Introduction

In today's world, few areas of our lives remain untouched by high-tech gadgets and computers. From our automobiles to the ubiquity of e-mail, the world of bits and bytes has overtaken every phase of our lives. While this ceaseless march of the tide of technology has brought wonderful benefits, as with all gains humankind has experienced, it also has brought some side effects.

Although our efficiency has increased, so have the demands for our time. Not only must we learn to multitask, but we must be available 24 hours a day. Tethered to our cell phones, personal digital assistants, and palm-top computers with twenty-first-century umbilical cords, loved ones and coworkers alike experience withdrawal symptoms and panic attacks if their calls and e-mails remain unanswered for more than 10 minutes.

Arguably nowhere has this technological onslaught had a greater impact than in the business world. E-mail, the World Wide Web, and corporate intranets have insinuated themselves into nearly every business. From the mom-and-pop market, which has a digital storefront to augment its brick-and- mortar operation, to the Fortune 500 multinational whose communications hub depends on the infrastructure of the network we call the Internet, digital traffic directs our lives-occasionally into unsightly rush-hour snarls.

For the average person, the pervasiveness of computers and digital technology is little more than either a convenience or an inconvenience, depending on which side of the digital fence you sit. For others, such as managers, accountants, and lawyers, digital technology signifies much more than that; it signifies a change in the way we look at information.

The "paperless office" and "electronic discovery" are only two of the many phrases that have arisen with the growth of computers, and both bring with them some very serious managerial problems. For the manager seeking to streamline and reduce costs, the paperless office might, at first glance, seem like the ideal solution to growing storage problems. Likewise, electronic discovery and the instantaneous exchange of digital evidence sound like every lawyers' dream-at least at first blush. In reality, hidden difficulties in both areas can blindside professionals and result in tremendously higher costs.

These hidden costs, the land mines of the information age, while mere speed bumps to some, are career-ending hurdles for others. What separates the two is the knowledge of the abilities and limitations of the medium. As an example, let us examine the manager who is weighing the decision to go paperless. On the plus side, there are the obvious benefits of reduced storage space, decreased access time, and, depending on implementation methodology, reduced clerical staff. However, the digitally uninitiated may have overlooked the risks involved.

One very serious risk is security. While access to paper documents such as credit memos and invoices in the traditional office is most often restricted by walls, doors, and metal filing cabinets, the cyberworld lacks those conventional security devices. Instead, things such as firewalls, passwords, and encryption technology stand in the way of unauthorized access. Both methods can be equally secure, and both are vulnerable in their own particular ways. However, most managers understand the weaknesses and vulnerabilities of their physical security assets. Many do not have the same fundamental understanding of the limitations of the digital equivalent.

For the attorney, the situation is similar. In a traditional plaintiff's personal injury firm, many cases follow similar schedules and proceed along the same path. One of the steps in this path is the discovery phase. Discovery is essentially where both sides learn as much about the opponent's case as possible. While at first a counterintuitive concept in an adversarial legal system, the underlying rationale of truth seeking ultimately is supported by the put-your-cards-on-the-table process.

At its heart, the discovery process involves the exchange of information by both sides. In the early days of electronic discovery (e-discovery), electronic communications wrought havoc on some firms-in part due to both the lawyer's and the client's lack of an understanding of the technology. Some of these difficulties centered on the interoffice memo. In the traditional office, memos circulate, get filed, and may ultimately get shredded. This is not necessarily the case in a paperless environment.

Misunderstanding the permanence of e-mail memos, many firms overlooked the persistent existence of such communications on corporate servers, company Web sites, and even employee desktops. More than one case was doomed by the existence of the "smoking gun" memo in electronic form somewhere on the client's computer infrastructure.

As e-discovery became more common, a second issue emerged: information overload. Depending on the case, demands for production can constitute a sizable portion of the discovery process. In a demand for production, one side, usually the plaintiff's, will demand the other side produce evidence, usually documents, that tend to support its theory of the case. In traditional practice, things such as memos, correspondence, personnel evaluations, and the like were photocopied and turned over the demanding party. As you might imagine, the manpower necessary to fulfill such a request can be substantial.

In the paperless environment, it might appear that the response to the same demand would be a simple matter of copying the electronic documents to disk, or in a large office a CD, and turning it over, requiring fewer personnel, fewer hours, and less copy cost. Not necessarily. As e-discovery has progressed, many firms, plaintiffs, and defendants have become painfully aware of just how much e-matter can be accumulated by even small and medium-size businesses. Sifting through hundreds of documents and thousands of e-mails to find relevant and nonprotected items that match the request might involve more time than researching and copying the equivalent number of paper-based documents.

Add to this the potential for format incompatibility and costs quickly mount. Unlike paper-based documents, which anyone can read, e-documents are often generated in proprietary formats that are readable only by the system in which they were created. If the requesting party does not have access to the proprietary format, these e-documents might as well be written in invisible ink. This results in greater costs to one or both sides when someone must translate them into a common language. Issues such as who bears the cost burden and what constitutes improper behavior quickly moved to the forefront in the legal practice during the early days of e-discovery.

Everything new that emerges -telephone, automobile, and computer-has gone through various stages of growth and development during which many of the bugs and glitches have been ironed out. This Darwinesque process helps to ensure that only the benefits of the technology remain and the weaknesses are cast to the wayside. Although not entirely successfully, the process allows humans to catch up with the technology, and sometimes results in subsequent generations of products that are far superior to their ancestors.

The evolution of things like the paperless office and e-discovery has been under way for many years. In large part, many of the issues that I have touched on have been addressed, corrected, or at least worked around. Many issues still remain to be examined, however, and as digital technology grows in scope and power, many more will arise. One of the areas that is still often misunderstood is the area of computer forensics.

As a part of the larger field of forensics, computer forensics is lumped together with such interesting fields of study as forensic entomology (bugs and insects), forensic anthropology (study of bones and skeletons), and DNA analysis (a branch of forensic biology). Although sharing some real similarities with its brethren, computer forensics has emerged into a distinct specialty that roams beyond the confines of traditional forensic science.

Rarely, if ever, would forensic scientists in fields such as entomology, odontology, or anthropology consult on cases outside the criminal venue. There are, of course, the occasional personal injury and wrongful death cases requiring such expertise, but by and large, historically forensic scientists are called only in criminal prosecutions. As such, much of the expertise and talent has been developed through state-supported facilities such as crime labs and universities.

The field of computer forensic examination is different. Whether attributable to such media phenomenon as the CSI series or due to the pervasive nature of computer technology, the science of computer forensic examination has exploded onto the scene. With this explosion has also come a tremendous amount of misinformation, and this misinformation can be tremendously costly. You cannot plan properly if you make incorrect assumptions or simply misunderstand the capabilities of the science. Improper planning will ultimately cost money.

The answer is this book. Although I cannot make a computer forensic technician of you, nor do I hope to, I can help you to better understand the potential and limitations of this fascinating field. Many universities now offer entire majors dedicated to the field. Postgraduate dissertations have been undertaken in subfields of this field, and the body of knowledge in this area is so rapidly expanding that by the time this book is on the shelves, new...