Oct 13 2010

State of the art in e-discovery

Tag: Informática LegalJoaquim Anguas @ 5:03 pm

E-discovery services are at a point in which some currents are converging.
I find this article «Forensics or against?» puts things into the right context:

Broadly, however, a forensic collection is not required for most commercial litigation matters where there are no allegations of wrongdoing or fraud and / or where the parties have explicitly agreed the approach to collection of data and this does not include a forensic imaging process.»

I could not agree more. Every part in the equation has to add the right amount of value. Or get erased from it.

Oct 12 2010

Forensic Tecnologies Preview Day: Email Analysis Systems

Tag: Informática LegalJoaquim Anguas @ 8:37 pm

I attended the conferences from Mr. Tom Balance, founder and CEO at Vound LLC and Mr. Martin Hermann from NH Service in substitution of Mr. Morgan Sheehy, COO at Nuix.

Mr Balance gave a firsthand approach to their products and was sincere and earnest. He presented his product, Intella, to be centered on email analysis; only email analysis.

From the acquisition of all kind of email stores; to the indexing, searching, tagging, blacklisting; to results presentation, he covered most of the more relevant features of the product.

I found especially interesting its ability to search and process by message-id, or MS metadata, like “author” or “contributor”.

Mr. Hermann presented a different kind of animal.

Nuix is a system that not only allows you to “ingest” and “digest” huge amounts of emails very fast, but also is able to integrate with major litigation support tools like CaseLogistix, ConcordanceRelativity, Ringtail or Access Data’s Summation among others. Of course, this comes to a price, but it is interesting to note that the company is adopting the trend to new business models with new licensing / service oriented proposals.

Oct 12 2010

Forensic Tecnologies Preview Day, Introduction

Tag: Informática LegalJoaquim Anguas @ 8:15 pm

Today I attended “Forensic Technologes Preview Day” held in Karlruhe, Germany, an overview of the state of the art by some of the major players in the field.

I would like to thanks the organizers MH Service for the initiative and specially to Jan for his help before and during the event.

With at least 50% of the attendees being from law enforcement, product demonstration and presentations had some focus to their needs.

There’s also an emerging trend to move forensically sound practices inside the enterprise.

While some providers’ concentrate on horizontal solutions, like Paraben’s  P2 Enterprise or AccessData’s Access Data Enterprise for example, others see vertical approaches and specialization as their core value.

I am not inclined myself to use the term “forensics” widely because of the dissonance between the original meaning of the term (“of or before the forum”, recently “legal” or “related to courts” (see here) and the meaning we find lately: scientific or engineering techniques or activities oriented to derive facts from evidences. Deriving facts from evidences is a matter of interest for legal systems, but also for investigators, auditors and computer security professionals in our context. In my humble opinion mixing disciplines is not recommended. Anyway…

I had the opportunity to share experiences with some law enforcement officers. They pointed me to a Linux distribution I wasn’t aware of: grml. It is not primarily intended for forensic acquisition or analysis, but it looks like it deserves an in depth evaluation. I’ll let you know.

I want to share some comments regarding the presentations in following posts.

Jun 25 2009


Tag: Informática LegalJoaquim Anguas @ 1:33 pm

I am afraid of those terms that start with «e-«. They tend to be created by someone not in the area of expertise, unable to find a better match for a concept he/she wants to use. I prefer to label a common term if really needed, because to me, creating new terms is mostly unneeded and can easily generate confusion.

That’s why last Sunday I felt uncomfortable when I heard “e-discovery” and “evidence rules” used in the same sentence.

To me “e-discovery” is related to the discovery of facts from electronic evidence. Letting aside that I am still to find any electronic evidence that is not computer evidence, the term suggests to me activity that PIs perform in order get knowledge of facts. To get knowledge and to construct evidence are not the same thing.

But there’s a second meaning I wasn’t aware of that made all the sense: there is a discovery phase in a lawsuit following US civil procedure. In this pre-trial phase, parties request evidences from other parties. The aim of this phase is to get to an out of court agreement based on the strength or weakness of each party’s case.

Seems it is a good idea… But I have learnt that there’s some stir in the US because of discovery of computer based information (e-discovery). As a good example, you can read this.

And Quinn Smith at “Redefining International Arbitration in the United States: The Application of 1782 to international Arbitration Proceedings Located in the United States” published at Spain Arbitration Review, pages 93-105, provides a good starting point to discovery and arbitration.

I let you mixing both e-discovery with arbitration as an exercise.