MIS Magazine / September / October 2007 - an explosion of electronic data today, and the amendments in December 2006, the Federal Rules of Civil Procedure (FRCP) on electronically stored information (ESI), requires information and legal professionals to broaden their knowledge of dealing with the discovery of electronic commerce. Recent changes to the FRCP include:
* Definitions and Safe Harbor for some routine changes of electronic files during routine operations such as backups [amended Article 37 (f)]
* Information on how to deal with data that can not be reasonably available [amended Article 26 (b) (2) (b)]
* How to deal with the unintentional production of separate hardware [amended Article 26 (b) (5)]
* ESI preservation responsibilities and pre-trial conference. [Amended section 26 (f)]
* Requests for production of electronic files [Amendment of Articles 33 (d), 34.26 (f) (3), 34 (b) (c)]
There are many opinions on how they should be provided for the ESI Oadartha, organization, storage and retrieval. Some of the options available are very expensive in terms of financial obligations and time required. Ever-changing technologies only add to the confusion. One area of confusion is the distinction between computer forensics and electronic discovery, and there is a big difference. They are described in the sidebar computer forensics electronic discovery.
Make the right choices
Successfully respond to e-discovery within the amended FRCP requires organizations to make many crucial decisions that will affect the collection and processing of ESI.
Recovery decisions
The following questions need immediate answers:
1. You can e-mail is a part of this project? If so, is key for anyone to maintain a website email account, in addition to their company accounts?
The volume of transactions for e-mail providers and prohibits the storage of large amounts of large files mail. Many ISPs email account, such as America Online, BellSouth, and Comcast, to maintain their e-mail to register within 30 days. If the case is likely to require exploration of email accounts, internet, the discovery team must promptly request records, or perhaps gone forever. This usually requires a call. In rare cases, perhaps the discovery of parts of the Internet a legitimate email from the hard drive of the individual.
2. You may discover that there is no illegal activity a chance?
Many cases involving errors electronic data detection. This could be a case involving a member of the department or employee of a high degree of technology. In these cases, the institution may first inclination is to terminate the employee (s), and determine the extent of damage before informing agencies of law enforcement.
That may be exactly the right thing to do. If the fault by someone non-technical, there is a chance that he or she is the only person who knows how to access files, find the problem, or fix it. This is often the person who knows the passwords for critical applications. Technical Officer normally has the ability to work and access company files remotely. Unless the removal of such access before the end of the employee, it is possible that the dismissed employee or disgruntled that can access the network and that great damage.
The best solution is to limit the privileges of employee access to the full, both local and remote. Then the employee must be informed of knowledge management in this situation, and give an opportunity for cooperation in order to limit the damage. If the situation involves criminal matters, especially if has been set, medical, financial records, and a good decision is to involve law enforcement as soon as possible. E-criminals disappear in many cases, the destruction of all evidence of their activities.
3. Is it possible to delete files or hidden can play an important role in this case?
There are three methods for the collection of electronic files for discovery:
* ะ legitimate as shown in the sidebar
½ legally ะ using the methods of non-validation and application to capture files
* Is there a legitimate use of a simple cut and paste the copy methods to transfer copies of files from one place to another. These methods do not include files to ensure that the fragmentation of files have not changed, which involves the use of hashing algorithm to create a mathematical fingerprint of one or more files that will change if you make a change in the group.
For some questions, and content of electronic documents is all that matters. ะ files in the context that created them, and how they are stored, and how it was viewed, if it was modified or deleted ะ are not important.
In other cases, background information, including the search for deleted files, is vital and requires the collection of forensic evidence. This includes the
* Ensure the legal authority to research data
* Series documenting nursery
* Create a copy of the legal use of forensic tools to validate the establishment of records of retail
* Use an iterative process, to study and analyze data
* The establishment of a scientific report the results of any
Must determine the value of the collection of legal electronic file must be done before all data is captured. Once used and the methods of semi-or illegal, it is impossible to return to their country of origin of the documents.
4. And backup tapes is part of an active group?
Some cases on historical questions, which makes the method of dealing with computer backups are important to address immediately.
Most companies use a rotation schedule for backup media. For example, in the rotation for four weeks, and are daily backups for a week and then take these tapes (or drives) off-site storage. And used a new set of media in the weeks on the site of the second and third, and fourth, then these tapes are stored in the 3. In the fifth week, and reuse tapes or discs of the first week. This process is done for financial reasons, because it is very profitable.
Backup tapes have become part of the information that must be kept under active litigation. This requires the table to stop any rotation, and the amendments to the FRCP in 2006, making it crucial for the legal team for the transfer of this information to the staff responsible for business continuity technology.
No comments:
Post a Comment