Rule 30(b)(6) Depsitin Questin Tpics Electrnic Data Systems & Management Technical Witness The parameters f a Rule 30(bH6) depsitin may vary greatly frm case t case, but the fllwing categries f depsitin questins and tpics will serve as a gd utline when preparing questins fr depsitin r when preparing a crprate witness fr questins by ppsing cunsel. Qualificatins and and Organizatinal Structure Describe yur educatinal backgrund and wrk experience. i. What is yur educatinal backgrund, including all diplmas, degrees r certificates received? ii. What frmal technical training have yu had? iii. List yur wrk experiences (including all cmpanies and psitins held) fr the past 15 years. iv. Hw lng have yu been emplyed with yur current cmpany? List all psitins held. v. Describe yur current psitin and all dunes assciated with it vi. What steps did yu take t prepare fr depsitin? Describe the cmpany s rganizatinal structure. i. T whm d yu reprt? Wh reprts t yu? ii. Describe it department stmcture (including ther physical lcatins). iii. What rle have yu had r will yu have in respnding t electrnic discvery requests? Systems Prfile Describe the types f data prcessing and data strage devices used by the cmpany in the curse f business. i. What backrm hardware is in yur rganizatin? (Mainframes, mini cmputers, electnic mail servers, file servers, fax servers, vicemail servers, etc.)? ii. What wrkstatin hardware? What brand (Dell, Gateway, generic IBM clne, etc.); what perating system (Win 95/98/ME/XP/Vista, ther); and what is the average size f desktp hard drives? iii. Are ntebks used? What brand (Dell, Gateway, generic IBM clne, etc.); what perating system (Win 95/98/ME/XP/Vista, ther); and what is the average size f ntebk hard drives? iv. Are persnal digital assistants (PDAs) used? If s, what brand(s) (Palm, Pcket PC devices, etc.)? v. What backup systems are in use? Specifically, prvide the hardware, tape frmats (DAT, DLT, QIC), tape capacities, and backup sftware (brand, versin, cnfiguratin) used. vi. What ptical strage devices are used? What type (CD R, CD RW, DVD RAM), and recrding sftware (brand, versin, cnfiguratin)? vii. What elecnic strage devices are used (nn vlatile RAM, smart cards, etc.)? viii. What ffice machines are used? What cpiers, fax machines, vicemail systems (brands, mdds, serial numbers)? (NOTE: Mst f these devices cntain hard drives.) Netwrk lnfrastructure and Netwrk Services Describe the cmpany s netwrk architecture and usage plicies. i. Hw is the cmpany s netwrk cnfigured (ruter, hubs, firewalls, etc.)? Wh manages the netwrk devices? ii. D desktp/laptp/handheld systems have netwrk cards and)r mdems installed? If s, identify make, mdel, speed settings, and usage plicy. iii. Des the cmpanys netwrk use any nn Ethernet cnnectivity? If s, describe.
iv. Hw many users are n the netwrk at this lcatin and at ther lcatins? v. Hw is user data segmented and prtected n the netwrk? vi. Hw d users wrk n the netwrk (e.g., file sharing, file strage, centralized apphcatins, and ther applicatins)? vii. Describe/identify the types f netwrk services and sftware prgrams used n the cmpany s cmputer system(s) Industry specific applicatins (e.g., distributin cntrl, reservatin system, manufacturing inventry cntrl, etc.). Prprietary systems. Office autmatin sftware. Wrd prcessing, spreadsheet, presentatin prgrams, etc. Internet brwsers. Database servers and database management prgrams (statistical, risk analysis, etc.). Electrnic mail systems and client prgrams. Calendar/scheduling servers and client prgrams. Dcument management systems. Finance r accunting systems. Remte cnnectin applicatins (e.g., FTP server/client, web based (GtMyPC.cm), PCAnywhere, LapLink). Chat prgrams (e.g., ICQ, IRC, etc.). Other applicatins User Wrkstatins Describe all type(s) f user wrkstatin systems and client prgrams currently in use. i. What perating systems are used? {Windws NT/2000/XP, Linux} If Micrsft based, what service packs are installed? If Linux, what is the distributin {Red Hat, Debian, Mandrake, etc.}; what versin f the Kernel is running; and what windwing system is in use (Gnme, KDE)? ii. Prvide a list f the sftware packages installed. iii. List installatin date(s). iv. Prvide the number f users wh have access t each wrkstatin. v. Identify lcatin f users electrnic mail files. Fr example, are electrnic mail messages stred in My Dcuments? vi. D users select the lcatin fr their electrnic mail messages, r des the system administratr make that decisin? Identify the persn(s) respnsible fr the nging peratin, maintenance, expansin, backup, and upkeep f the user wrkstatins. i. Hw frequently d these activities ccur (accrding t plicy and actual practice)? ii. Are utsurced facilities/cntractrs used? List names and services prvided, if applicable. D any emplyees use hme cmputers fr business purpses? If yes: i. Identify relevant emplyees. ii. Hw are files transferred t and frm hme cmputer (remte access, types f remvable media, if used), electrnic mail, LapLink, mapped drive t server, etc.)? Are user wrkstatins backed up? Obtain infrmatin fr each system. i. Describe the backup sftware prgram(s) used (e.g., ARCeerve, Backup Exec, etc.). ii. What cntent d backups cntain? iii. Hw frequently are backups perfrmed (daily, weekly, mnthly, etc )?
