The Real World: Forensics - EnCase vsFTK

The Ten Most Important Security Trends of the Coming Year

Ohio U. names interim CIO to replace William Sams following security lapses that led to the firing of two IT workers - Malware wars: Are hackers on top? - From Andy

A Critical Look at the Regulation of Cybercrime

Amendments to Federal Rules - 12/1/2006

E-Discovery - Amendments to the Federal Rules of Civil Procedure (12-1-2006)

Amendments to the Federal Rules of Evidence, Federal Rules of Civil Procedure, and Federal Rules of Criminal Procedure took effect Friday. There seems to be a lot of misinformation out there which is typical when non-lawyers try to make sense of the law. Being a non-lawyer myself, I shall endeavor to add to the noise!

In short, the new rules state that organizations must track data collected and, should they become aware of pending legal action, endeavor to preserve all relevant data. The outcome is that all organizations need to have document retention and destruction policies in place. These policies must be adhered to in a consistent manner in order to avoid the appearance of impropriety. Documents (like email) may be safely destroyed in a manner consistent with this policy. However, once an organization becomes aware of a lawsuit that may affect these records, the organization must endeavor to preserve all relevant evidence in order to avoid the appearance of impropriety. This requires that the organization be aware of what sort of records they have. This is a good reason for organizations to limit what data is collected and retained as a systematic part of managing corporate liability.

The history of this clarification is in the Enron case. Arthur Andersen had document destruction policies in place but failed to follow them. When served with a subpoena in the Enron case, AA officials suddenly "followed" their policy by shredding tons of documents and by deleting email. Deleting a file NEVER really deletes it so many of the emails were later recovered. This created the appearance of impropriety and doomed them before the court. AA is no longer allowed to even practice accounting as a result. Lesson learned: If they had adhered to their policies in a consistent manner, they still would have been "wrong" in the big picture sense but they would have been within their rights under the law.

Certain records like financial statements, medical data, etc. have legal retention periods. Ensure that any policy created adheres with these requirements. Email Retention Policy (sample policy): Specify an online retention period of roughly 3-6 months, an of roughly 12-24 months. The time interval is going to vary widely based upon the organizational goals, objectives and liabilities. This type of decision making should really flow from the top but the hard part is that "the top" may be a group of people with diverse backgrounds and little understanding of the importance of such policies in terms of managing legal liabilities.

Document Retention and Destruction Post-Arthur Andersen: What Can You Destroy? - Perfecting the Document Destruction Policy - A Brave New World

Note: I am not an attorney. This is not legal advice. If you require legal advice, please consult with an attorney.

E-Mail Retention: The High Cost of Digging Up Data

Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet by Robert Hale II