Michael McCartney, President

Transcription

1 Michael McCartney, President Litigation Landscape Computer Forensics Overview Forensic Data vs. Non-Forensic Dangers of Hard Drives Forensic Process HR Escrow Proactive Forensics Pit falls to avoid 1

2 650 New Federal HR Related Cases filed everyday! Employment Labor Law Cases = 30% of ALL civil litigation in US Compliance regulatory enforcement Bullying Sexual Harassment Social Media Cyber Crime - Terrorism Industry Specific Regulations POLICIES, POLICIES, POLICIES NLRB v American Ambulance Employee fired over Facebook post Written policy about disparaging company on social media Employee has the right to talk about working conditions, including the supervisor Policy overbroad Case Settled Issue unresolved 2

3 NLRB v Hispanic United of Bflo Discharge of 5 Employees over Facebook posts. Critical of work of co-workers Several text messages W/ED Terminated w/ others who commented on FB Concerted Activity (others) NLRB v Karl Knause motors Luxury auto line Sales Event Hot dogs, chips, water Accident; Photos facebook Posted Alone but others concerned Concerted activity over commissions 3

4 TEKsystems, Inc. v. Hammernick et al. Restrictive covenant lawsuit regarding allegedly unlawful conduct via social media (linkedin) Stipulated Order enforcing nonsolicitation 4

5 Free Open exchange of Information Corporate Culture Reputation of Organziation Free Speech? Protected Concerted Activity? 24/7 Access Privacy Litigation or Investigation? Hold Notices Subpoena s Court Orders Consent Black Bag Jobs ID Digital Devices Laptops, Desktops, Servers, BlackBerries, Smart Phones, Home Computers, USB Drives, CD s, DVD s, Smart/Flash media. ID Departments IT, Legal, HR, Security, Etc. 5

6 Network data (non-forensic) Network File shares AND Device Side Data (Forensic) Laptops Desktops Handhelds (smart phones) Home Computers (remote access; VPN access) Network IT Data - Non-Forensic Data from Network server User files from Network server Logical File Copies from employee devices Log/access Files Potential Issues Limited in time and scope Modified, Contaminated or Missing metadata May lack ownership of data No independence Lack expertise or experience in Forensic Science Testifying 6

7 Forensic Data Device Side Data Hard Drive, Hard Drives, Hard Drives! Back-ups, archives, or local stores Web Based ! Internet activity history IM Chat logs (MSN, Yahoo, AIM, Skype, etc) MS Office and system Temp files (pervious versions) Deleted user files Attached external media (USB drives) Hard Drives contain tremendous amounts of user created, system created and corporate protected data! IT staffs routinely wipe a drive clean upon Departure Liggett v. Rumsfeld DOD employee suspended for accessing porn. 7

8 Industries with heavy compliance and regulatory oversight: Colleges/Universities Banking Gaming DoD contractors Publicly traded Others with audit requirements Human Behavior 101 Internal Audit Committees Independent - Independent - Independent 8

9 Establish policy Level/Rank employee devices. Upon Separation/Termination. Make a forensic grade, verified image of the employee s digital devices. Forensic evidence escrowed Evidence Handling and Chain of Custody Forensically analyzed and extracted and provided for review by counsel or HR decision makers when needed. DATA as DATA vs. DATA as EVIDENCE File date and time changes Booting Computer changes/deletes data (1200 files) File copy vs. forensic copy!! Ghost Hidden, system, disguised data easily overlooked Evidence contamination LACK INDEPENDENCE! Spoliation Court ordered Sanctions 9

10 E-Policy Services Litigation Support Services (Expert Affidavits) Enterprise Forensic Services Certified Encase Enterprise Instructors E-Discovery Services Concordance/Summation Processing Hosting Services Paper Services (Scanning, Imaging, OCR) Training Michael McCartney, President Office: Cell: