Computer Forensics Inc. Electronic Evidence Experts
What's New? Tip of the Month Site Map
What's New? - CFI in the News

Computer Forensics Inc.™ is sought out each month by such national media outlets as CNN, The Discovery Channel, and The Wall Street Journal, to comment and educate the public on issues involving computer forensics and electronic discovery. Recent commentary has focused on topical events involving Enron and the "shoe bomber," as well as more generic discussions of the use of computer forensics in litigation and risk management. As recognized experts, our staff will be found referenced from the pages of Business Week to the cyberland of ZDNet.

If you are interested in keeping up-to-date with the latest news in computer forensics, sign up for our Resource Update email service, which will provide you with timely references. In the meantime, take a look at our extensive selection of white papers and articles.

Search for Spyware

Instant Messaging: What You Can't See Can Hurt You (In Court)

Behind the Book: Faster Than You Can Write It: The Challenges of Keeping Up with the Evolving Technology

Opening paragraphs of articles with CFI in the news. To request a complete copy of an article, please contact emaurer@forensics.com indicating which article you are interested in receiving.

Pamela Quintero Interviewed About Tracing email in Kidnapping Case

KPLU, Seattle’s largest public radio station, recently spoke with Pamela Quintero, a CFI Forensics Examiner, concerning law enforcement’s ability to trace emails and track down criminals. Hear the interview!

David Stenhouse Interviewed Regarding Link Between Computer Diskette and BTK Suspect Dennis Rader – (The Wichita Eagle), March 3, 2005

Shortly after the arrest of the alleged “BTK killer,” David Stenhouse, Vice President and Director of Operations for Computer Forensics Inc., was contacted by a reporter with The Wichita Eagle to explain how the identity of a computer is left on removable media – like a diskette. The most likely explanation is that Rader used his own diskette on someone else’s computer, thinking that only the copied file would appear on the diskette.

Many people don’t realize, Dave said, that when a diskette is erased only the visible link to the data disappears. The data remains intact until the space it occupies is overwritten with new data. And that can take years and does not always cover the entire file.

Local Computer Forensics Inc.™ Executives Help Share New UW Computer Forensics Certification Program—(Business Wire), December 1, 2004

Two executives from Seattle-based Computer Forensics Inc.™ (CFI), a company that pioneered the field of electronic discovery, are playing key roles in the creation of a new course at the University of Washington that will educate students about the world of "cybersleuthing" and the fast-growing field of computer forensics.

The new UW Computer Forensics Certificate Program begins on January 4, 2005. It is divided into three segments: a Winter Course (January 4 to March 8); a Spring Course (March 29 to May 21); and a Summer Course (June 21 to August 23). For more information about admission requirements and the application process, call 206-685-8936 or email certificate@ese.washington.edu.

“E-discovery: The Source, the Problem, the Cure,” LawCrossing.com, October 2004.

Joan Feldman, founder and President of Computer Forensics Inc., counsels companies on a variety of e-discovery issues. She mentioned three actions most companies can take that could easily save them time and money. First, most companies need to “bridge the gap between corporate counsel and the information technology (IT) group.” There needs to be “communication between IT and the legal group regarding records, with emphasis about mapping out data location, so in discovery I’d be able to move quickly to get what I wanted.”

Ms. Feldman also suggests making sure document-retention policies address "email and other computer-based documents.”

And finally, “corporate counsel needs to work with the human resources group to make sure there’s a clear exit protocol for employees to cleanup their data, or” when necessary “to hold onto it.” Ms. Feldman believes “these preventive measures could save hundreds of thousands of dollars.”

“Cell Phone Text Messages Put New Twist on Electronic Discovery,” Lawyers Weekly, August 16, 2004.

Text messages sent between cell phones and pagers are the latest twist in the growing tide of electronic evidence. In the Kobe Bryant case, the trial judge has allowed defense attorneys to subpoena AT&T Wireless for text messages that the alleged victim sent to two friends shortly after the alleged rape.

Lawyers should act fast if they think text messages are relevant. There are currently no regulations on how long text messages must be saved, so it is largely up to the individual cell phone provider’s internal document retention program, said Joan Feldman.


“Specialists hope to retrace zapped SAIF files,” The Associated Press, August 28, 2004.

