In the spring of 1968, my sixth grade class from suburban Eastchester went to the Loews Capitol Theatre at 51^st and Broadway in New York City to see 2001: A Space Odyssey.  It was an unforgettable event.  Though much of the movie went over our ten-year-old heads, we got the message about tools and evolution when our hairy forebear flung his bone “hammer” aloft and it became a sleek spaceship.  We evolve to use tools, and the tools we use drive our evolution.

We can’t deal with electronic evidence without tools.  The more adept we are with those tools, the more adept we become with electronic evidence.  Tools that let us touch data—hold it up to the light and turn it this way and that—change the way we look at data.  Tools change us.

 I’m always preaching that lawyers must get their hands dirty with data and get back in touch with the evidence.  It’s a metaphor, but it’s also a manifesto.  A master builder needn’t swing every hammer; but, a master builder knows how a hammer feels in the hand. Continue reading →

A big part of my practice is assisting courts and lawyers in cases where it’s alleged that a departing employee has walked off with proprietary data. There’s quite a lot of that. Studies in the U.S. and abroad suggest that some two-thirds of departing white collar employees leave with proprietary data. So, it seems data theft is the norm.

Of course, not all data leaves with the requisite scienter (“evil intent”) to be called theft. In this wired world, who doesn’t have data on thumb drives, phones, tablets, backup drives, webmail accounts, legacy devices, media cards, CDs, DVDs, floppy disks and good ol’ paper? You work for a company a while and you’re going to end up with their stuff strewn all over your devices and repositories. But, few data theft lawsuits stem from stale data on forgotten media.

The “classic” data theft scenario is the after-hours mass movement of copious quantities of closely-guarded internal documents to an external USB hard drive or capacious thumb drive. While such actions look dastardly at first blush, a few dimmer bulbs may actually act with a pure heart, intending to take only their personal data (like family photos or music), but dragging entire folder families that also hold corporate ESI.

I tend to be skeptical of such claims unless the usage patterns that follow and other forensic evidence bear out the “I really thought it was just my stuff” defense.  It’s not hard to tell the difference, so long as devices aren’t lost or corrupted.

But you may be wondering: How do forensic examiners determine data was taken, and how do they identify and track storage devices used to carry away ESI? Continue reading →

I don’t do paid product endorsements (though I’m flattered when someone asks that I do).  So, if I sound like a shill when I come across something that helps me, it’s because I want it to help you, too.  That said, if you buy something as important and expensive as an e-discovery tool or review platform just because I use and like it, you haven’t done your due diligence.

I do freely endorse products I use and love (and I try to be as reticient as my big mouth allows concerning products I use and don’t love).  There are a handful of tools that fall into the category of “What would I do without them?”   Some are free little gems, like FTK Imager.  Others, like X-Ways Forensics or Prooffinder, are extraordinary bargains that pay for themselves in every case.  Finally, there are tools that don’t come cheap but equip lawyers, firms and companies with such powerful capabilities that they tip the scales steeply in their users’ favor in terms of getting a handle on the cost and complexity of e-discovery.  One of these is Nuix, an Australian import that I turn to almost daily to gain the upper hand with the evidence in my cases.

With that gassy preface, let me spill the beans on a little video that offers a lively perspective on data volumes in e-discovery.  It commits the cardinal sin of offering a byte equivalency for ESI, but it does it in the right way: by stating its assumptions up front and identifying the composition of the data used for the extrapolation.  Above all, I applaud Nuix’ courage in choosing beans to make its point.  Considering the well-known propensities of the musical fruit, it’s hard to conceive of a better analogue for the gusts of hype that will waft through the halls of LegalTech New York next week!  See you there!

I give about 50-70 educational presentations each year, so I do a fair number of sound checks.  “Testing. one, two, three.  Testing, testing.”  Scintillating stuff, and hopefully not the highlight of the show.

But “testing, testing” may indeed be the most important point I make, because “testing, testing” should be the mantra of all who use keyword search in e-discovery.  Few actions deliver as much bang for the buck as simple testing of search terms, or do more to forestall boneheaded mistakes.

The tip I share today is one that will cost you little and but could save your client or company a lot of time, money and grief.  It’s a capability lawyers can and should have at the ready, on their very own desktops. Continue reading →

There’s always so much great stuff to do in Washington D.C. in the summertime.  If I could be there next Friday evening, July 13, I might (as I did last month) take in the patriotic repertoire of the U.S. Army Band on the west steps of the Capitol or catch the comedic Capitol Steps at the Ronald Reagan Center.  Plus, there’s Cirque de Soleil at the Verizon Center.  But if I were in D.C. next Friday, the event I surely wouldn’t miss would be to hightail it over to the Hilton Washington at 1919 Connecticut Avenue NW from 6:15-7:15PM to hear the DOJ’s incomparable Ovie Carroll talk about Computer Forensics for Legal Professionals in the International Ballroom East. Continue reading →

I’m teaching e-discovery at the University of Texas Law School this semester, and though it’s been a lot of work, and challenging to conform my peripatetic practice to a fixed routine, I love being back in the classroom with bright students.  So far, I’m pretty sure no one in the class has learned more than I have.

I’ve learned that however witty I imagine I might be in front of a lawyer audience, I’m not funny in the slightest to a bunch of stressed out 2Ls.  And, I’ve discovered that I need fresh technology metaphors because references to pre-1990 devices draw blank stares.  Despite the resurgent coolness of vinyl, twenty-somethings have never heard of a “tone arm” nor experienced an “auto reverse” cassette deck.  Of course, what were you thinking, old timer?!?!

Unlike practicing lawyers, law students don’t devote all their creative ingenuity to fashioning arguments why they can’t (or shouldn’t have to) learn the nuts and bolts of information technology.  I tell the class it will be on the midterm, and they have all the motivation they need to wrap their nimble noggins around sectors and clusters, hashing and hex.  The power to test those you teach is awesome, and may be what’s missing from CLE.  You can bet you’d see better speakers and more attentive listeners if attendees had to pass a test on the material to get their CLE credit.  But I digress. Continue reading →

I can hardly believe it’s taken this long to get back to blogging.  It’s been a whirlwind of new matters and teaching of late, such that I looked up from my computers to find I’d mislaid January.

This is a short post about two invaluable files often missed when parties consider what to collect and process for discovery.  If you’re not preserving, collecting and processing IPD and OST files, you may be missing some pretty important stuff.  And, if your vendor doesn’t know how to process them, you’re certainly missing something. Continue reading →

One of the pleasures of my practice is staying abreast of what others have to say about e-discovery and computer forensics.  I try not to miss much, though the chorus of voices has grown markedly in the last five years,  The challenge is choosing wisely for the quality of discourse hasn’t kept pace with the volume.  I’m in the debt of vigilant folks like Rob Robinson, a really nice guy who takes the time to run the traps of blogs and publications to insure that many voices worth hearing are heard.

Rob is Vice President of Marketing for e-discovery service provider, Orange Legal Technologies in Salt Lake City, but like your’s truly, Rob’s based in Austin.  Rob publishes his Unfiltered Orange list through all the major networking streams, so if you want Tweet updates, you can follow @OrangeLT.  I prefer the weekly compendiums which can be seen HERE, subscribed to HERE or added as an RSS feed.

Thanks, Rob!  Great work!