Much of our lives is enabled by mobile devices and the online services delivered through them. Devices and services have become rich sources of information when the data they contain are correctly collected and interpreted. Whether assessing the loss of intellectual property, location of a person, or alleged online conduct, the right records can bring answers to critical questions.

This seminar looks at sources for electronic records, how records can be analyzed, and what questions may be answered. We conclude with a case study showing how mobile device information can be used in employment litigation.

1. Use of electronic information in litigation
   1. Native format documents
      1. Electronic versions of static documents
         1. Application: analysis for backdated documents
      2. Email
         1. Application: the “smoking gun” email
   2. More complex discovery
      1. Reconciliation of in-file metadata with filesystem metadata
         1. Application: when data were copied to a machine
      2. Photographic images
         1. Application: a closer look shows in-file metadata in a JPEG image
      3. Databases, e.g., electronic medical records
         1. Application: when was an entry made?
2. Data on Mobile Devices
   1. Mobile storage—reading timestamps
   2. Personal Digital Assistants and apps—proprietary data types
   3. Phones—call logs, short message service (SMS) data
   4. Backup and synchronization—phone data on other systems, including Google, Apple, etc.
3. Data About Mobile Devices
   1. Records from cell service providers
   2. Records from cloud services
4. Finding Mobile Devices
   1. Asking in interrogatories and deposition
   2. Looking at other available data sources
5. Using Mobile Device Data
   1. Preservation
      1. Backups and Cloud Copies
      2. Extraction
      3. “Full filesystem extraction”
   2. On-board storage
   3. External storage
   4. Analysis of data
      1. SMS conversations
      2. Proprietary databases
      3. Digital photographs, movies, and other attachments
      4. Proprietary datasets of unknown type
   5. Review of data
   6. Production of data, including Cellebrite
6. Case Study: Employment Litigation
   1. “Are we missing text messages?”
   2. Identifying “text messages”
   3. Analysis of the matching database
   4. Establishing timeline of activity
   5. Establishing gaps in sequence
   6. Interpreting gaps—deleted?

Presenter:

C. Matthew Curtin, CISSP, Founder, Interhack Corporation

Matthew, Founder of Interhack Corporation, is a computer expert with wide experience in Cybersecurity and Forensic Computing. Experienced expert witness in civil, criminal, administrative, and military proceedings, from the perspective of those bringing and defending actions.  Author of technical books and research papers used by universities and standards bodies, and frequent lecturer on cybersecurity and electronic evidence.

1.0 CLE Hours 

This CLE will be offered as a live interactive webinar held via Zoom. Login to the website and click the "Register" button to register. You will receive a confirmation email from Zoom containing information about joining the CLE.

You must use your unique link on a desktop/laptop in order to receive CLE credit.