Tuesday, December 14, 2010

GIGO and MEGO in e-Discovery

Posted by Douglas Forrest on Dec 13, 2010 | 0 comments

GIGO – Garbage In, Garbage Out – is a seminal axiom of all data processing which applies with full force in the realm of e-discovery.  But, in e-discovery, there is another wrinkle, i.e., valid data that that washes out prematurely (or, beyond the scope of this entry, is never collected in the first place).  Yes, I’m talking about what can happen before data is fed into programs such as eCapture or Clearwell, viz., forensics and handling in forensic tools such as EnCase.

Now, before you claim technical incapacity or that the very topic induces MEGO – My Eyes Glaze Over – hear me out .As to MEGO, just snap out of it; this could be important: what you don’t know can hurt you.  And, with respect to forensic technical expertise (or the lack thereof), passing the EnCE exam is not a prerequisite to gaining valuable insights into current issues in the technical forensic community, an understanding which may stand you in very good stead someday.

It is In furtherance of gaining such insights and understanding that I recommend a few blogs produced by true stalwarts of the forensic community whom I know from my past tenure at Guidance Software.

Geoff Black, formerly a very much hands-on Regional Manger with Guidance’s Professional Services Division and now Director, High Tech Investigations, at a Fortune 100 company, blogs at geoffblack.com.  One recent post addressed new developments in matching digital photos to the specific digital camera that took them (think matching a bullet to the gun that fired it).

Jon Stewart, formerly Director of Development at Guidance , the founder of Lightbox Technologies, Inc and a programmer’s programmer, blogs both at Lightbox and at codeslack.blogspot.com.  Jon has addressed more squirrelly forensic data anomalies than there are reruns on TBS.

Lance Mueller, formerly Senior Director IT & Corporate Security at Guidance and now a Computer Forensic and Security Consultant as well as a Senior Instructor at the US State Department, publishes a digital forensic blog  at forensickb.com, where a recent post presented a decision tree for forensic hard drive imaging with volatile data collection.

Now, while much of the discussion at these blogs is either EnCase-specific, highly technical, or both, even a non-techie reading them can gain a new appreciation of the complexities and danger zones which can lurk behind blanket representations of forensic services.