Today's Facebook post may be tomorrow's evidence; Cernam captures ephemeral web info for its day in court

Linda Musthaler
By | April 05, 2012

Posted in: Network Security Trends

Content posted to social media and found in other online sources is becoming more important in litigation. People are writing things in a casual, unguarded way on the Web, and, increasingly, litigators want that information to help win their cases.The problem with Web content as evidence, however, is that it can be very fluid. Something posted to a Facebook page or a website can be viewable today but not tomorrow.

What’s more, it’s very likely that critical evidence could be posted to a blog or a social media website; saved to a cloud based storage system; stored in a SaaS application; or otherwise resident on some transient medium that is outside the control of the company wanting to preserve the information. As  a result, it’s difficult to capture the information (and its metadata) in a way that satisfies legal requirements for admissible evidence.

For example, suppose a worker posted information on his personal blog lamenting his uncertain job outlook because of a pending corporate merger that hasn’t been made public yet. The business press picks up on the speculative news, causing the stock price of the purchasing company to plunge in value. A shareholder lawsuit follows. By the time the lawyers attempt to preserve a copy of the blog post – the critical piece of evidence – it has been removed. Even if the lawyers had captured a screen shot of the post, it may be inadmissible in terms of evidence because, theoretically, the screen shot could have been faked or altered.

So, collecting online evidence is primarily focused on screen shots, printouts and PDF captures.  Whereas when you look at email, which is a very mature area in terms of digital evidence, no one would consider a screen shot of an email as acceptable as evidence. If it were, the entire industry around e-discovery and digital forensics would not exist today, and we would be exchanging screen shots as evidence.

“Online productivity tools have emerged as one of the biggest sources of digital evidence and litigation-type content,” says Owen O’Connor, founder and managing director of Cernam, which specializes in digital investigations with a focus on online evidence and investigations . “Online data is more fragile because it can be removed or changed. There is a need to bring forensic rigor to the capture and preservation of this content.”

Cernam has developed Capture & Preserve, a product that enables an organization to point to a piece of content on the Web and to capture and record it along with important metadata. So, rather than just taking a screen shot that is a picture of the evidence, Capture & Preserve makes a perfect real copy — in forensic terms, the equivalent of a disk image of the data — which can be used as evidence. This evidence container can be independently assessed and can be accessed at a later date, regardless of whether the original online data is available or not.

Consider, for example, a tweet sent out via Twitter. You and I might only see the 140 characters of the tweet, but Cernam’s technology captures the hidden content of almost 100 separate metadata properties  pertaining unique to that message from that specific Twitter account. Together, these properties provide forensic evidence of the original message that is far more persuasive than a screenshot in court.

Cernam’s technology is highly specialized and is aimed at law firms and corporations that are frequently involved in lawsuits. It can be used by attorneys, investigators and HR professionals to capture and preserve information that may be instrumental in lawsuits or disputes.


You May Also Be Interested In: