Caselaw

From Forensics Wiki
Revision as of 11:15, 7 October 2010 by Dykstra (Talk | contribs)

Jump to: navigation, search

The legal information below is not legal advice. You should consult a lawyer if you want professional assurance that this information, and your interpretation of it, is appropriate to your situation.

The following are highlights of important cases to digital forensics and electronic discovery.

Court Decisions

Binary Semantics Ltd. v. Minitab, Inc., Case No. 07‐1750 (M.D. Pa. May 5, 2008)
In 2008, a district court agreed that a forensic image of an entire FTP server was "overly‐broad and intrusive,” allowing the defendants only authorization for “a forensic copy of the relevant folders on [the] FTP server."

Harkabi v. Sandisk Corp., 2010 U.S. Dist. LEXIS 87843 (S.D.N.Y. Aug. 23, 2010)
Electronic discovery requires litigants to scour disparate data storage mediums and formats for potentially relevant documents. That undertaking involves dueling considerations: thoroughness and cost.

United States v. Scott‐Emuakpor, 2000 U.S. Dist. LEXIS 3118 (W.D. Mich. 2000)
The court was satisfied with a third‐party collecting the forensic data as long as it was accompanied by "the testimony of a witness who was present and observed the procedure by which the documents were obtained from Defendant's computers."

Griffin v. State, 2010 Md. App. LEXIS 87 (Md. Ct. Spec. App. May 27, 2010)
Social media profiles on MySpace or Facebook could be authenticated circumstantially by their content and context in the same manner as other forms of electronic communications.

State v. Rivas, 2007 Ohio App. LEXIS 3299 (Ohio Ct. App. Jul. 13, 2007)
The court overturned the conviction of the defendant due to the fact that an in camera review of the police department's computer was not performed, which would have verified that accuracy of the transcripts that were recorded from a chat room and subsequently used against the defendant.

Fenje v. Feld, 2003 U.S. Dist. LEXIS 24387 (N.D. Ill., Dec. 8, 2003)
The authentication of email messages presented in support of a summary judgement motion was at the core of this wrongful termination case. The court found that email messages may be authenticated as being from the suspected author based on the following factors:

  • The email address from which it was sent
  • An affidavit of the recipient
  • Comparison of the content of the email with other evidence
  • Other communication from the suspected author acknowledging the email message in question

U.S. v. Cameron, 2010 WL 3238326 (U.S. District Court for the District of Maine 2010) (on-going)
Yahoo! detected child pornography and reported it to the NCMEC, and Cameron expected the Government to produce as witnesses the Yahoo! technician who collected the evidence. The judge noted that at trial the "Government need not call each of the technicians who did the search so long as it" presented a witness who can "explain and be cross-examined concerning the manner in which the records are made and kept." Further, the Judge ordered that the Government is not obligated to turn over evidence that it does not possess (e.g. "the original or a copy of the Yahoo! photo server and server files" or "the physical location of the original server files")

Krumwiede v. Brighton Associates, LLC, 2006 WL 1308629 (N.D. Ill. May 8, 2006) Default judgment granted for deleting, altering and accessing electronic data despite litigation hold. Plaintiff deleted file with a combination of "deliberate movement of file data, admitted deletion activities, multiple use of defrag, use of ZIP file to conceal or transport [the defendants'] data, [and use of] multiple USB devices [to] intend to destroy evidence." Summary judgment against plaintiff for interfering with the discovery process.

Further Information