Click on the links below to download any of the following white papers. You will be prompted for some registration information which we will not share with any third party. All files are in Adobe Acrobat PDF format for ease of downloading and reading. Please visit our Technical Terminology Reference page for definitions of technical terms used on this website and in the published white-papers listed below. If you are interested in Court decisions related to computer forensics, you may find and download case law by visiting our Court Case Reviews webpage.
- "Beyond the Smoking Gun"-an in depth review of valuable electronic evidence often overlooked by attorneys.
- "Bitstream Image v. Mirror Image"-a technical overview and comparison between these distinctly different approaches at copying the contents of a memory storage device. This paper also emphasizes the importance of stipulating a forensic bitstream image to be performed versus the traditional mirror imaging used by IT managers to backup the active files and applications stored on a computer.
- "Intentional Spoliation of Electronic Evidence"-insight into the methodologies and analyses of determining deliberate spoliation.
- "Bitstream vs. Mirror Image-Do Courts Understand the Difference?"-an understandable explanation of the all too often confusion between a computer forensic image and the common IT backup mirror image.
- "Electronic Evidence-Weapons of Mass Discovery"-this paper delves into an analysis of e-discovery strategies employed by litigators to use e-discovery as a battering ram to intimidate their opponents by overly broad production and preservation requests.
- "A Case for Metadata"-an overview about what metadata is and what importance it might have in determining the authenticity and accuracy of key evidentiary documents.
- "Computer Examination Protocol Considerations"-the scope, parameters, searching criteria, and which side's forensic examiner will conduct the search are discussed in this paper.
- "Rule 26(f) Pitfalls"-a brief summary of potential hazards for attorneys who have not adequately prepared for the meet and confer conference.
- "Securing Your Client's ESI"- have you ever wondered what happens to all of the ESI belonging to your client that was misappropriated by the opponent after the case has ended? What procedures to follow to assure the client that the other side no longer has access to their data.
- "Now You See It-Now You Don't"-now that the lawsuit is over, both sides including some third-parties have physical custody of all sorts of confidential or trade secret electronic information that needs to be satisfactorily destroyed by all parties-tips on how to assure the desired results.
- "Employee Data Theft"-a brief look at the rising tide of misappropriation of valuable ESI in the workplace.
- "The Great Divide Between Accessible and Inaccessible ESI"-a comprehensive look at what is referred to as "accessible" or "inaccessible" ESI, and why both parties need to understand the important distinctions between these two categories before requesting or preserving either type of ESI.
- "Meet-and-Confer Survival Tips"-written for both parties in a civil action to come prepared in order to negotiate the terms of the conference.
- "Quantifying Digital Forensic Discovery Benefits"-this paper serves to help attorneys quantify the value of enlisting the assistance of a computer forensic specialist for the case.
- "The Adversarial Approach May Need Some Tweaking"-the 'trial by discovery' approach is no longer viable in state and federal court. The paper challenges provincial thinking and assumptions that only result in increased litigation costs for the litigant and adverse rulings from the court.
- "SWGDE and SWGIT Digital & Multimedia Evidence Glossary"-published in 2009, the Scientific Working Groups on Digital Evidence and Imaging Technology.