Preserving Android Evidence: Return of the Clones?

When computer forensics was in its infancy, examiners collected evidence from disks by copying their contents byte-for-byte to matching, sterilized disks, creating archival and working copies called “clones.”  Cloning drives was inefficient, expensive and error prone compared to the imaging processes that replaced it.  Yet, disk cloning worked for years, and countless cases were made on forensic evidence preserved by cloning and examined on cloned drives.

Now, cloning may be coming back; not to preserve hard drives but  to collect data from mobile devices backed up online, particularly Android phones.  If I’m right, it will be only a stopgap technique; but, it will also be an effective (if not terribly efficient) conduit by which mobile data preserved online can be collected and analyzed in discovery.

Case in point: Google’s recently expanded offering of cheap-and-easy online backup of Android phones, including SMS and MMS messaging, photos, video, contacts, documents, app data and more.  This is a leap forward for all obliged to place a litigation hold on the contents of Android phones — a process heretofore unreasonably expensive and insufficiently scalable for e-discovery workflows.  There just weren’t good ways to facilitate defensible, custodial-directed preservation of Android phone content.  Instead, you had to take phones away from users and have a technical expert image them one-by-one.

Now, it should be feasible to direct custodians to undertake a simple online preservation process for Android phones having many of the same advantages as the preservation methodology I described for iPhones two years ago.  Simple.  Scalable.  Inexpensive.

But unlike the iOS/iTunes methodology, Android backups live in the cloud.  At first, I anticipate there will be no means to download the complete Android backup to a PC for analysis.  Consequently, when we must process the preserved data for litigation, we may need to first restore the data to a factory-initialized “clean” phone as a means to localize the data for collection.  That’s not to say that Google won’t eventually offer a suitable takeout mechanism; after all, Google Takeout capabilities are second to none.  But, until we can backup Android content in a way that it can be faithfully and intelligibly retrieved directly from Google, examiners may revive the tried-and-true cloning of evidence to clean devices then collecting from the restored device.  Everything old is new again.

It won’t be so bad to use this stopgap approach considering that e-discovery typically entails preservation of far more mobile sources than need ultimately be processed.  So, while backing up many online and cloning a few to clean phones certainly isn’t a perfect solution for Android evidence, it’s good enough and cheap enough that courts should give short shrift to parties claiming that preserving phone evidence is unduly burdensome or complex.  For, as my e-discovery colleagues love to say, “Perfect isn’t the standard.”  I agree.  But, neither is the standard, “we couldn’t be bothered, judge.”

Who Am I If I’m Not That Guy Anymore?

This is a personal post.  I’m baring my soul in hopes that colleagues grappling with doubt and transition will know they are not alone.  I’m at a point in my career—in my life, really—where I’m obliged to ask, “Who am I if I’m not that guy anymore?”

At the ILTA conference last month, a colleague lately risen to rarified heights in e-discovery mentioned she’d heard I’d retired.  It was a dagger to the heart.  I sputtered that, yes, I’d cut back on my insane speaking schedule and was writing less frequently.  I was playing more but I hadn’t taken my shingle down.

That’s true, but what I didn’t say was that ofttimes retirement isn’t a choice.  It’s thrust upon you when you don’t fight it.  And you can’t always fight it.  I’m not retired; I’ve just conducted myself as if I were, and chickens have come home to roost.  Call it a crisis of confidence.  I struggle to feel I’ve got anything to say.  After more than 2,000 confident turns at the podium, I feel like a fraud.  Do you ever feel that, dear reader?  You know, Imposter Syndrome, that feeling that, at any moment, someone might point and say, “you’re not the real deal!”

Let’s put aside the quirks and tics of personality built on shame, insecurity and emotional scarring.  We’ve all got that.  I think there are three main causes behind my gnawing self-doubt.

The self-serving first is that, having focused on electronic evidence and forensic technology for thirty-odd years, new information must compete for brain space and context against a hoard of old knowledge and experience.  I started my professional career when MS-DOS was the dominant operating system and networking meant sharing a daisy wheel printer.  That was before e-mail, before the Web and long before mobile.  It was possible to be a generalist expert in legal technology, and I was.  Back then, you could ask me a question about almost any topic at TechShow and I probably knew the answer.  We all did.  WordPerfect tips?  Sure!  The best TSR tools for lawyers?  I’ve got that.  If you’ve never used WordPerfect or have no clue what “TSR” means, I rest my case.

