company filed this week in State Supreme Court.<br />
<br />
The lawsuit also accuses Rawdin of falsely submitting claims for reimbursement of alleged business-related expenses totaling more than $100,000 and making deals without getting approval to do so that resulted in financial losses.<br />
<br />
A spokesman for Rawdin, who did not want to be identified, said that Rawdin has not received any of the court papers. Any claims or allegations are false and will be defended completely, and counterclaims against the corporation and individuals will be made, the spokesman said. The allegations, the spokesman added, are an attempt to remove Rawdin from his position for the benefit of the other owners of the company. Rawdin has an unspecified share in TSC.<br />
Rawdin is disappointed that this private matter is being publicized without any proof, the spokesman said.<br />
<br />
Much of the lawsuit focuses on the website and email accounts under Rawdin's control.<br />
Edward P. Ladd Jr., TSC's chief executive officer, said in an affidavit, "This presents a grave concern to TSC in that all incoming and outgoing communications with its clients are no longer secured, and TSC no longer has control over its Internet presence and communications."<br />
Before his firing, Rawdin was one of two employees privy to the login and password, according to the lawsuit.<br />
<br />
TSC said it was blocked when it tried to regain control of the website and email system. GoDaddy.com said the new password could not be reversed "because the changes were made by either an authorized user or person possessing the proper account login credentials," according to court papers.<br />
<br />
TSC, a company with headquarters in Johnson City and an office in Buffalo, develops and builds projects such as cellular and microwave applications on towers for wireless data and communications providers.<br />
<br />
Rawdin was an officer for TSC from June 2006 until Sept. 8, the lawsuit said. He served as a project manager, and his job duties included finding new customers.<br />
<br />
The company said it informed Rawdin that it was immediately terminating his employment in a letter dated Sept. 8 and mailed to him Sept. 12. The company also sent him a copy of the termination letter via an email Sept. 13.<br />
<br />
Samuel J. Savarino holds an ownership interest in TSC, and he acts as the managing member of the ownership group.<br />
<br />
"The papers speak for themselves," Savarino said of the court filing. "It's a matter with a disgruntled former employee who forced us to take the action we took." He declined to comment further.<br />
TSC contracted with GoDaddy.com in 2008 for both a Web domain and email account. Access was protected by a login and password. During Rawdin's employment, only he and Anna Monteiro, the company's comptroller, were privy to the login and password, the lawsuit said.<br />
<br />
After receiving his termination letter, "Rawdin accessed TSC's email account and Web domain with GoDaddy and changed the password, thereby granting himself sole access and control," the lawsuit alleges.<br />
<br />
Monteiro received an email from GoDaddy on Sept. 13 confirming the change.<br />
"I immediately contacted GoDaddy to advise that the changes to the accounts were unauthorized and were made by a former employee," she said in an affidavit.<br />
<br />
But GoDaddy refused to return control of the account to the company, she said.<br />
Five days after his termination, Rawdin sent an email from his TSC account advising his contacts that his mobile phone was "down," and he provided a new phone number at which he could be reached, according to court papers.<br />
<br />
TSC, in court papers, said Rawdin does not deny that he changed the password and now has control over the company's website and email account.<br />
"Rawdin has failed and refused to relinquish control of TSC's email and Web domain with GoDaddy," the lawsuit alleged.<br />
<br />
By retaining control, Rawdin has the ability to access, monitor and control all incoming and outgoing electronic communications with TSC, the lawsuit said. The lawsuit also accused him of sending emails to existing customers and business contacts of TSC "so as to improperly and falsely create the appearance that Rawdin remains an employee of TSC."<br />
<br />
The lawsuit seeks compensatory damages of at least $500,000.<br />
<br />
The company also wants the court to order Rawdin to stop using its website and email account, and to turn over the login and password information.<br />
<br />
<em>plakamp@buffnews.com</em></div></div></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-32422798260822825732011-09-21T16:41:00.000-07:002011-09-21T16:41:42.864-07:00Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests<span class="messageBody" data-ft="{"type":3}">With eDiscovery now becoming a customary practice, attorneys have learned to be more selective in their requests rather than "casting a wider net" for digital evidence. </span>The following is a reprint from marketwire.com. <br />
