HOW TO BECOME A DIGITAL DETECTIVE

Recovering electronic data is only the beginning. Once you recover it, you need to determine how to use it in your case. In other words, how do you reconstruct past events to ensure that will be admissible as evidence in your case? What follows are some recommendations for accomplishing that goal.

If You Need Help, Get Help

When you receive the package of evidence containing a Zip disk and cover letter stating, “Enclosed and produced upon you please find,” you may not know what to do with the disk. If you don’t know, get help.

Help may be just down the hall. If you have an information services department, consider going there. They might not understand what you mean by a discovery request, but they may be able to help you convert the contents of the disk to a form you can look at. If you have a litigation support group, consider contacting them. They may have the tools you need to look at and start working with the data you just received. Even if there is no formal entity within your office dedicated to dealing with technological issues, there may be informal resources.

In addition, your client may have the resources you need. Your expert witnesses, assuming you have some, may be able to sort out the data for you. If you are using a litigation support vendor, that organization may be able to bring skills to bear. And, of course, don’t forget the professionals, the ones who deal with electronic data recovery and reconstructing past events for a living.

Convert Digital Evidence

Before you can reconstruct past events and present the data, you need it on a medium and in a format you can work with. In other words, you need to get the data onto a medium you can use, if it is not already on one. Data can come on a variety of media, such as data tapes, Zip disks, CD-ROM disks, 3.5-inch floppy disks, and 5.25-inch floppy disks.

If you receive electronic evidence on an 8-millimeter data tape, chances are that you will not have an 8-mm tape drive at your desk. Even if you have a drive, it may not be able to read that specific tape. You need to get the data onto a medium your computer can read, which these days generally means a 3.5-inch floppy or a CD disk. How do you do this?

Well, for example, you could use Zip disks. Zip disks are simpler. The cost of Iomega Zip drives (http://www.iomega.com) is so low that you can keep one on hand just to copy data from Zip disks you receive (and to copy data to Zip disks when others request data from you on that medium).

CDs are even simpler, as CD drives have become commonplace on PCs. Similarly, 3.5-inch disks generally pose no problem.

Nevertheless, 5.25-inch floppy disks have started to become problematic, as fewer and fewer PCs have the drives in them. Older sizes of floppies can be even more difficult; when you receive electronic data on them, you usually have to engage outside vendors to move the data over to media you can work with.

Put the Evidence in a Useable Format

Having data on a useable medium is useless unless it also is in a useable format. At times this is not an issue. If the data comes in a format that you already use, then you can begin to work with it as soon as you get it off the media. The formats most likely to be useable without conversion are word processing files (principally WordPerfect and Word files), spreadsheet files (principally Excel and Lotus), and presentation files (principally PowerPoint files).