Expertise demands I acquire new, relevant information and afford it space and ready access among all the once-useful-and-still-occasionally-valuable junk jamming the cerebral storeroom.  Did I mention I’m something of a hoarder?  It’s a godawful mess in there.

“I know too much” sounds like a Trumpian tweet, and it’s a rotten rationale from anyone.  That said, you try keeping track of the forensic artifacts left by Windows XP versus Windows 10, how to crack the latest iOS release and what counts as proof of intentional deprivation under Rule 37(e).  I can’t help feeling that life is simpler and confidence in one’s expertise easier to come by when your only context is “now.”

The second contributor to my crisis of confidence is that I’ve lost my laboratory.  I no longer work enough matters to feel at the top of my game.  It’s not the first time that’s happened.  Back when I was trying lawsuits, I spoke frequently about how to create and use demonstrative evidence.  I had many examples of visuals I’d built and used in my own cases.  They blew folks away.  As my practice shifted from first-chair trial lawyer to tech evangelist preaching the gospel of electronic evidence, I no longer built visuals for cases, and my inventory of salient examples grew stale.  I lost my laboratory.  I stopped making fresh discoveries; so, I stopped teaching demonstrative evidence.

As my engagement in cases has diminished over a few Big Easy years, so, too, has my need to navigate real-world challenges in computer forensics and electronic evidence.  I’ve lost my laboratory again and, without fresh challenges, I’m fresh out of insights.  I feel rusty, like I’m just an academic.

The third factor is harder to articulate, but it’s a sense that the world has moved on.  E-discovery has been “handled.”  Forensics is done more by tools than people.  Discovery service providers have commoditized and packaged the tasks I once thought lawyers would manage.  Civil trials have disappeared, and with them the need to authenticate, offer and challenge electronic evidence.  Lawyers no longer do much of what I was helping them to do–or perhaps I wasn’t helping them enough and they’ve found others easier or cheaper to work with.

I don’t discount the unrelenting passage of time either and my aging out (62 last week).  Many of my repeat clients have changed careers, retired or died.  I did nothing to replace them.  Most of the judges who knew me as a go-to guy for computer forensics and e-discovery are off the bench, either by retirement or blown by political winds having nothing to do with their abilities.

Finally, there is competition.  I had the field to myself for quite a while.  There are more people to go to now.  Are they as steeped in e-discovery and computer forensics as I am? Who knows?  More to the point, who cares?  Lawyers were never especially discriminating when hiring digital forensics and e-discovery experts; less so now.  I greatly benefitted from the fact that there weren’t many experts to choose from and amongst lawyers and judges, I enjoyed a high profile.  I always strove to be the real deal and supply correct answers; but, if I hadn’t, I’m not convinced anyone would have been the wiser.

I have not retired.  I’m still here, and I feel like I have another reinvention in me—a last, best act yet to come.  At the same time, I am not so clouded as to miss the signs auguring otherwise.  Starting over sounds at once exhilarating and exhausting.  I keep wondering: Who am I if I’m not that guy anymore?

I’m fortunate that, even lacking new direction, I enjoy the freedom to move on.   No one depends upon me and I have ample savings.  As my mother used to say, I just need to handle my money “so I have ten cents left to tip the undertaker.”

I won’t cut it that close and I’ve had a great run (not done, not done); but, I’m worried for those who followed me or found their own way into the field and still need to build their nest eggs.  Has it been a hard road?  Are they finding it difficult to make a happy living doing what once was so lucrative and exciting?  I worry that some followed me down a disappointing path.  If you have doubts as I do, please do not despair.  Take comfort in schadenfreude.  You are not alone, and when we all get to the same place, we can have a wonderful party and talk about it.

How Will We Back Up iPhones Without iTunes?

I’ve been on something of an e-discovery crusade for the last few years.  No, not my Quixotic, decade-long, “Native Production is More Utile and Efficient” crusade.  This is the other, later-but-just-as-frustrating crusade I call, “Mobile to the Mainstream.”  It’s a relentless, battleship-banging effort to foster recognition that mobile devices and their online information ecosystems are the most important sources of probative electronic evidence we have today.  Unless privileged, mobile evidence should be routinely preserved and produced in mainstream electronic discovery.  Honestly, shouldn’t that be obvious to even the most casual observer of modern life?