**************************************************************************<br />
<a href="http://www.marketwatch.com/story/symantec-survey-finds-emails-are-no-longer-the-most-commonly-specified-documents-in-ediscovery-requests-2011-09-19?reflink=MW_news_stmp">http://www.marketwatch.com/story/symantec-survey-finds-emails-are-no-longer-the-most-commonly-specified-documents-in-ediscovery-requests-2011-09-19?reflink=MW_news_stmp</a><br />
<br />
Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests<br />
<br />
<div class="clear"></div><br />
<div id="mainstory"> <div class="pressreleaselogo"><img src="http://i2.marketwatch.com/MW5/content/story/images/PR-Logo-Marketwire.gif" /> </div><script type="text/javascript">
chainEmbeddedVideos = true;
</script> <!-- Methode filePath: "" --> <br />
MOUNTAIN VIEW, CA, Sep 19, 2011 (MARKETWIRE via COMTEX) -- Symantec Corp. <span class="quotePeekContainer"><span class="quotepeekbase bgQuote up" id="quote420090922" jquery15204211946239427755="25"><a href="http://www.marketwatch.com/investing/stock/SYMC?link=MW_story_quote"><span class="bgChannel">/quotes/zigman/78627</span><span class="bgRealtimeChannel">/quotes/nls/symc</span> <span class="symbol">SYMC</span> <span class="data bgPercentChange symbol">+1.49%</span> </a></span></span>today announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines.<br />
<br />
<pre style="display: inline;"><span style="font-size: x-small;">
</span></pre><br />
"The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years," said Dean Gonsowski, eDiscovery Counsel at Symantec. "With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It's critical for the two departments to work together to develop and implement an effective information retention policy." <br />
<br />
Email Does Not Equal eDiscovery When asked what types of documents are most commonly part of an eDiscovery request, respondents selected files and documents (67 percent), and database or application data (61 percent) ahead of email (58 percent). As evidence of just how many sources companies must be prepared to produce information from, more than half indicated SharePoint files (51 percent), and nearly half cited instant messages and text messages (44 percent) and social media (41 percent). <br />
<br />
Better Practices Drive Dramatically Better Outcomes The survey found wide variations in information retention practices among enterprises. Companies that employ best practices, such as automating the placement of legal holds and leveraging an archiving tool instead of relying on backups, fare dramatically better when it comes to responding to an eDiscovery request. These top- tier companies are 81 percent more likely to have a formal retention plan in place; 63 percent more likely to automate legal holds; and 50 percent more likely to use a formal archiving tool. <br />
Implementing these best practices translates to a 64 percent faster response time with a 2.3 times higher success rate when responding to an eDiscovery request. Consequently, these top-tier companies are significantly less likely to suffer negative consequences than companies that do not have a formal information retention policy in place. Top-tier companies are: <br />
<pre style="display: inline;"><span style="font-size: x-small;">
-- 78 percent less likely to be sanctioned by the courts
-- 47 percent less likely to lead to compromised legal position
-- 20 percent less likely to have fines levied
-- 45 percent less likely to disclose too much information leading to
compromised litigation position
</span></pre>Despite Risks, Organizations Still Not Prepared Despite the risks, the survey found nearly half of respondents do not have an information retention plan in place. Thirty percent are only discussing how to do so, and 14 percent have no plan to do so. When asked why, respondents indicated lack of need (41 percent); too costly (38 percent); nobody has been chartered with that responsibility (27 percent); don't have time (26 percent); and lack of expertise (21 percent) are top reasons. <br />
Recommendations <br />
<pre style="display: inline;"><span style="font-size: x-small;">
-- Create and implement a records and information management (RIM)
program. Get started with a formal plan as soon as possible, and then
refine it accordingly to address specific laws and regulations
governing the retention and availability of information. Without a
formal plan it is difficult to know when -- and what -- to delete,
which drives over-retention and creates additional risk.
-- Periodically delete electronically stored information (ESI) according
to your RIM program. Most organizations (79 percent) believe that a
proper information retention plan should allow them to delete
information. Yet, 20 percent of organizations still retain archived
data forever. This means that a large percentage of organizations are
not correctly deploying the archive to minimize data through expiry
and by implementing document retention policies. Delete according to
your information retention plan to reduce storage, litigation exposure
and eDiscovery costs.
