On Aug. 29, 2005, hurricane Katrina destroyed thousands of homes on the Gulf Coast. When homeowners were finally allowed to return to their homes and saw the damage, they began the process of working with their insurers to file their claim and start over. What they were faced with were claim denials for their homeowner policies.

Zach Scruggs, one of many attorneys involved in litigation against these insurers, said Forensic turned over the e-mails as part of the pretrial discovery litigation. Homeowners who where suing State Farm Insurance for Hurricane Katrina claim coverage had accused the insurer of pressuring their engineers to modify reports regarding the hurricane damaged property so that policyholders’ claims could be denied.

Recently obtained internal e-mails from an engineering firm that helped State Farm adjust claims are helping lawyers litigate their claims because of the evidence they have obtained with E-Discovery and Computer Forensics. Some of these e-mails are conversations between the Forensic president and CEO Robert Kochan and Randy Down, the firm’s vice president of engineering services. In one particular e-mail, it says the firm will continue working with State Farm, but discusses needing to “redo the wording” of a report after a complaint by Alexis King, a State Farm Manager in Mississippi, so “such that the conclusions are better supported.”

Alexis King didn’t want local engineers to inspect properties because they were “too emotionally involved” and were “working very hard to find justifications to call it wind damage when the facts only show water induced damage,” according to an e-mail. Randy Down questioned the State Farm’s motivations and questioned the ethics of the insurer via e-mail with the insurer telling the firm what to put in the reports.

All of this information would have gone unnoticed if it wasn’t for the field of Computer Forensics. Computer forensics has quickly become a vital tool and source of information for criminal investigators, corporate counsel, and prosecutors. Computer forensics investigators use their skills to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time & date stamps and accurate chain of custody & controls. They also obtain access to protected or encrypted data by using specialized software.

Jason Perry

ADR Data Recovery is available to evaluate your situation. For more information on ADR Data Recovery’s Computer Forensics service, visit http://www.computerforensicsassociates.com

The obvious signals that your spouse is up to something could range from spending a lot of time ‘at work’ or perhaps more time than normal ‘out with friends’. The more subtle indicators that you are being lied to are conveniently hidden from your view especially if you are not familiar with computers, e-mail or the Internet.

In situations such as this, a Computer Forensics Investigator can help uncover what exactly is going on. Computer Forensic Investigators can identify the truth by examining the computer’s hard drive and see what websites, e-mails, chat logs and other pieces of useful information are available to help you. Once the information is collected and you have had time to go over the data, you will then have the evidence you need to either believe that your relationship is still solid and there isn’t any lying and cheating occurring. Or, that there is and now you will need to evaluate your options and possibly file for a divorce.

The types of information that can be collected by a Computer Forensics Investigator include:

• e-mail
• plain text and documents
• images
• calendar files
• databases
• spreadsheets
• digital faxes
• audio files
• animation
• websites

Computer Forensics Investigators use specialized software to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time & date stamps and accurate chain of custody & controls. They also obtain access to protected or encrypted data by using specialized software. They are able to untangle the web of data and analyze emails, Internet searches, file transfers, online account transactions and anything else a computer is used to do over the Internet.

If you are in a situation where you feel that your partner or spouse is lying and cheating on you, it is up to you to take action. A computer forensics investigation can help you take those steps to collect the evidence you may need to protect yourself and your family.

Jason Perry

ADR Data Recovery is available to evaluate and discuss your situation. For more information on ADR Data Recovery’s Computer Forensics service, visit http://www.computerforensicsassociates.com

Computer forensics is becoming more mainstream in litigation and with the amendments to the Federal Rules of Civil Procedure on 12-1-2006, more cases will utilize these rules. With the expected increase in demand for qualified and trained law enforcement professionals, the first computer forensics institute has been announced and will be located in Hoover, Alabama. Construction of the facility is expected to begin by mid-April of 2007, with construction completed by January of 2008. Training is expected to begin in July 2007.

“With the ever-increasing prevalence of cyber crimes such as identity theft, computer hacking and online child pornography, it is absolutely essential that we equip our law enforcement personnel with the best training and equipment available,” said Governor Riley. “This center will make Alabama the nation’s leader in training our local, state and federal law enforcement to combat high-tech crimes. It will become America’s institution of excellence in the fight against cyber crimes.”

The Center is being funded though a cooperative effort by the U.S. Department of Homeland Security, the U.S. Secret Service, and state, county, and local governments. The State of Alabama is contributing approximately $3 million dollars to the Center, to be used for build-up expenses. The U.S. Department of Homeland Security is providing an additional $9 million dollars, and the U.S. Secret Service is providing 18 full-time agents to help staff the Center.