That mobile evidence is routinely ignored in civil matters by counsel, government and industry is troubling, and defended–if defended at all–by pointing to the alleged burden and technical “forensic-ness” of marshalling phone content.  I’ve countered with articles showing the ease with which iPhone content can be preserved, extracted and searched–at little to no cost and, crucially, without separating custodians from their devices.  The “trick” for Apple iOS devices was exploiting iTunes, and it was a good trick because iTunes is free, easy to use and supported by Apple on both Mac and Windows platforms around the world.

Then, Apple lately announced it was doing away with iTunes.  ARRRRGGHHH! 😱😖😭

But, no worries, the iPhone backup methodology I’ve put forward is still going to work after Apple releases the new Catalina operating system and cleaves iTunes into dedicated apps for music, podcasts and TV.  In fact, preserving iPhones may be easier for Mac users as Apple is shifting the backup tool into the Finder app.  You’ll do exactly the same thing I wrote about but Mac users with Catalina won’t even need to use iTunes to preserve mobile evidence.  It’ll be built in.

From what I understand, Windows users will still have an app for the task, probably iTunes for the foreseeable future.  So, I’m relieved to know that the “demise” of iTunes won’t be a barrier to simple, scalable preservation of iPhone content.  Things may even get a little easier.

ILTACON 2019 at the Happiest Place on Earth

I’ve spoken at nearly all the legal technology conferences that have come and gone over the last thirty years.  Some, like LegalWorks and LegalTech West, are extinct (suggesting there is no appetite for legal technology west of Las Vegas).  Others, like ABA TechShow and LegalTech New York soldier on, shadows of what they once were, annually rearranging well-worn deck chairs.  They’re still frantic and fun to attend but TechShow has devolved to a mostly regional attendance and LegalTech’s influence has waned such that the most interesting meetings occur outside the Hilton.  Lately, the dynamic and influential meetups are those dedicated to a single product and its ecosystem (think Relativity Fest or ClioCon).  A stalwart exception, and an event I always try to cover, is ILTACON, the annual confab of the International Legal Technology Association. ILTACON remains vibrant and relevant, having found its compass after several rocky years of internal squabbling.

I just returned from Orlando and five days of impressive ILTACON content at the Swan and Dolphin hotels near EPCOT.  I talked about discovery tools and whether they’ve kept pace with the sea changes in electronic evidence.  My take: lawyers are behind the curve and tool vendors aren’t doing nearly enough to bridge the gap.

I’m a passionate student of architecture, with no particular skills, but boundless enthusiasm.  Thus, it was pleasing to experience the Swan and Dolphin Hotels, icons of post-modernism and two of the late architect Michael Graves’ most successful efforts.  Postmodernism was to last-century architecture what the leisure suit was to 1970’s fashion.  PoMo is no mo’, and none need mourn its passing.  Audacious in 1990, the Swan and Dolphin remain a good fit for the fever dream of Walt Disney World.  Outside of Orlando and Las Vegas, the absurd scale, palette and garish embellishment would have long lost its luster; yet in the House of the Mouse (and dead-flat Orlando), they still work.  Aesthetically, that is, not functionally.  The interiors are awful and the sprawl exhausting.  Home to ILTACON’s evening events, the dark, charmless Pacific Ballroom, should be renamed the Hangar of Terror (photo below.  Note the free throw competition hoop and backboard with tables beyond. What could POSSIBLY go wrong?).

 

Continue reading

Who says You Can’t Bates Number Native Productions?

A writer’s hubris is the conviction that when you’ve covered a topic, you’ve had your say.  But new readers rarely have time or desire to plumb earlier work and, were they to try, much of what I wrote on the underpinnings of e-discovery and forensics was long ago stolen away like Persephone to a paywall-protected underworld, leaving this Demeter to mourn.  So, I briefly return to a point that has never gained traction in the minds of the bar, viz. why producing in native file formats doesn’t require we give up cherished Bates numbering.  Doug Austin, the Zeus of e-discovery bloggers, recently re-addressed the same topic in his estimable E-Discovery Daily.  Call me a copycat, but I was here first.

As many times as I’ve written and spoken on the Native DeBates, I’ve never felt I nailed the topic.  I’ve not succeeded in conveying the logic, ease and advantage of a bifurcated approach to Bates numbering and pagination.  So, one more shot.

Start by imagining a world where, instead of just numbering pages, runaway enumeration demanded everyone number lines of text in each item produced in discovery.  That’s not far-fetched considering that pleadings in California and deposition transcripts everywhere have long numbered lines.  If I demanded that of you in discovery, wouldn’t you sensibly respond that it’s overkill and lawyers have managed just fine by numbering by page breaks instead?