iv. Is the backup prcess autmated? v. Describe the type f backup media used (tapes, discs, drives, and/r cartridges). vi. Describe the tape rtatin cycle. vii. Have any tapes been pulled frm rtatin? viii. What is the lcatin f the backup media (ff site strage, ut f state strage, etc.)? Hw des the media get t the strage lcatin? ix. Hw are tapes stred (e.g., racks, cabinets, etc.)? x. What is yur tape destructin methd (e.g., degauss, shred, etc.)? xi. Are backup tapes labeled? If s, describe labeling prtcl. xii. Are backup tapes indexed by the backup sftware and/r lgged? xiii. D yu keep r discard utdated backup drives r sftware? xiv. Wh has access t backups? xv. Wh actually perfrms backups? xvi. Are backups passwrd prtected? Wh has the passwrds? Have yu mdified yur backup prcedures t cmply with recent discvery requests? i. Describe any mdificatins. ii. Describe the steps taken t ntify emplyees invlved in perfrming backups. Are files ever deleted frm the cmputer system(s)? If yes: i. Des the cmpany have a file purge schedule? ii. Are files rutinely deleted frm wrkstatins when emplyees leave r are reassigned? iii. Describe the methd(s) used t0 delete files. Are files archived ff the system? i. What files have been archived? ii. Where are the archival backups maintained? Have yu restred data frm a wrkstatin backup tape within the past (XX) mnths? If yes: i. What data was restred? ii. Was the restratin peratin successful? iii. Describe the resurces required t perfrm the restratin (labr hurs, equipment, drive space, etc.). iv. Why was the data restred? Are passwrds r encrypted files used n any f the user wrkstatins? If yes: i. Describe what is prtected (electrnic mail, files, transmissin f data, etc.). ii. Describe hw files are prtected. iii. Wh culd prvide access cdes if required? iv. Wh has super user status? Are passwrds and access cdes revked/changed when an emplyee leaves the cmpany/agency? i. Hw and by whm is this prcess managed? Electrnic Mail Identify persnnel respnsibie fr administering the electrnic mail system(s). i. Include infrmatin abut multiple ffices r lcatins, if relevant.
