A computer system never deletes files
Visable:
Documents, spreadsheets, image files, e-mails messages
Files and folders
Programs and applications
Link Files
Log Files
Invisable
Deleted documents, spreadsheets, image files, e-mail messages
File and folders deliberately made invisible ( hidden )
Files system artifacts
Internet History
Print Jobs
Random access memory ( RAM )
Protected storage areas
Storage areas outside the operating systems file system
System log files
Deadlines regarding E-discovery
Rule 16; Pretrial conferences: requires opposing parties to meet and discuss a discovery plan and evaluate the protection and production of ESI within 99 days of the filing of the lawsuit.
Rule26(a); Initial disclosure of sources of discoverable information: Parties must identify all sources and types of ESI to the opposing side according to the time schedule imposed by the court.
Day 1: Lawsuit is filed
Day 99: Opposing parties must meet by this day
By Day 120: The E-discovery plan is due in court by the presenting attorneys office.
Rule26(a); Initial disclosure of sources of discoverable information: Parties must identify all sources and types of ESI to the opposing side according to the time schedule imposed by the court.
Day 1: Lawsuit is filed
Day 99: Opposing parties must meet by this day
By Day 120: The E-discovery plan is due in court by the presenting attorneys office.
How is the data obtained?
Consent search: If an individual voluntarily agrees to the search
Plain view search: An investigator spots an ojec in plain view does not need search warrant.
Search incident to arrest: If suspect is arrested, law enforcement may search area within defendants immediate control
Protective sweep search: Law enforcement is permitted to sweep the entire location doing a visual inspection, and if in plain view during that search evidence can be legally seized.
Plain view search: An investigator spots an ojec in plain view does not need search warrant.
Search incident to arrest: If suspect is arrested, law enforcement may search area within defendants immediate control
Protective sweep search: Law enforcement is permitted to sweep the entire location doing a visual inspection, and if in plain view during that search evidence can be legally seized.
What will we need to know:
1-Are we looking for financial or bank data or accounting ledgers? Child pornography, chat session, please be specific.
2-Which operating system will we be researching
3-Is there a network involved? If yes, which type? Wireless or wired? Windows/Linex based?
4- Are there any external drives to consider?
5-Are passwords or encryption involved?
6- Has Chain of custody been documented for this evidence?
2-Which operating system will we be researching
3-Is there a network involved? If yes, which type? Wireless or wired? Windows/Linex based?
4- Are there any external drives to consider?
5-Are passwords or encryption involved?
6- Has Chain of custody been documented for this evidence?