Now that you’re thinking about the balance between enumeration and overkill, let’s set aside tradition and come at Bates numbering by design.  Mark a fancy word: unitization.  Everything is unitized: time in days and hours, buildings in square feet or meters, television in seasons and episodes, books in chapters and pages.  Humans love to unitize stuff, and our units ofttimes grow from quaint and antiquated origins that we cling to because, well, uh, um, dammit, we’ve just always done it that way!

Recently, I had a tough time getting rid of perfectly nice file cabinets because they were sized to hold files fourteen inches wide.  When I became a lawyer, every pleading had to be filed on fourteen-inch-long “legal size” paper, not the familiar eleven-inch letter paper.  Later, courts abolished legal size pleadings and…poof…that venerable unit was history. Now, even the notion of filing paper with courts is a relic.  Things changed because it was cheaper and more efficient to change.  Standards do change and units do change, even in the staunchly stodgy corridors of Law. Continue reading

Have We Lost the War on E-Discovery?

Is there a war on e-discovery?  Sounds like a paranoid notion, but the evidence is everywhere.  The purpose of discovery is to exchange information bearing on matters in litigation, particularly material tending to prove or disprove the parties’ claims and defenses.  The soul of discovery is disclosure of relevant records and communication, limited by privilege and proportionality. So, you’d think the focus of e-discovery would be on where information resides and the forms it takes, on how to preserve it, collect it and produce it.  That was what we talked about a decade ago, but, no more.

Now, when I look at the composition of e-discovery education, I’m flummoxed by how the tide has turned to anti-discovery topics.  Instructing lawyers how to surface information has been steadily supplanted by how to keep information at bay and defend failures to disclose. There is no balance between supporting the right to obtain information and the right to withhold it.

Proportionality is about limiting the scope of discovery.  Privacy and GDPR seek to limit access to information.  Cost control is code for circumscribed discovery.  Even cybersecurity tends to be positioned to confound discovery.  I see discussions of “streamlining” privilege logs that advocate giving as little information as possible about items withheld on claims of privilege.  Considering the regularity with which privilege claims are abused, shouldn’t we require greater specificity be brought to logging so that privilege stops being the black hole in which we hide everything we don’t want to hand over?  Privilege is anathema to evidence and must be narrowly construed.  No one talks about that.

Don’t get me wrong.  These are important topics.  Discovery needs to be just, speedy and inexpensive.  But why do we keep forgetting that there’s a comma in there?  Will we ever balance our self-interest in advancing our client’s wishes against our common interest in a justice system that serves everyone? Continue reading

Electronic Storage in a Nutshell

I’ve just completed the E-Discovery Workbook for the 2019 Georgetown E-Discovery Training Academy. The Workbook readings and exercises plot the path that evidence follows from the documents lawyers use in court back to the featureless stream of binary electrical impulses common to all information stored electronically. At nearly 500 pages, the technology of e-discovery is its centerpiece, and I’ve lately added a 21-point synopsis of the storage concepts, technical takeaways and vocabulary covered. Here is that in-a-nutshell synopsis:

  1. Common law imposes a duty to preserve potentially-relevant information in anticipation of litigation
  2. Most information is electronically-stored information (ESI)
  3. Understanding ESI entails knowledge of information storage media, encodings and formats
  4. There are many types of e-storage media of differing capacities, form factors and formats:

    a) analog (phonograph record) or digital (hard drive, thumb drive, optical media)

    b) mechanical (electromagnetic hard drive, tape, etc.) or solid-state (thumb drive, SIM card, etc.)

  5. Computers don’t store “text,” “documents,” “pictures,” “sounds.” They only store bits (ones or zeroes)
  6. Digital information is encoded as numbers by applying various encoding schemes:

    a) ASCII or Unicode for alphanumeric characters;

    b) JPG for photos, DOCX for Word files, MP3 for sound files, etc.