U.S. Secret Service agents will teach computer forensics and digital evidence to national, state and local law enforcement at the Center. These agents are in the field and understand the curriculum from a law enforcement perspective. It will include high-tech classrooms, a computer forensic lab, and public education exhibit space.

The Center is expected to train more than 900 law enforcement professionals each year.

Jason Perry

Computer Forensics Associates is available to evaluate your situation. For more information on Computer Forensics Associates service, visit http://www.computerforensicsassociates.com

An Expert Witness is a specialized and quickly growing field of investigation within Computer Forensics and E-Discovery. And as such, these individuals are a leading defense, or offense - depending on which side of the litigation you are on, up corporate America’s sleeve against cyber crimes and prosecuting ‘hackers’. An Expert Witness service typically works closely with a Computer Forensics investigator, or perhaps has the credentials and experience of both.

Computer Forensic investigators uncover the depth of a security breach, recover data that has been corrupted or intentionally deleted, identify how a ‘hacker’ got past the security checks and if fortunate enough, identify the individual who caused the damages. The term ‘hacker’ can either be an individual on the Internet, an employee, or a spouse looking to steal or destroy data.

As a result, in almost every legal matter, critical and relevant evidence will be stored electronically. Proper collection and examination of this evidence is critical to avoid spoliation, to preserve the evidence, and to manage cost.

Expert witness service provides testimony, documentation and witness preparation to help present discovered electronic data in legal proceedings to help you prove and win your case.

Various types of data may be considered as critical evidence in a case. These types of data include:

• e-mail
• plain text and documents
• images
• calendar files
• databases
• spreadsheets

• digital faxes
• audio files
• animation
• websites
• computer applications
• viruses and spyware

Should your company, or yourself, need the service of an Expert Witness for a case dealing with Computer Forensics and E-Discovery, make sure that the computers which could be involved in the case are secured from use and contact a Computer Forensics service to discuss your situation.

Jason Perry

Computer Forensics Associates is available to evaluate your situation and work with you to recover your data and win your case. For more information on Computer Forensics Associates service, visit http://www.computerforensicsassociates.com

CONDUCTING THE SEARCH AND/OR SEIZURE is an important party of Computer Forensics. If the search is not done properly then you will not be able to enter evidence to the case. The following is a outline

Secure the Scene.

Assign an safety officer to manage the scene. Preserve the area for potential finger prints
Leave computer in the state found. Document how they were found with photographs and written documentation. Immediately restrict access to computer(s).
Isolate from phone lines (because data on the computer can be access remotely).

Identify which machines are stand alone or network based. If the computer is network based then some of the data might reside on another machine. Below is a rule we follow when collecting evidence:

• On/Off Rule for Forensics data recovery and evidence gathering.
• If the device is “ON”, do NOT turn it “OFF”.
o Turning it “OFF” could activate lockout feature.
o Write down all information on display (photograph if possible).
o Power down prior to transport (take any power supply cords present).
• If the device is “OFF”, leave it “OFF”.
o Turning it on could alter evidence on device (same as computers).
o Upon seizure get it to an expert as soon as possible or contact local service provider.
o Make every effort to locate any instruction manuals pertaining to the device.

One of the key elements in every data forensics procedure is time. Users may unintentionally or inadvertently overwrite evidence simply by continuing to complete their daily tasks. Collecting and preserving data or evidence that may have been deleted or become inaccessible through normal computing methods is an important consideration. Determining what information needs to be gathered before hand is critical to a cases success or failure.

A computer Forensic Services specialist is available in Los Angeles to address your needs.

On December 1, 2006, many amendments to the Federal Rules of Civil Procedure went into effect. There are three rules specifically that impact Computer Forensics and E-Discovery which need to be considered when building a case for your client, as well as protecting your client’s rights.

Most companies fail to realize the following two points:

• Any data that can be compiled into viewable form, whether presented electronically or printed on paper, is potentially within the definition of “document”.

• Electronic documents may be considered obsolete by the business in terms of its current computer infrastructure, but may have archival value and be recoverable to a readable format by specialized forensic techniques.

FRCP - Rule 26 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 26a1 changes are very important.

At the first sign that litigation is coming, a company must use their Litigation Hold procedures and not wait for the courts to act. The problem is most companies do not have these procedures in place, nor do these companies know that litigation holds must start this early in the process.

Of course in order to have Litigation Hold Procedures, a company must have a retention policy and know where the company’s data is stored and must be easily accessible.

Rule 26. General Provisions Governing Discovery; Duty of Disclosure

Except in categories of proceedings specified in Rule 26(a)(1)(E), or to the extent otherwise stipulated or directed by order, a party must, without awaiting a discovery request, provide to other parties:

(A) the name and, if known, the address and telephone number of each individual likely to have discoverable information that the disclosing party may use to support its claims or defenses, unless solely for impeachment, identifying the subjects of the information;

(B) a copy of, or a description by category and location of, all documents, electronically stored information, and tangible things that are in the possession, custody, or control of the party and that the disclosing party may use to support its claims or defenses, unless solely for impeachment.

