Monday, December 27, 2010

Electronic Discovery Just Keeps Getting More Complex


I have this application that I use and it is awesome.  DropBox.  DropBox is a cloud based (Internet) application that allows me and my team to share documents and access them virtually from anywhere.  I can review and edit these documents on my desktop, my laptop, my iPad, and review them on my Android phone.  Talk about convenience.

What is so cool about the application is that it also provides automatic online backup of the documents and keeps a revision history so you can “go back” to a previous version of a document.  It even keeps deleted documents, just in case you didn’t really mean to delete that oh so important Word document.

So why write about this on a digital forensics blog?  Applications like Dropbox are the future of distributed file sharing.  There are quite a few applications that serve the same or similar purpose such as Google Docs, Windows Live Skydrive and Apple’s Mobile Me.

What’s interesting about these applications is the potential to hold discoverable electronic evidence.

The basic approach to ESI (Electronically Stored Information) cases is to follow the who, what, where and how of potential evidence. 

Who are you trying to find out information about, or who owned, modified, deleted or created a document or email.

What are you looking for?  This part is pretty well defined; Email, Documents, Spreadsheets and so forth.

Where might this evidence be stored?  This is what is getting more complicated with more storage options gaining ground in the marketplace.

How do you get the evidence?  In the old days, that was the simplest of questions; either from the computer hard drive or a floppy disk.  You would get access to the computer in question and do the evidence collection.

These days, the interrogatories for building a discovery motion needs to include the possibility of cloud storage applications like these.
Companies should also bear in mind that since these applications sync file to multiple devices, and an employee now has a copy of the files and can access them from their home computer as well as their office computer or company laptop.

When you look at obtaining electronic discovery, one of the approaches now must be:  Does the custodian of interest have access to or participate in on-line shared storage options beyond SharePoint server or a company file share.  If the company is using an on-line backup service in the cloud, will documents be available there that are not on the local computers and servers?

The beauty of applications like Dropbox is the audit trail that is automatically created when documents are modified or deleted from  Dropbox.


Dropbox also keeps a log of all events that occur:


While there is a limit to how far back you can restore a file, the history of events goes back for months.

I encourage you to think outside the box, no pun intended, when considering what you want to ask for in electronic discovery and how you might gain access to it.

No comments:

Post a Comment

I have moderated my comments due to spam.