  7. We express these numbers in a base or radix (base 2 binary, 10 decimal, 16 hexadecimal, 60 sexagesimal). E-mail messages encode attachments in base 64.
  8. The bigger the base, the smaller the space required to notate and convey the information
  9. Digitally encoded information is stored (written):

    a) physically as bytes (8-bit blocks) in sectors and partitions

    b) logically as clusters, files, folders and volumes

  10. Files use binary header signatures to identify file formats (type and structure) of data
  11. Operating systems use file systems to group information as files and manage filenames and metadata
  12. File systems employ filename extensions (e.g., .txt, .jpg, .exe) to flag formats
  13. All ESI includes a component of metadata (data about data) even if no more than needed to locate it
  14. A file’s metadata may be greater in volume or utility than the contents of the file it describes
  15. File tables hold system metadata about the file (e.g., name, locations on disk, MAC dates): it’s CONTEXT
  16. Files hold application metadata (e.g., EXIF geolocation data in photos, comments in docs): it’s CONTENT
  17. File systems allocate clusters for file storage; deleting files releases cluster allocations for reuse
  18. If unallocated clusters aren’t reused, deleted files may be recovered (“carved”) via computer forensics
  19. Forensic (“bitstream”) imaging is a method to preserve both allocated and unallocated clusters
  20. Because data are numbers, data can be digitally “fingerprinted” using one-way hash algorithms (MD5, SHA1)
  21. Hashing facilitates identification, deduplication and de-NISTing of ESI in e-discovery

All of these topics and more are covered in depth at the Academy, punctuated by substantive and substantial hands-on exercises. We ask more of the students than most seasoned e-discovery professionals can deliver. It’s hours of effort before you arrive and a full week of day and night endeavor once you’re here. Over a thousand pages of written material covered in toto.  Really, no picnic.  A true boot camp.  It exhausts and overwhelms those anticipating conventional professional education; but those who do the work emerge transformed.  They leave competent, confident and equipped with new eyes for ESI. Think you can hack it? We can help. Hope to see you there June 2-7.

P.S. No member of the Academy faculty is compensated.  We are all volunteers, there because we believe the more you know about e-discovery, the more you can contribute to the just, speedy and inexpensive administration of justice.

Mueller? Mueller? More E-Discovery Lessons from Bill and Bob

 

I read a couple of good articles on the e-discovery implications of the Mueller report and tweeted,

The Mueller report underscores why image+ productions are ridiculous. Compare the OCR to the true text. It’s a mess, so search is off. Image files many times larger than the native, ergo much more costly to load, store, host, transmit. BTW: YES, you CAN redact a Word file. It’s XML!

This bears fleshing out, and I want to do it by sharing a simple trick enabling you to peer inside the raw guts of a Microsoft Word file and understand why native redaction isn’t the pipe dream some try to make it.  But first, let’s unpack the jargon.

“Image+” or “TIFF+” productions refer to the common practice of fixing the content of a document by printing the file to a static image format like TIFF or PDF.  I use “fixing” in the sense of making something permanent, but it’s also accurate to use it the way we speak of “fixing” a cat; that is, cutting its balls off.

The “plus” in TIFF+ refers to the need to supply the native file’s searchable text and application metadata in ancillary load files to accompany the page images.  That is, rather than supply the evidence, producing parties degrade it to a deconstructed “kit” version of the evidence that requesting parties must load into review platforms to restore a crude level of searchability. This enables producing parties to suppress content (like embedded comments, speaker notes and changes in text documents) and much of the application metadata of the original.  It also neuters the evidence.  It’s no longer functional in the programs that created it, like Word, PowerPoint or Excel.

I’ve written extensively about this elsewhere (e.g., Lawyers’ Guide to Forms of Production ), and I try to present the pros and cons of TIFF+, notwithstanding my belief that the cons decidedly outweigh the pros.  It largely comes down to Bates numbers and disagreement about how and when those fetishistic Bates identifiers should be added to evidence and at what absurd cost.

TIFF+ enables producing parties to sidestep their obligation to review unprinted information for responsiveness and privilege.  Instead, they silently make that content disappear like a “fixed” cat’s testicles.  To be fair, most lawyers know so little about ESI processing that they are blissfully unaware it’s happening, so they deny it with genuine equanimity.  When you force them to acknowledge the spoliation, they fall back on claiming that, whatever they excised and didn’t review wouldn’t have been worth the trouble of reviewing or producing.  Genius, right?

Apart from what’s missing from the dumbed-down data, the big objection I offer to TIFF over native productions is the huge size difference between them.  TIFF productions are much, much fatter.  Though information and utility has been stripped from the images, the degraded set is nonetheless many times larger (measured in bytes) than the native originals.

Because most e-discovery service providers price their wares by the gigabyte volume going into, onto and out of their systems, bigger files mean bigger bills.  Much bigger files mean…well, you get it.

