INFO[rmation fo]RENSICS

FRCP Rule 37(e) (Preservation) is Changing

On April 11th, the Civil Rules Advisory Committee approved a  revision to Rule 37(e) (the section covers failure to preserve Electronically Stored Information (ESI)).  The new draft reads, as follows:

“(e) FAILURE TO PRESERVE ELECTRONICALLY STORED INFORMATION. If electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve the information, and the information cannot be restored or replaced through additional discovery, the court may:

(1) Upon finding of prejudice to another party from loss of the information, order measures no greater than necessary to cure the prejudice;

(2) Only upon a finding that the party acted with the intent to deprive another party of the information’s use in the litigation,

(A) presume that the lost information was unfavorable to the party;

(B) instruct the jury that it may or must presume the information was unfavorable to the party; or

(C) dismiss the action or enter a default judgment.”

You’ll note that the existing Rule 37e language is nowhere to be found:

“Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.”

You can read the proposed changes on the US Courts site, here.

 Popular Legal Websites Affected by the Heartbleed Flaw

Robert Ambrogi’s blog, “LawSites” had a post listing sites, popular with attorneys, that were affected by Heartbleed.  You can view that site here.  If you don’t know what “Heartbleed” is, you will need to.  You can view the Inforensics Blog post, to catch up.

Box.com, and Dropbox.com were, according to Ambrogi’s research, affected by the flaw.  If you use these sites, it is a good time to review and change passwords.  Also, read the Inforensics Blog post on Password Re-use.

Changing Metadata Leads to Sanctions

You may have missed the following case.  Remember: It doesn’t take an expert to alter data, and attempt obfuscation, just some software from your local Best-Buy:

T & E Inc. v. Faulkner, 2014 WL 550596 (N.D. Tex. Feb. 12, 2014)

In this case, sanctions were sought for alleged manipulation of metadata, in an attempt to hide the existence of a computer that had not been produced.  A successful motion to compel the defendant to produce computers gave a specific timeline for production.  A forensic expert found evidence that, during the time given to produce, the opposing party created a new user profile on a computer, copied data to it, and used a commercial software to alter times on files in order to make the system appear as though it had been in use, in an effort to hide the “real” computer that had been in use.  Spoliation sanctions were awarded in the form of an adverse inference, and $27,000 dollars.