Guidance Software Inc. bills itself as the leading provider of technology that helps companies dig up old e-mails and other electronic documents that might be evidence in a lawsuit. Yet when Guidance itself had to face a judge, it was accused of bumbling its internal digital search.
Whether Guidance intentionally hid documents or just couldn’t find them is a matter of dispute. The company said it did all that was required. But its inability to cough up certain e-mails, even over several months, led an arbitrator to accuse it of gross negligence and proceeding in bad faith.
At the very least, the case shows how thorny electronic evidence searches can be, even for a specialist.
Posts Tagged ‘evidence’
A while back I did a presentation on why digital forensics will always win. It seems there has been so much emphasis as of late on anti-forensic tools. I had seen someone else give a presentation encouraging others to write anti-forensics software, because he was too lazy to do it. That really summed a lot of things up for me.
I won’t rehash my presentation here, but I saw this article and really found it interesting. Digital images can be used to track back to their model of camera in about 90% of cases, without the use of metadata.
What else can we do that with? Would we be able to record a cell phone conversation, have special software listen to the static, popping, and hissing that we normally don’t hear, and determine what kind of phone the person was using? Can we look at the computer chip and logs in a vehicle and determine their last speeds, gear shifting, braking, and similar items that might help prove what route they took at a certain time? Can we look at digital thermostats or new air conditioning systems to see how often they cycled to prove if someone (or more than one person) was home at the time, using the oven, or otherwise heating up the place?
I don’t know all these answers, but the point is that there are a lot of potential pieces of evidence that exist far beyond just a computer system. I’d like to expand on this post soon and make a nice list of useful “non-traditional” evidence items. Anyone have any they’d like to share?
20
DEC
Quickhit: Chain of Custody
We met with a federal prosecutor recently who said that in his 20+ years of prosecuting cases, not once has he had evidence thrown out based on an attack against Chain of Custody.
It makes me wonder if the Chain of Custody process is that solid in his area or if it just isn’t challenged that frequently. We didn’t have time left in the meeting so I didn’t get a chance to ask more questions. Either way, not something to get complacent on.