Describe all type(s) f electrnic mail server systems and client prgrams currently in use. i. What perating systems are used {Windws NT/2000/XP, Linux, Nvell, Unix, prprietary}? If Micrsft based, what service packs are installed? If Linux, what is the distributin {Red Hat, Debian, Mandrake, etc.}; what versin f the Kernel is running; and what windwing system is in use (Gnme, KDE)? ii. Prvide server name(s) and versin number(s). iii. List installatin date(s). iv. Prvide the number f users n each system. v. Identify lcatin f users electrnic mail files. Fr example, are electrnic mail messages stred in a central lcatin a server r lcally n users desktps. r bth? vi. D users select the lcatin fr their electrnic mail messages, r des the system administratr make that decisin? vii. Is there mre than ne pst ffice n the system? If yes, identify pst ffice lcatins. viii. Are pst ffices lcated n mre than ne server r drive? ix. Is electrnic mail transferred via POP, IMAP, r SMTP? Can users access their electrnic mail remtely (i.e., frm utside the ffice)? i. If yes, what prgrams r applicatins are used? ii. Des a transactin recrd exist t dcument access? Are electrnic mail passwrds rutinely changed? i. Describe prtcls. ii. Wh manages this prcess? Are janitrial prgrams run t purge electrnic mail? (Janitrial prgrams can be set t empty wastebaskets n a set schedule). i. Describe prtcls. ii. Wh manages this prcess? Were ther electrnic mail systems used in the past? If s, prvide answers t questins in electrnic mail sectin abve. Are special electrnic mail retentin settings active (e.g., the Deleted Items Retentin setting in Micrsft Exchange)? List all electrnic mail systems in the cmpany that are backed up. Obtain infrmatin fr each system. i. Describe the electrnic mail backup sftware prgram(s) used (e.g., ARCserve, Backup Exec, etc.). ii. Is the backup a full backup r a brick level backup? iii. Hw frequently are electrnic mail backups perfrmed (daily, weekly, mnthly)? iv. Is the electrnic mail backup prcess autmated? v. Describe the type f electrnic mail backup media used (tapes, discs, drives, and/r cartridges). vi. Describe the tape rtatin cycle. vii. Have any tapes been pulled frm rtatin? viii. What is the lcatin f the electrnic mail backup media (ff site strage, ut f state strage, etc.)? Hw des the media get t the strage lcatin? ix. Hw are electrnic mail backup tapes stred (e.g., racks, cabinets, etc.)? x. What is yur tape destructin methd (e.g., degauss, shred, etc.)? xi. Are electrnic mail backup tapes labeled? If s, describe labeling prtcl. xii. Are electrnic mail backup tapes indexed by the backup sftware and/r lgged? xiii. D yu keep r discard utdated electrnic mail backup drives r sftware? xiv. Wh has access t electrnic mail backups? xv. Wh actually perfrms electrnic mail backups?
xvi. Are electrnic mail backups passwrd prtected? Wh has the passwrds? Have yu mdified yur electrnic mail backup prcedures t cmply with recent discvery requests? i. Describe any mdificatins. ii. Describe the steps taken t ntify emplyees invlved in perfrming backups. Are files ever deleted frm the electrric mail system(s)? If yes: i. Des the cmpany have a file purge schedule? ii. Are files rutinely deleted frm servers when emplyees leave r are reassigned? iii. Describe the methd(s) used t delete files. iv. Are electrnic mail accunts clsed/purged when an emplyee leaves? Are files archived ff the system? i. What files have been archived? ii. Where are the archival backups maintained? Have yu restred data frm an electrnic mail backup tape within the past (XX) mnths? If yes: i. What data was restred? ii. Was the restratin peratin successful? iii. Describe the resurces required t perfrm the restratin (labr hurs, equipment, drive space, etc.). iv. Why was the data restred? Are passwrds r encrypted files used n any f the electrnic mail systems? If yes: i. Describe what is prtected (electrnic mail, attachments, transmissin f data, etc.). ii. Describe hw files are prtected. iii. Wh culd prvide access cdes if required? iv. Wh has super user status? v. What access rights d different grups/users have? Are passwrds and access cdes revked/changed when an emplyee leaves the cmpany/agency? i. Hw and by whm is this prcess managed? Databases Describe all type(s) f database server systems and client prgrams currently in use. i. What perating systems are used {Windws NT/2000/XP, Linux, Nvell, Unix, prprietary}? If Micrsft based, what service packs are installed? If Linux, what is the distributin {Red Hat, Debian, Mandrake, etc.}; what versin f the Kernel is running; and what windwing system is in use (Gnme, KDE)? ii. Describe the type f databases used by the cmpany {CRM, accunting, etc }. iii. Identify the system administratr fr each? Identify the type(s) (names) f database sftware used. (Orade, dbase, Advanced Revelatin, Access, prprietary, etc ). i. Describe the fields f infrmatin used in the database(s). (Data fields are categries f infrmatin such as names, scial security numbers, file numbers, dates, etc.) Identify the persn(s) respnsive fr: i. Database design. ii. Database maintenance {editing, adding, packing, etc } iii. Reprt design.