Computer forensics specialists will try to retrieve zapped SAIF Corp. files, but some of the files of former president, Katherine Keene, may be gone for good. Last week Marion County Judge Paul Lipscomb found the corporation in contempt of court for failing to hand over public records. He recommended fines that could reach $1 million or more. He also ordered an examination of computers to see if deleted files could be recovered.

“Worrying about the ‘Seven Ugly Dwarves,’” Network World Fusion, June 7, 2004.

I chaired a couple of sessions last week at the Inbox conference in San Jose, and one of the other sessions I attended was titled “The Email Comedy Club: Membership Details.” The speakers were Joan Feldman, president of Computer Forensics, and Elizabeth Charnock, CEO of Cataphora. These companies specialize in electronic discovery – the art and science of analyzing corporate data and email for legal cases. What struck me first was the scale of the work they get involved in, compiling and processing terabytes of data and building up a picture of what was said, by whom, how it was said, what was not said and when these events happened

DuPont Legal Names Computer Forensics Inc. to Network of Legal Service Providers Seattle-- (Business Wire), May 18, 2004

DuPont Legal has named Computer Forensics Inc., one of the nation’s leading providers of computer discovery services, as a primary service provider in its renowned strategic partnership program established with selected law firms and suppliers. The innovative program is a component of the widely acclaimed DuPont Legal Model, which began in 1992 as part of an effort to significantly reduce the 350 U.S. law firms and numerous legal service providers then serving the DuPont legal department. Today, DuPont Legal has 42 primary law firms and 11 primary service providers in its network, and the model is now imitated by in-house legal departments of all sizes throughout the U.S.

“Instant Messaging: What You Can’t See Can Hurt You (In Court),” TechnoLawyer, May 18, 2004.

Instant messaging has also created a number of problems for corporate IT personnel whose job it is to keep the network running efficiently, but also the task of protecting the intellectual property of the corporation itself. The architecture of instant messaging programs allow the textual conversations to go “under the radar” through the corporate servers if steps are not taken to track such conversations and transfer of data.

“Search for spyware,” Indiana Lawyer, May 5-18, 2004

The term has been coined to describe software developed to track people’s computer movements and can cover a wide range of information-gathering techniques from the benign to the insidious.

“Ten Ways to Torpedo Your Data Discovery Expert,” Digital Discovery & e-Evidence, April 2004.

Torpedoing your expert takes many forms, including putting the wrong “expert” forward, not informing the expert of everything he or she needs to know, and even shooting yourself in the foot by relying on a biased or otherwise unqualified expert. A data discovery expert is not simply a provider of technical retrieval services or data conversion services in support of data discovery—consider them “quasi-experts.” A data discovery expert is someone who has the experience, training, and knowledge to help formulate discovery strategy, provide expert testimony and motion support, ensure defensible chain of custody, locate evidence caches, securely collect and effectively analyze digital data, and identify portions of data collections to load into litigation support databases.

“Reston firm takes the case, investigates tech forensics,”
Washington Business Journal, March 18, 2004.

“The field of computer forensics has grown substantially over the past few years because nearly every litigation matter now requires attorneys to conduct electronic discovery,” says Joan Feldman, founder of Seattle-based Computer Forensics.

“Curbing E-Risk: Implementation of electronic management plan is key to limiting exposure of emails, important records, and discoverable material,” Daily Journal Extra, February 23, 2004.

The ease with which computers create, distribute, and store information has produced new risks for law firms that extend beyond traditional data security concerns. These risks include exposure in discovery from “bad” content, over-storage of data, the co-mingling of privileged and nonprivileged materials, the inadvertent disclosure of privileged documents and client exposure through poor records management.

“Take a Byte Out of Crime: Careers in Computer Forensics,” Monster.com, February 18, 2004.

From corporate theft to murder, computers often play a role in nefarious activity, requiring specialists with a mix of legal and technical expertise to gather evidence stored digitally. “If it’s a crime, a computer can be a component of it,” says Mike Finnie, a computer forensics specialist with Computer Forensics Inc.

“Digital detectives fine-tune their searches before digging,” The Seattle Times, February 9, 2004.

For example, if a client asks Computer Forensics to search one worker’s email for reference to sales projections, Computer Forensics may suggest other sources. “There are other kinds of information that may be more valuable that’s not in email or a hard drive, but instead may be circulated throughout the company on a database."

