Viewing posts from : August 2010



We’ve been working on a research project about brand protection and reputation monitoring on all the social sites, like LinkedIn, twitter, etc… and seeing a disturbing trend. Most of these companies are selling something you can get for free. Very few have any value add, and even fewer offer any genuine innovation. So before you or your clients pony up several thousand to several hundred thousand dollars to babysit your business’s social reputation, take a long hard look at Google Alerts. It’s free, and any geek worth his coffee allowance can set it up for you.

There’s a lot of information about the scope of a litigation hold, but most of it seems to miss a key issue: you need to involve a technical expert consultant.  Not necessarily as an expert witness, but someone with the technical know-how to look at an organization as the black box it seems during discovery, and peel back the layers to get at the really important bits that usually get missed.  Business networks are complicated beasts, and there’s more to retaining data than the email backup tapes and a primary application or two.

For instance, what feeds the system in question?  What does it in turn feed?  The interconnections can provide a means of validating an otherwise opaque operation.  For example, say they’ve held the backup tapes for email; very reasonable, but what if they created and sent and deleted a letter in one day?  Did the system back that up, or is it gone?  Is there an email gateway in addition to the server, or some other intermediary system that tracks simple in/out email transactions.  By comparing the logs from the gateway to the preserved email (using programs, so it’s fast) it’s possible to locate transient messages.  Messages that might be interesting.  This is not an onerous extension.  It’s just a log file, or set of logs, from a server. It only takes the time necessary to copy the log files and burn a CD.

This principle extends to every system in a complex network.  It is far more rare to find an isolated system than one that interfaces to at least one other system.  And that 2nd system can possibly validate claims of preservation, or invalidate them.  That’s why you need a technical expert for preservation, and why the judge/magistrate/arbitrator needs one as well.

The other thing that’s missed currently is the hard disks and other storage devices from the personal computers and devices of any interesting parties.  They can preserve what they have on hand, but what if it’s already gone?  A recovery specialist (a.k.a. forensic computer expert) can go through a hard drive rapidly and see if there’s any interesting material that’s been deleted.  So long as you are paying the expert to do the looking, this isn’t onerous to the producing party, it’s just a couple hours of tech time to copy the original drive and provide you with the original, but they’ll object that there are other materials on that drive that aren’t relevant and may be proprietary or protected.  Which brings us back to the expert.  If the material in question is important enough, an agreement can be made regarding what the expert can look for and how.  By limiting the scope, and including a non-disclosure agreement, it may be possible to produce material that was deleted.  This is a simplification, but it mostly comes down to how important the possibly deleted materials may be.  In most major cases, it is probably an easy stretch to include these materials.  Materials that can be invaluable to proving a point.

So attorney’s, please include qualified expert assistance in cases where the additional outlay is worthwhile.  It probably isn’t going to cost more than you can handle, and can be very worthwhile.

And for more possible sources, don’t forget employees personally owned computers, smart phones, and memory sticks.  There’s a lot of places for valuable data to hide, and all of it is potentially viable material.  If the company permits personnel to store work materials on personal data storage devices, those devices should be within scope.  Which is why every company today should have a policy and controls in place to protect employees by restricting what company material can be copied to non-company devices.

Contact Digital Trust regarding assistance with developing a complete scope for your discovery efforts, but, attorney’s, please do not list without a contract.  Always contact a lawyer for legal advice, and do not construe this technical advice as legal advice.  Digital Trust assumes no liability for use of this free advice.

This post is copyright 2010 Digital Trust, LLC.  Replication for internal company use is permitted provided this notice remains attached.  No other private or public re-use is permitted without consent.