FRCP - Rule 34 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 34 identifies new procedures regarding the production of documents and electronic data for litigation.

Rule 34. Production of Documents and Things and Entry Upon Land for Inspection and Other Purposes

(a) Scope.

Any party may serve on any other party a request (1) to produce and permit the party making the request, or someone acting on the requestor’s behalf, to inspect, copy, test, or sample any designated documents or electronically stored information — including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained — translated, if necessary, by the respondent into reasonably usable form, or to inspect, copy, test, or sample any designated tangible things which constitute or contain matters within the scope of Rule 26(b) and which are in the possession, custody or control of the party upon whom the request is served; or (2) to permit entry upon designated land or other property in the possession or control of the party upon whom the request is served for the purpose of inspection and measuring, surveying, photographing, testing, or sampling the property or any designated object or operation thereon, within the scope of Rule 26(b).

FRCP - Rule 45 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 45 identifies new procedures to follow when your company subpoenaed.

Rule 45. Subpoena

(d) Duties in Responding to Subpoena.

(1)(A) A person responding to a subpoena to produce documents shall produce them as they are kept in the usual course of business or shall organize and label them to correspond with the categories in the demand.

(1)(B) If a subpoena does not specify the form or forms for producing electronically stored information, a person responding to a subpoena must produce the information in a form or forms in which the person ordinarily maintains it or in a form or forms that are reasonably usable.

(1)(C) A person responding to a subpoena need not produce the same electronically stored information in more than one form.

(1)(D) A person responding to a subpoena need not provide discovery of electronically stored information from sources that the person identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or to quash, the person from whom discovery is sought must show that the information sought is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

These are just snippets of the rules and your attorney or corporate counsel should have access to the entire Federal Rules of Civil Procedure Amendments document. It is important to consider these rules when planning to use a Computer Forensics Investigator or E-Discovery service.

Jason Perry

Computer Forensics Associates is available to evaluate your situation and needs. For more information on Computer Forensics Associates Computer Forensics and E-Discovery service, visit http://www.computerforensicsassociates.com

Computer forensics, sometimes known as “Digital Forensics” or “Electronic Evidence Discovery”, is often described as “the preservation, recovery and analysis of information stored on computers or other electronic media”.

Computer forensics has quickly become a vital tool and source of information for criminal investigators, corporate counsel, and prosecutors. Computer forensics investigators use their skills to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time & date stamps and accurate chain of custody & controls. They also obtain access to protected or encrypted data by using specialized software.

In addition, with the increased usage and dependence on the Internet, for corporate and individual communication, computer forensic investigators are equip to analyze emails, Internet searches, file transfers, online account transactions and anything else a computer is used to do over the Internet.

How do they do it?

Computer forensic investigators typically focus on 4 areas when investigating a potential incident. There are other areas of attention as well, but the following are the most common. Including illicit and damaging activities that could damage your company’s reputation.

Saved Files

These are files that can be viewed on the computer. This is usually a non-intrusive task to obtain these files.

Deleted Files

These files are just that…deleted. They are either in the ‘trash’ or require special software to ‘capture and restore’ the files. This is usually a non-intrusive task to obtain these files.

Temporary Files

These files are typically generated from browsing the Internet, working on a document, some types of back-up software as well as certain software installations for example. Identifying these requires specialized software and is an intrusive process.

Meta Data

This information typically is associated with the details of a file or document. Such as, the date the file was created, modified and last accessed. Additional information that could be captured could include the original creator of the file (of course that information depends on the original installation of the application) as well as anyone who has ever accessed the file. Identifying these requires specialized software and may or may not be an intrusive process.

What would Computer Forensics Service be used for? There are several possible uses for this type of service. The most common applications of computer forensics are as follows:

• Divorce Cases
• Electronic Investigation
• Expert Witness Service
• Corporate E-mail Investigation
• Litigation Support
• Intellectual Property Disputes
• Investigation and Discovery Litigation Programs
• Insurance Fraud Cases
• Corporate Investigations
• Corporate Counsel Support
• Electronic Records Management

There are many reasons why you, or your company, may require the service of a computer forensics investigator. If you suspect that you may have an incident requiring computer forensic service, or electronic evidence discovery & analysis, you should secure the computer from further use and contact an experienced computer forensics service company.

Jason Perry

Computer Forensics Associates is available to evaluate your situation and needs. For more information on Computer Forensics Associates Computer Forensics and E-Discovery service, visit http://www.computerforensicsassociates.com