The Masters Conference: focus on Guidance Software and e-discovery, digital forensics, and cybersecurity

Guidance Software, a sponsor of The Masters Conference, issued a press release today announcing the launch of their new Professional Services offering, the Guidance Software Advisory Program (GAP) which is designed to help create and refine business processes and incorporate industry best practices around e-discovery, digital forensics, cybersecurity, and other digital investigations.  The press release is attached.  We interviewed Patrick Burke, Senior Director and Assistant General Counsel at Guidance Software, last week at IQPC Brussels and he is at Masters Conference moderating tomorrow’s US-UK judicial panel on e-discovery.

Many Posse List members especially contract attorneys are involved in, or seeking to become involved in, digital forensics and cybersecurity by leveraging their e-discovery experience.   The 800-pound gorilla of digital forensics is Guidance Software which pretty much “invented” digital forensics.  Their EnCase platform first came out in 1998 and provides a foundation for organizations to conduct computer investigations of any kind, such as responding to e-discovery requests as well as conducting internal investigations, responding to regulatory inquiries or performing data and compliance auditing.  

Digital forensics tools are intended to help security staff, law enforcement and legal investigators identify, collect, preserve and examine data on computer hard drives related to inappropriate and illegal activity, such as cybercrime, e-mail and Internet abuse, fraud, financial mismanagement, unauthorized disclosure of corporate information, intellectual property theft, and so on.

Increasingly, these tools are also being applied to e-discovery efforts related to civil litigation and regulatory compliance.  

Digital forensics tools generally provide three main capabilities:

1.  Acquisition/collection/preservation: Make a sector-by-sector copy of the hard drive and run checks against those images to verify it’s an exact copy of the original.

2.  Search/analysis: Identify, analyze and keyword-search all relevant data, including deleted, encrypted, hidden, protected and temporary files, as well as virtual memory, application settings, printer spools, etc. Some packages can also detect which Web ports are open and which processes are running.

3.  Reporting: Create a detailed report, including a full audit log. This can help address compliance with Sarbanes-Oxley and other regulations.

E-discovery is not forensics.  But the steps involved with forensics work are actually subsets of the e-discovery process, as defined by the Electronic Discovery Reference Model (EDRM).  The EDRM defines forensics as encompassing identification, preservation and collection — three steps of its overall model, which also includes information management, review, analysis, production and presentation.   

Obviously cyber security is growing in importance due in large part to the way the Internet has become an essential part of our daily life and the fact that modern computing power lowers the entry barriers while it increases the number of malicious actors. Because cyber activity has become such an integral part of our operating environment, corporations have developed cyber security programs that integrate governance, strategy, policy, compliance, resilience, privacy, information life-cycle management, e-discovery, and technical assessment considerations all into one strategy process.  It is a continuing trend (and job path) as we have posted numerous times before.