Perhaps you’re thinking, “Craig, you sad, sad Cassandra; how much bigger can these image sets be than their native counterparts?”  Would ten times bigger surprise you? Well, then surprise!  But, they’re usually more than ten times larger.  It’s not a one-off rip-off either.  Most hosted platforms charge you for the fatter file volume every month.  Over, and over, and over again.

Sucker. Continue reading

Storage Media: Long Past Herman Hollerith

It’s that semiannual time when I revise my E-Discovery Workbook in advance of the Georgetown Law Center eDiscovery Training Academy.  That means foregoing sunny Spring days in The Big Easy to pore over 500 pages of content and exercises to make them as durable and endurable as I can.  More-and-more, I find I’m adding historical perspectives.  It’s a fair criticism that, with so much to cover, I should restrict my focus to contemporary technologies and leave the trips down memory lane to my dotage.

I can’t help myself.  Though we’ve come far and fast, the information technologies of my youth are lurking just beneath the slick surfaces of the latest big thing.  The punch card storage and tabulation technologies Herman Hollerith (1860-1929) used to revolutionize the 1890 U.S. census are just a hair’s breadth behind the IBM card technologies that dominated data processing for much of the 20th century and cousin to the oily, yellow perforated paper tape that Bill Gates and I used on opposite coasts to learn to program mainframe computers via a teletype terminal in the 1970s.  The encoding schemes of that obsolete media differ from those we use today principally in speed and scale.  The binary fundamentals are still…fundamental, and connect our toil in e-discovery and computer forensics to the likes of Charles Babbage, Alan Turing, Ada Lovelace, John von Neumann, Robert Noyce and both Steves (Wozniak and Jobs).

In the space of one generation, we have come very far indeed. Continue reading

The Computer Book: A Pleasant Stroll through the History of Computing

I returned from frigid New York City last night, modestly triumphant that I hadn’t botched my interview with Watergate journalist and Fear author Bob Woodward.  Woodward turned out to be just the nicest guy and we got on swimmingly.  I shouldn’t be surprised as many of the highly successful people I’ve known have proved courteous and generous of spirit.  I guess nice guys finish first because we are happy to help them succeed.

In New York, heading to the Whitney to take in the excellent Andy Warhol retrospective, I happened on an architectural antiques store in the Meatpacking District called Olde Good Things.  I love such places and was delighted to find they were selling vintage Jacquard loom cards.  I collect (NERD ALERT!) examples of milestone computing technologies, especially antecedent digital storage devices like piano rolls, magnetic core memories and, now, Jacquard loom cards!  I use these for “show-and-tell” in my digital evidence classes.  In a touching twist, the cards I bought were salvaged from an abandoned lace factory in Scranton, Pennsylvania, the old coal town a/k/a Electric City where my father grew up and is laid to rest.  Here’s my acquisition:

This digression has a purpose.  Waiting for me on my return to New Orleans was a book I’d ordered called, “The Computer Book” by Simson Garfinkel and Rachel Grunspan.  It’s subtitled, “From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science;” but, don’t be put off by that mouthful; it’s a delightful read and a visual feast.  Each of the 250 well-curated, chronological milestones are flanked by gorgeous full-page photography.  Among them, Milestone 13, The Jacquard Loom:

The punched cards used in the Jacquard loom circa 1801 were later adapted by inventor Herman Hollerith to tabulate the U.S. Census in 1890 and were forerunner to the punched IBM cards that were a common medium to enter and store digital data from the 1930s through 1970s.  Another descendent: the punched paper tape I used to store BASIC computer programs in high school circa 1972.  Our modern computing feats are often smaller, speedier reimaginings of age-old technologies.  The Computer Book ably underscores that evolution.

I bought the book because I’ve followed Simson Garfinkel’s extraordinary career since he was a graduate student buying second hand hard drives and scaring the snot out of people by revealing how much sensitive “deleted” data could be resurrected via forensic file carving.  That’s common knowledge now, but largely because pioneers like Simson made it so.  Simson is Professor Garfinkel today as well as the Senior Computer Scientist for Confidentiality and Disclosure Avoidance at the US Census Bureau.  Shades of Herman Hollerith! Simson holds seven patents and has published dozens of articles on computer security and digital forensics.

I’m considering making the book required reading for my law classes–something I’ve not done before as I prefer my students not go out-of-pocket.  The Computer Book succeeds in being accessible to the lay reader in a way few books about computing match. To really understand technologies, laws or people, it pays to delve into their origins.  If I ran the world, The Computer Book would be required reading for anyone in the e-discovery space.