Bloomsburg University in PA is hosting the 2024 BloomCON - 0x08. Vestige is guest speaking on March 1 on Careers in Digital Forensics & Cybersecurity.
Remnants and other system-generated information that is used during a forensic investigation. Examples include LNK files, registry entries, log files and other nuances that occur within data associated with the filesystem, operating system and/or application and application data.
Continuing Legal Education. Each state has different requirements (and some, like Michigan don’t have any requirement).
Cybersecurity Maturity Model Certification is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information.
“Certificate of Authenticity”. This is the official Microsoft printed license for the OS and various Office products. Vestige records the OS COA during physical investigation of the acquisition phase in the event that we want to virtualize the computer.
Chain of Custody – A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date and time it was collected or transferred, and the purpose for the transfer.
It is a term utilized by e-Discovery firms to mean the process of removing known files found within NIST’s NSRL software hash collection.
Description of Evidence
“Electronically Stored Information”. The term that the subcommittee addressing e-Discovery issues with discovery at the federal level chose to use to describe anything that is discoverable and stored in electronic form.
During the course of conversion from Native file format into an image format such as TIFF or PDF, the textual component of the source document is extracted and included as an additional component of the Production package.
“Federal Rules of Civil Procedure”. The rule set that governs the discovery process within the Federal district court system. These rules were amended on December 1, 2006 to make ESI a component within every federal case.
A form of metadata that is kept within the document itself. While not present in every kind of document type, many document types contain some form of internal metadata. It is also important to note that there is no standard information collected and is an arbitrary collection of information that the developer feels is important. From a forensic standpoint, internal metadata can oftentimes be used to more accurately opine on items because it is not as susceptible to manipulation by the end user.
Intellectual Property Theft – Intellectual property theft is when someone steals an idea, creative expression, or invention from an individual or a company. IP theft can refer to someone stealing patents, copyrights, trademarks, or trade secrets. This includes names, logos, symbols, inventions, client lists, and more. Vestige is routinely engaged in these types of digital theft cases to assist counsel. In conjunction with IP Theft there are other related issues such as breaches in non-solicitation and non-compete agreements. Oftentimes the plaintiff in the matter is seeking a TRO and/or preparing for a Preliminary Injunction.
A Load File is one of the components of a Production, this file contains the link between the Metadata, image file (TIFF/PDF) and Extracted text. The review tool, such as Summation, Concordance, Ringtail, Lextranet or any other review tool uses this file to link all the components of the Production package.
Modified, Accessed & Created Date -. System metadata describing dates/times of file activity.
Sometimes also referred to as the 26F conference. This is a mandated meeting between the party opponents to discuss discovery issues in general. It is at this meeting that ESI decisions are to be addressed pursuant to the amended FRCP.
This is an overly-used term within the legal industry. Strictly it means “data about data”, but that doesn’t convey useful information. Metadata is separate and distinct from the actual data it describes and is useful in a number of contexts within the entire e-Discovery process. Vestige breaks metadata into two specific types: System metadata and Internal metadata.
Describes data files in the original format that they are found within a system; for example a Word document, Excel document, e-mail, etc. This is in direct opposition to a file that has been converted for the purpose of reviewing by attorneys, such as a TIFF or PDF.
“Optical Character Recognition”. A process of extracting text from a document image (TIFF, PDF/scan, etc.) by recognizing the shape and context in which an item is found. While major improvements have occurred within the accuracy of recognition it is not 100% accurate and doesn’t compare to Extracted text. This term is often used incorrectly within the e-Discovery arena to mean extracted text or to include extracted text.
A special type of hearing that takes place very early in litigation. Like any injunction, the suit seeks to prevent someone or some organization from continuing on the path that they are currently pursuing. A preliminary injunction is an expedited mini-trial wherein the party seeking injunctive relief needs to present its evidence in such a way as to convince the fact-finder that there is a high likelihood that they will succeed in the real trial down-the-road. As such the burden of proof is very high.
Within the Discovery process the party providing or “producing” the information.
Output of our analysis/processing that is packaged in a professional manner to be delivered to either the Requesting or Producing party.
Within the Discovery process the party asking for or “requesting” the information.
“Request for Production of Documents”. The legal request that the Requesting party propounds upon its party opponent to ask for the documents/files that will help them prove or defend the claims in the matter.
Service Level Agreement – An agreed upon level of guaranteed service that Vestige and the client negotiate in some specific engagement arrangements. A service-level agreement defines the level of service you expect from a vendor, laying out the metrics by which service is measured, as well as remedies or penalties should agreed-on service levels not be achieved. It is a critical component of any technology vendor contract.
Standard Operating Procedures – is a set of step-by-step instructions compiled by an organization to help staff carry out routine operations. SOPs aim to achieve efficiency, quality output, and uniformity of performance, while reducing miscommunication, errors, and failure to comply company policies and industry regulations.
Scope of Work or Statement of Work – Document detailing the specific scope of an engagement. Vestige is often asked to provide a statement of work to new and potential clients to accompany pricing quotations.
Legal term that means the destruction, intentional or otherwise, of evidence or data that would support one party’s claims and/or defenses against allegations and counter-claims. It is often mispronounced…note that it is “spole – ee – ay- shun” NOT “spoil-ay-shun”
A form of metadata that is kept by the operating system or file system about individual files, such as the information encountered within the MFT like: filename, path, MAC dates, etc. For an e-mail the usually requested fields such as To, From, Subject, Date generally qualify as system metadata.
TPRM stands for Third Party Risk Management. Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information or receives such information directly or indirectly from you.
Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.
The discipline is designed to give organizations an understanding of the third parties they use, how they use them, and what safeguards their third parties have in place. The scope and requirements of a TPRM program are dependent on the organization and can vary widely depending on industry, regulatory guidance, and other factors. Still, many TPRM best practices are universal and applicable to every business or organization.
Temporary Restraining Order – A TRO is a form of injunctive relief that prevents a party or organization from continuing down a path that they are presently pursuing (i.e. using a competitor’s client list taken by a former employee to solicit new business from the competitor’s clientele).