-- Use backup for recovery, archiving for discovery. The survey found
approximately 40 percent of organizations keep data on their backup
tapes infinitely and use those backup tapes for their legal hold
process. This exposes them to the costly and dangerous proposition of
restoration in the event of litigation. Backup is intended for
recovery purposes, and 30-60 days is the longest data should be backed
up. Files should then be automatically archived or deleted. Using
backup only for disaster recovery enables an organization to delete
older backup sets within months instead of years.
-- Deploy advanced legal hold processes and solutions to minimize the
risk of non-compliance. The preservation step of the litigation
process is fraught with risks due to the potential of spoliation
sanctions, which are often levied after the loss or inadvertent
deletion of ESI. The safest strategy is to deploy next generation
legal hold applications to better communicate the importance of a
given legal hold notice, track acknowledgement and periodically issue
reminders to affected custodians. Leveraging software here is
particularly critical since legal holds can encompass thousands of
custodians and span many years, both of which stress manual solutions.
-- Conduct litigation readiness exercises to determine exposure areas and
formulate a prioritized remediation plan. It is critical for
organizations to assess their current state of preparedness to
determine how well they can safely and efficiently respond to an
eDiscovery request or governmental inquiry. By taking a long term
approach and leveraging industry best practices (along the EDRM
spectrum), companies are in a much better position to withstand
challenges to their internal processes and avoid negative
consequences. For example, top-tier companies in the survey were
78percent less likely to be sanctioned by the courts and 47percent
less likely to have their legal position unnecessarily compromised.
-- Prepare for eDiscovery and governmental inquires by casting a wider
ESI net, including social media, cloud data, instant messaging and
structured data systems. eDiscovery is no longer primarily limited to
email. Identify where all electronically stored information resides
company-wide so that these sources do not go unrecognized. Once these
sources of potentially responsive ESI are accounted for, the right
eDiscovery tools need to be deployed so that these disparate types of
ESI can be defensibly collected and processed for review in a singular
auditable environment.
</span></pre>Symantec's 2011 Information Retention and eDiscovery Survey Applied Research fielded this survey by telephone in June and July of 2011. We spoke to 2,000 Enterprises from 28 countries. The organizations, which included a large range of industries, were enterprises with 1,000 employees or more. Respondents consisted of both a representative from IT management and a representative from Legal. By including both we were able to get a holistic picture of information retention and eDiscovery issues in the organization. Globally, this survey has a reliability of 95 percent confidence with +/- 2.2 percent margin of error. <br />
<br />
Copyright 2011 Marketwire, Inc., All rights reserved. <span class="endsquare"></span></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-89641756931490552242011-09-05T09:43:00.000-07:002011-09-05T09:43:46.406-07:00Man sentenced to six years for antagonizing women through digital ‘sextortion’<div style="text-align: center;">*************************************************</div><blockquote><i>Personal spying is real threat to anyone with a computer. Recently, we've been handling more of these civil cases and finding similar evidence as described in the article. Mark McLaughlin - CFI</i></blockquote><div style="text-align: center;">************************************************</div>Reprint from Digital Treands September 3, 2011 by Mike Flacy<br />
<br />
Commonly called "sextortion" by Federal authorities, the practice of hacking into a victim's computer to locate compromising photographs and threatening the victim with Internet exposure to gain more photos, video or money is on the rise.<br />
<br />
32-year-old Luis Mijangos was sentenced to six year in prison this week by a U.S. District Court judge in California after pleading guilty to one count of computer hacking and one count of wiretapping in March 2011. Mijangos, a resident of Santa Ana, California, worked as a freelance web designer and developer earning about $52,000 a year, but also spent his days using malware to gain access to people’s computers and extorting up to $3,000 a day from his victims. FBI experts in computer forensics estimated that Mijangos infected more than 100 computers used by over 230 people, 20 percent which were juveniles. <br />
<br />
Mijangos worked with other criminals they he met over IRC to perfect malware that was undetectable by antivirus software. The malware was disguised as links to video or music to hide remote-access tools such as SpyNet and Poison Ivy. Through these programs, Mijangos was able to search computers for intimate or sexually-explicit photos of the women using the computers as well as watch the users of the computer through a webcam and listen through a built-in microphone.<br />
<br />
Mijangos would then contact the victim to demand money or explicit videos from them and threaten to distribute the existing photos to family and friends if they contacted the police. Mijangos also hacked into the email account of the boyfriend of a juvenile in order to request sexually-explicit photos or video from the female juvenile and subsequently threaten to expose them for more explicit material. <br />