iv. Database backup. v. User requests/suggestins. Identify the individual(s) wh enter infrmatin int the database: i. What is the surce f infrmatin? ii. Are entries verified? If s, by whm? Describe hw the database is accessed. i. Identify users. ii. Identify access security levels fr users. iii. Are queries {reprts t the database} stred? If s, where? iv. Describe the utput/respnses t queries. {Printed reprts? Online respnse?} v. Are the respnses stred? If s, where? Describe any standard reprts prepared n a rutine basis. i. Identify recipients. ii. Are these reprrts stred? If s, where? iii. Describe prtcl and detailed instructins fr reviewing the dtabase as it existed (XX) mnths/years ag. List all the database systems in the cmpany that are backed up. Obtain infrmatin fr each system. i. Describe the backup sftware prgram(s) used ( e.g., ARCserve, Backup Exec, etc ). ii. What cntent d database backups cntain? iii. Hw frequently are database backups perfrmed (daily, weekly, mnthly)? iv. Is the database backup prcess autmated? v. Describe the type(s) f backup media used (tapes, discs, drives, andir cartridges). vi. Describe the tape rtatin cycle. vii. Have any tapes been pulled frm rtatin? viii. What is the lcatin f the database backup media (ff site strage, ut f state strage, etc.)? Hw des the media get t the strage lcatin? ix. Hw are database backup tapes stred (e.g., racks) cabinets, etc.)? x. What is yur database backup tape destructin methd (e.g, degauss, shred, etc.)? xi. Are database backup tapes labeled? If s, describe labeling prtcl. xii. Are database backup tapes indexed by the backup sftware and/r lgged? xiii. D yu keep r discard ut dated database backup drives r sftware? xiv. Wh has access t database backups? xv. Wh actually perfrms database backups? xvi. Are database backups passwrd prtected? Wh has the passwrds? Have yu mdified yur database backup prcedures t cmply with recent discvery requests? i. Describe any mdificatins. ii. Describe the steps taken t ntify emplyees invlved in perfrming backups. Are files ever deleted frm the database system(s)? If yes: i. Des the cmpany have a purge schedule? ii. Describe the methd(s) used t delete data. iii. Are accunts clsed/purged when an emplyee leaves? Are files archived ff the system? i. What files have been archived? ii. Where are the archival backups maintained?
Have yu restred data frm a database backup tape within the past (XX) mnths? If yes: i. What data was restred? ii. Was the restratin peratin successful? iii. Describe the resurces required t perfrm the restratin (labr hurs, equipment, drive space, etc.). iv. Why was the data restred? Are passwrds r encrypted files used n any f the database systems? If yes: i. Describe what is prtected (data, transmissin f data, etc.). ii. Describe hw files are prtected. iii. Wh culd prvide access cdes if required? iv. Wh has super user status? Are passwrds and access cdes revked/changed when an emplyee leaves the cmpany/agency? i. Hw and by whm is this prcess managed? Miscellaneus Are yu aware f the prductin\cllectin f electrnic dcuments in any ther litigatin r legal prceedings? i. What cases? ii. Relevant time perids? iii. What was prduced, and in what frmat? Are yu aware f any alternative surces f electrnic data r infrmatin? i. Any lcatinsutside the cmpany where electrnic dcuments are regulary sent (including emplyees hme cmputers as well as ther business entities)? ii. Persns wh wuld have knwledge f third parties cmputer systems, where applicable? iii. Details abut the cmpany s websie (Wh develps cntent? What are revisin intervals? Which third parties have access)? Has anyne examined any f the cmpany s cmputers since learning f this lawsuit? If yes: i. Identify f all the invlved parties? ii. Details abut reasns fr examinatin? iii. Prtcl utilized? iv. Results? Litigatin Specific Questins Have yu mdified the use f any cmputers since ntice f litigatin r t cmpny with recent discvery requests? i. Describe any mdificatins. ii. Describe the steps taken t ntify emplyees? What steps have yu taken t ensure electrnic data was preserved? i. Perfrmed mirrr images? ii. Remved backup tapes frm rtatin? iii. Islated key systems frm usage (including remving pwer frm these systems)? iv. Discnnected unnecessary netwrk cnnectins? v. Stpped hardware/sftware updates? vi. Saved brken drives and media? vii. Other?