“Book Review: A Primer on Cyber Evidence and its Use in Litigation,”
Information Management Journal, January/February 2004.

In total, this publication contains a little something for everyone. For novices, the introductory material may be just right, even it the legal materials at the end are a bit too advanced. The experienced may skip the introductory material but may well find that the more advanced material is just what is needed – and from just the right source – to improve electronic discovery strategy.

“Taking the Plunge into a Records Management Plan,”
Massachusetts Lawyers Weekly, November 17, 2003.

When it comes to corporate record management, life used to be relatively simple for in-house counsel. Now, a racy email, a mistakenly forwarded electronic file or a mishandled backup tape can mean disaster for companies. This is the time, experts say, for corporate counsel to ensure that their client has a strict policy for retention and destruction of data.

“Electronic Discovery in 2010,” The Information Management Journal, November/December 2003.

From the Fortune 50 to the “mom-and-pop,” organizations are increasingly implementing digital technologies. Unfortunately, the impact of new and more ephemeral data sources on records management and litigation are the farthest thing from the minds of those who implement new technology.

“Discovery of Databases in Litigation,” The Practical Litigator, November 2003.

As the production of electronic data in litigation has increased in volume so has its scope. Early forays into electronic discovery focused primarily on email messages and, to a lesser extent, electronic versions of word-processing documents. Attorneys, however, are becoming increasingly aware of additional types of data that may lead to useful evidence and are regularly propounding broader electronic discovery requests.

Corporate Legal Times, October 2003.

The book Essentials of Electronic Discovery: Finding and Using Cyber Evidence examines the significant issues related to electronic discovery and explores how computer-based evidence is gathered and used in litigation. Author Joan Feldman is the founder and president of Computer Forensics Inc.™, a provider of computer discovery services for litigation. You can order Feldman’s book online for $195 or by calling 973-890-0008. www.legalwks.com.

“Cybersleuths: Collecting digital evidence is as easy as following 10 steps,” Fraud International, September/October 2003.

Locating evidence on computers is an important part of today’s discovery process. The reasons for pursuing computer-based evidence are compelling. It is estimated 30% to 50% of data stored on computers such as email and database files are never reduced to printed form. In addition, computer-based files often contain embedded information that can only be viewed in the electronic version. True data and time information may only be available in a computer file. Discovery without a review of computer files is incomplete.

“Retention is key,” www.nwfusion.com/cgi-bin/mailto/x.cgi, September 2003.

When it comes to policy, IT groups primarily will implement policies created by lawyers. But you can begin following these procedures to protect your company – and yourself, immediately:

Don’t delete employees’ email accounts the minute they leave the company. Disable the accounts instead. When workers leave a company, it often takes some time before their ex-employer decides to investigate their email. For example, it’s common for a salesman to move to a competitor. But if a suspicious number of his customers follow him a few weeks or months later, his former company may want to see what he was up to before he left.

“Wipe the slate clean of data,” Times-Union, Warsaw, IN, September 7, 2003. “Getting Rid of Sensitive Data on Hard Drives,” Kansas City Star, September 5, 2003.

Too often people sell or give away their old computers without realizing that the next user may be able to access personal financial information on the hard drive. To really get rid of something on your hard drive you have to go well beyond pressing the delete key.“Leaving No Trace,” Hartford Courant, July 4, 2003.
In a quest for privacy and security, businesses and consumers are increasingly using special software to wipe private data from their computer hard drives. But experts say failure to use the software correctly can leave hidden copies of the documents behind.

“Removing financial data from your computer – for good,” www.bankrate.com/brm/news/advice/20030711a1d.asp?print=on, July 11, 2003.

At Computers 4 Rent in North Palm Beach, Fla., it’s not unusual for customers to leave personal financial information on the hard drive of a computer they rented or one they want to sell to the store. The store has a policy of reformatting the hard drive every time a computer is returned, or whenever someone sells a used computer to the store. Reformatting is supposed to “wipe off” any personal information left on the hard drive.

“A Byte of Cybercrime,” www.lifeloom.com/A_Byte_of_Cybercrime, Summer 2003, Vol. I, Issue 1.

