 |
 |
|
Winning E-Evidence Cases with Computer Forensics ExpertsMore often than you might imagine, the winning difference in cases involving electronic evidence is the skill level of the computer forensic expert. Whose expert will the jury or judge find more credible? Scarcer than rubies are talented computer forensics experts who are also skilled at writing expert reports and giving court testimony. So how do you find a good expert when you have electronic evidence in issue? This can be a daunting task, and the right selection may depend upon a number of factors, including what’s at issue in the case, the budget, the geographic location of the expert, and balancing the relative credentials of the experts under consideration. The following are guidelines for hiring an electronic discovery or computer forensic expert: 1. Which kind of expert do you need? Many computer forensic technologists do electronic discovery, but few electronic discovery experts do true computer forensics. In a nutshell, computer forensics means performing a forensic acquisition of a hard drive or other media and extracting and documenting the data. For the most part, electronic discovery is the analysis and manipulation of the data once it has been logically extracted. It doesn’t help that folks often use these terms interchangeably. 2. Forensics certifications. Currently, the most prestigious certification available to private firms is the EnCE (EnCase Certified Examiner) issued by Guidance Software. Another certification rapidly gaining respect is the Certified Information Forensics Investigator (CIFI) issued by the International Information Systems Forensics Association (IISFA), a nonprofit organization. More certifications are emerging and will gain credibility over time, but in the private sector, the EnCE and the CIFI are the certifications to look for. 3. Technical certifications. A good forensic technologist will have a lot of letters after his or her name, indicating a broad range of certifications with a number of different technologies. 4. The CV. Get the expert’s CV early on and study it. Don’t be afraid to ask questions. Does it show that the expert has spoken at a lot of seminars and/or written a lot of articles? Those who present or teach frequently and have to answer questions on the fly tend to be excellent testifying experts. Also, teaching and authorship frequently add credibility with a judge or jury. 5. The Jack of all trades. Beware the individual who claims multiple disciplines. Whether a private detective, computer repairman, or software engineer, or some combination of many things, a forensic technologist worth having is generally billed as a forensic technologist and does not offer a Chinese buffet of services. 6. Court qualifications. The last thing you need as an lawyer is an expert who hasn’t qualified as an expert. 7. Confidentiality. Not all cases are shrouded in secrecy, but a fair proportion of them are. Make sure the expert you pick has a confidentiality clause in the retainer agreement, and don’t hesitate to ask the expert to sign your own confidentiality agreement. Remember as well that the expert may be working on your case with others and that the entire firm should have an impeccable reputation for keeping client secrets. 8. Geography may not matter. How often lawyers forget that this is the electronic era! You can maintain chain of custody perfectly well by shipping a computer from California to New York if that’s where the best expert is located. 9. English 101 and 201. An expert must speak the English language. We have many wonderful and brilliant friends who are of foreign descent, but their English will not pass muster with an ethnically mixed jury. If an accent is too pronounced for many people to comprehend, especially for those who may have learned English as a second language, that expert is not a good choice. That’s English 101, being able to speak the language clearly. English 201 is being able to speak about highly technical matters in lay terms, with analogies that a judge or jury can understand. Geek-speak is worse than useless in a courtroom situation. You will come to revere an expert who easily makes analogies in terms of TV, cars, sports, and other things that represent part of Joe Q. Public’s everyday life. 10. The price tag. Computer forensics is not cheap. Small cases may run in the $5,000–$10,000 range, but larger cases can hit six figures with astonishing rapidity. It is almost never possible to quote a probable final figure at the outset of a case, because the technologist has not yet seen the “size of the elephant.” Heed this advice well: some technologists bill fairly. They turn their clocks off while a process is running and go work on someone else’s case. They account for their time accurately and precisely. On the other hand, there are those (often with lower rates), who charge you for every moment they are at work—and sometimes beyond. In the end, getting references is your best bet here. Caveat emptor! 11. References, references, references. There is no better way to secure a good expert. Ask your potential expert for references and then make sure you follow up with those references. 12. Evidence format. What format do you want/need the evidence in? Is it to be placed on CDs? DVDs? A hard drive? Can you read the evidence in its native format or do you need it converted? Should it be ready for importing into Concordance or Summation? 13. Vetting the expert and getting vetted. You should be peppering your expert with questions and having the warm, fuzzy feeling that you are dealing with a true pro. Likewise, true professionals will ask many questions of you to get a feel for the case—and for you. You’re both going to need to work together, so you need to have some sense of rapport. If something doesn’t feel right, trust your instincts. 14. Did you read the expert’s contract? Make sure the contract contains a confidentiality provision. Make sure the billing terms and fees are clearly spelled out. If there are “caps” or “do not exceed without written authorization” provisions, make sure they are adequately expressed. You need to know what your expert must do if they run into child pornography. Who is to sign the contract? Frequently, especially in the cases of a nontestifying expert, the lawyer will wish to sign the contract in order to invoke the work-product doctrine where applicable. More information about the book The Electronic Evidence and Discovery Handbook |
|