<br />
Beyond the many attempts of sextortion, Mijangos also installed keyloggers on the victim’s accounts to steal credit card numbers to purchase various electronics and other items. Many of the victims involved in the case spoke out at the sentencing trial to stress the damage caused by the disturbing psychological games that Mijangos forced upon them. Before pleading guilty to the charges, Mijangos told police that he was hired by husbands or boyfriends of the victims that were suspicious of cheating. <br />
# # #Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-59348746919818844042011-08-11T13:01:00.000-07:002011-08-11T13:01:17.870-07:00Don't Confuse Oranges With Apples: E-Discovery on Macintosh SystemsThis is an excellent article by Bobby Malhotra from Law.com on developing an E-Discovery plan for Mac Computer evidence. <br />
<br />
***************************************************************<br />
Law Technology News - August 9, 2011<br />
<br />
<b>Don't Confuse Oranges With Apples: E-Discovery on Macintosh Systems </b><br />
<br />
As if dealing with electronic data discovery in a predominately Microsoft Windows world is not difficult enough, Apple's Macintosh computer systems are increasingly finding their way into corporate environments and present unique discovery challenges. Lawyers who assume they can simply use a standard Windows discovery approach when dealing with Macs may be committing an error in logical reasoning — similar to comparing apples to oranges.<br />
<br />
During the identification stage lawyers typically reach out to relevant custodians and the client's IT contacts to gain an understanding of key issues, and the systems and electronically stored information that may come into play.<br />
<br />
At this stage, the litigation team is defining what data may be potentially responsive, where and how it is stored, and how it can be efficiently and effectively harvested — often with an eye toward review and production. Standard Windows practices at this stage may prove inadequate to handle the differences between the Microsoft and Apple operating systems.<br />
<br />
To successfully handle Macs, lawyers need an understanding about the locations that are likely to contain potentially discoverable user data and the unique Mac features that may affect their discovery plan. Here are a few tips, but caveat: many apply only to recent Mac operating systems.<br />
<br />
The home folder may be the most important storage location for Mac users. It is usually the place where users store most files and where the OS or applications will likely house the user's system preferences, internet caches, browser cookies, pictures, and multimedia files.<br />
<br />
By default the home folder has several folders within it that are created by the operating system, including desktop, documents, library, movies, music, and pictures. (The library folder houses user-specific information such as system preferences.)Home folders in the Mac world are similar (in terms of importance and underlying directory structure) to the "My Documents," "My Pictures," and "My Music" folders on Windows. Home folders are likely to contain user-created documents because many users target them as default storage repository. Likewise, many programs, e.g., iTunes and iMovie, use it as the default repository for saving or opening a file. The home folder is fertile ground for locating potentially responsive documents, and a good topic to discuss with custodians.<br />
<br />
Smart Foldersare dynamic folders that contain a list of files that meet a specific search criteria. These folders do not store files, they simply contain pointers to other files that meet selected criterion. Smart Folders help users organize and find similar documents that may be scattered across various locations on the hard disk.<br />
<br />
For example, a custodian in a mortgage-backed security litigation, whose job is to revise loan underwriting guidelines, might use a smart folder that displays all Microsoft Word documents created in the last two months that have the term "HELOC" (home equity line of credit) in the title. The custodian could use that Smart Folder each time he or she wants to display files that meet the selected search criteria — instead of rebuilding the search from scratch each time.<br />
<br />
An alias is a pointer file that links to other files, folders, or storage devices. It helps users open frequently accessed files regardless of where the files are stored. An alias is similar to a shortcut in the Windows world, but is more sophisticated because the links typically do not break when you rename or move the underlying referenced files.<br />
<br />
Both Smart Folders and aliases are organizational tools that help users access files from various locations, without creating multiple copies of the underlying files. Each actual file exists in only one physical location — even though it may be referenced in many Smart Folders or by several different aliases.<br />
<br />
Lawyers should focus on identifying physical file locations and not be sidetracked by the logical pointers used by Smart Folders and aliases.<br />
<br />
Macs include an integrated backup utility called Time Machine that stores backup data to an external hard drive. Time Machine automatically backs up the entire Mac machine so if users activiate this backup utility there is a strong possibility that there are backup copies — from different points in time — of every file on their Mac system.<br />
<br />