Cybercrime in the popular press tends to involve cases such as child pornography and abduction, copyright piracy, consumer fraud, embezzlement, or extortion. Computing technology, especially the home computer, has facilitated these crimes, making them easier to commit while reducing the perpetrator’s risk of capture. Law enforcement sees this as one group of cybercrime – those crimes covered under traditional law.

“Forensics: What’s Inside Counts, Too,” Web Hosting Monthly, June 2003.

When it comes to investigating a security violation, many hosting companies are finding that what’s outside the digital universe matters just as much as what is in it. Many hosting companies are working with forensic gumshoes to investigate security breaches, as well as criminal or civil violations. This kind of talent – often recruited from the ranks of local law enforcement or national agencies – rounds up court-admissible evidence and coordinates the activities of international law enforcement agencies for customers. They’ll look for access control issues: doors not covered by badge readers, shared machines, passwords scribbled down on Post-it notes, or shared-access passes. In pinpointing a violation, they’ll crosscheck server login information with phone logs to nab the culprit, or zero in on a missing Zip disk that is the key to a swiped, confidential customer list. Given the wealth of contractual and temp talent working in hosting and other Internet provider operations, such skills are needed. Which is why the phrase, ‘offline’ investigations are catching on when it comes to Internet forensics.

“Computer Forensics Tools Enable Professionals to Harvest Detailed “Metadata” from Hard Drives,” USA Today, April 28, 2003.

Cyber sleuths engaged in the war with Iraq and the pursuit of the global al-Qaeda terrorist network are making use of powerful computer forensics tools that are becoming more commonplace in the world of U.S. business litigation. The recent arrest of Khalid Sheikh Mohammad in Pakistan, the suspected planner of September 11, 2001, attacks, yielded a computer hard drive with substantial electronic data regarding al-Qaeda’s financial pipeline. This information was harvested by computer forensics professionals using software tools that allow “metadata” and hidden data to be extracted from computer drives.

“Building a case for e-forensics; Firms turn to outside legal snoops,”
Crain’s New York Business, April 21, 2003.

When New York state Attorney General Eliot Spizer initiated a much-publicized action to subpoena Wall Street emails last year, employees at Merrill Lynch & Co. and other firms were caught off guard by the long reach of the law. But the Wall Street analysts should not have been surprised that their files could be so easily raided. In the last several years, electronic sleuthing techniques have become widespread.

“Voltarc, 2 workers stole trade secrets, judge rules,” Republican—American, March 27, 2003.

A superior Court judge in New Haven has ruled that a Waterbury-based lighting manufacturer and two of its employees stole trade secrets belonging to a competitor and former employer of both workers.

“Computer Forensics Sleuths Help in Rooting Out Fraud,” The Wall Street Journal, March 18, 2003.

On a weekend afternoon, two people dressed as repairman entered the closed offices of a luxury-goods retailer. Working quickly with a digital camera, they photographed the tops of the desks belonging to three employees. Then they copied the hard drive on each worker’s PC. Using the digital photos as a guide, the pair made sure they hadn’t disturbed anything on the desks. Mission accomplished, they hurried back to Deloitte & Touche’s New York forensics lab.

“The Quattrone Vaccine,” Forbes.com, March 3, 2003.

For every cloud, there is a silver lining and Wall Street’s embarrassing email problem is proving no exception. U.S. brokerages will spend around $100 million this year on software programs that monitor, index, archive and store email. Under the regulations of the Securities and Exchange Commission, National Association of Securities Dealers and New York Stock Exchange, brokerages are obligated to keep their business-related emails for three years, store them on nonrewritable discs and make them easily accessible for two years.

“Preserving shuttle data will be key to finding cause,” Computerworld, February 3, 2003.

While it is unlikely that any data on board the space shuttle Columbia survived the fire of re-entry and the fall to earth on Saturday, a computer forensics specialist in Seattle said today that a lot of information transmitted from the spacecraft will be vital to NASA’s investigation of what went wrong.

“Litigation Support vs. Electronic Discovery: A New Category of Legal Services Emerges,” LJN’s Legal Tech Newsletter, January 2003.

Everywhere you turn in the legal market during 2002, you read something else about the latest technology craze: electronic discovery. To be sure, e-discovery is an extraordinary new development in the world of litigation. But as is often the case when a buzzword enters the mainstream lexicon of a profession, a number of mistaken impressions have been formed about what electronic discovery is and what it is not.