Firm Overview Video
Subscribe(Text for those without flash or javascript) Fulcrum's professionals are experienced CPAs, MBAs, ASAs, CFAs, affiliated professors and industry specialists Our expertise encompasses damages analysis, lost profit studies, business and intangible asset valuations, appraisals, fraud investigations, statistics, forensic economic analysis, royalty audits, strategic and market assessments, computer forensics, electronic discovery and analysis of computer data.
Opportunities To Challenge Computerized Evidence
February 2007Library Sections:
- Expert Testimony
- Damages Analysis
- Investigations and Forensic Accounting
- Computer Forensics / Electronic Discovery
- Sarbanes-Oxley Whistleblower Solutions
- Valuations and Appraisals
- Financial Reporting
- Tax Advice and News
- Other Current Events and Economic Commentary
- Financial Calculators and Related Advice
Increased use of
computerized data in disputes also increases the number of times that
incorrect conclusions are reached because the data has not been properly
obtained, handled and interpreted.
Whether presented by you or your opponent, attorneys should
understand what could go wrong.
If the computer evidence has not been properly obtained, consider excluding
the potential evidence altogether.
Here are items to
consider:
1.
The
acquisition
of electronic evidence is the most critical phase
since data can be unintentionally modified. Consequently, forensic
evidence acquisition must follow established protocols.
Ensure that this is occurring with your evidence that you wish to
use, and challenge the methods employed when faced with evidence that you
wish excluded. As a shortcut in
this area, examine the qualifications of the person who acquired the
evidence, and the analyzing examiner.
2. Evaluate
what might have happened to the data before the computer forensic expert
arrived. For example:
a. An expert
should examine the hard drive to establish the users of that system.
It may be possible to prove a different user performed the action or
creation of evidence.
b. Are there
any Trojan horses, viruses, spyware, or other back-door applications that
may have created the actions or evidence?
c. Could the
information found already have been present on the computer prior to the
party receiving access to the computer?
Companies often recycle computers when employees leave.
Companies rarely completely clean the hard drive before passing the
computer to a new employee.
3. Verify the
authenticity of the evidence.
When a hard drive image is created, a unique signature file (or hash) is
generated. If the proposed
evidence does not match the original signature, the data has been altered,
raising the issue that the proposed evidence should not be accepted.
4. Evaluate
whether reasonable expectations of privacy have been violated.
For example:
a. A wife may not access information without authorization, and then use the information as evidence if the husband used separate accounts or passwords to which the wife did not have access.
b. An employer may not access employee information without authorization, and then use the information as evidence, unless the business visibly has policies that allow such access and enforces such policies.
c. In criminal
cases, warrants need to be issued prior to seizing information.
5. Compare the timeline of the evidence and the alibi of the client. Was there any attempt to conceal (erase) information before the forensic examination? For more information, see evaluating electronic evidence.
Electronic evidence
provides information that would not be obtained in the normal discovery
process. But, this additional
evidence faces its own pitfalls and frailties.
Fulcrum Inquiry performs
electronic discovery assistance and computer
forensic examinations.