As a result, Time Machine backups should be a topic of discussion when talking to Mac custodians. Lawyers may need to adjust their e-discovery plan as necessary to ensure that potentially relevant backup information is being preserved.<br />
<br />
Macs come with the FileVault utility that helps users encrypt information located in their home folder. When a user turns on FileVault, a master password is set and the data in their home folder is locked and secured. FileVault uses Advanced Encryption Standard (AES) with a 128-bit encryption technique. The secured data cannot be accessed without the user login or master password — even if it is responsive to a discovery request.<br />
<br />
<br />
Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-69438508231111604562011-05-05T09:11:00.001-07:002011-05-05T09:13:47.617-07:00Companies Regularly Use Same Forensic Search Tactics Employed on bin Laden ComputersIt's been reported the analysis of bin Laden's seized computer disks should help thwart future attacks and locate terrorists. "I'm certain government forensic experts have their hands full looking for the proverbial needles in an acre of haystacks," says <span class="xn-person">Mark J. McLaughlin</span>, President of <span class="xn-location">Los Angeles</span> based Computer Forensics International. "The breakthrough software tools and search techniques used by government examiners are the same ones we routinely use to analyze hard drives and cellphones for attorneys, corporations and the courts."<br />
<br />
Computer forensic examiners start by making exact copies of seized digital evidence. Then experts would typically use EnCase, a forensic software package, to conduct the analysis. "We can easily view computer files just as you would normally look at them on your computer," says McLaughlin, a senior examiner with over 500 cases under his belt. The software automatically recovers deleted documents, emails and images. Plus each data file's date and timestamp is displayed making it easy to assemble a timeline of when the file was created, modified or even viewed. He adds, "we also have a very cool program for conspiracy examinations that visually shows the frequency and relationship email senders have to one another."<br />
<br />
But the real power of a forensic examination comes from the ability to search through hundreds of gigabytes of data quickly, thoroughly and in any language – even Arabic. Lists of relevant keywords are searched against the evidence, later returning search hits where the keyword was found. It's also important that each hit is seen in context to other words, which makes it easier to reassemble fragments of text. McLaughlin says, "by using wildcard search terms we can recover partial email addresses, phone numbers and a person's internet browsing history. Computer forensic examiners work hard for our clients. I can truly say, if it's there, we're going to find it."Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0tag:blogger.com,1999:blog-9205201766213349191.post-62504708011686005732010-12-10T21:33:00.000-08:002010-12-10T21:33:54.298-08:00Wikileaks Internal Emails Likely To Take Down Assange<div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman", "serif"; font-size: 12pt; line-height: 200%;"> Just as sensitive government emails revealed by Wikileak's Julian Assange has damaged foreign relations, prosecutors will be conducting sophisticated worldwide computer forensic examinations of his internal emails designed to find the smoking gun. "They're looking for any electronic communications that proves his intent to do harm and who else was involved", says Mark McLaughlin, President of Computer Forensics International. </span></div><div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman", "serif"; font-size: 12pt; line-height: 200%;"><span style="mso-tab-count: 1;"> </span>Today, nearly everyone communicates electronically through email or instant messaging. People use email as a conversational tool and will say things in messages they believe will be private. But they're not private to a computer forensics examiner who uses an elite suite of software to recover even deleted messages. </span></div><div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman", "serif"; font-size: 12pt; line-height: 200%;"><span style="mso-tab-count: 1;"> </span>"We can even find relevant evidence using wildcard or proximity search terms, and then gain deeper insights into how each message relates to the other through a very cool graphical relationship display", says McLaughlin. "It's really like Star Wars technology. Our software tools are the same ones used by governments worldwide and we use them in support of attorneys and corporations every day. We're very successful at finding things people don't want to be found."</span></div><div class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman", "serif"; font-size: 12pt; line-height: 200%;"><span style="mso-tab-count: 1;"> </span>Mark McLaughlin has amassed over 25 years experience in computer forensics, electronic discovery, expert witness testimony, corporate security investigations, information systems management and law enforcement. He's a frequent lecturer, trainer and resource to news organizations on matters of computer forensics, Internet and data security.</span></div><div align="center" class="MsoNormal" style="line-height: 200%; margin: 0in 0in 0pt; text-align: center;"><span style="font-family: "Times New Roman", "serif"; font-size: 12pt; line-height: 200%;"># # #</span></div>Computer Forensics Internationalhttp://www.blogger.com/profile/07196371620490650566noreply@blogger.com0