by Edward Pscheidt
www.edwardpscheidt.com

Everything is created on a computer. To be more precise, almost everything that is the subject of litigation was created on a computer. Be they letters, blueprints or company books, the vast majority of subpoenaed information resides on computers. Because of this, the hard-nosed private eye from films of the 40's has been replaced with the Computer Forensic Investigator (CFI). While the title in not as catchy nor the reputation as romantic, these nerdy inhabitants of cyberspace are changing the practice of litigation more than their fedora-wearing counterparts could have ever imagined.

Computer forensics can be divided into three broad specialties. The most basic of these is obtaining and documenting digital information. This includes data recovery and verification. The second is expert testimony concerning things computerized. More often than not this involves networks and the Internet. The third, and the most fun, is real sleuthing. Because it is so infrequent, the best stories come from figuring out how information was compromised, searching for deleted files, or ferreting out identities on the Internet. This article will deal with the basics of the first specialty. Publishers willing, future articles will discuss the rest.

A Few Definitions

Federal statutes imply that a computer is any device that stores, manipulates or transmits electronic data. Certain State codes do more than imply. They overtly define computers as such. While this is overly broad for technical use, it is good for the practice of law. When issuing a subpoena, the lawyer does not have to guess what the local IT department calls a device. By using this sort of definition, the lawyer can expect to get everything pertinent without having to worry about the difference between a server and a router nor does the subpoena need to overtly call out esoteric items such as USB drives and digital MP3 players.

In a similar manner, the term "data" has been legally defined to broadly encompass anything that a computer can store. The California Penal Code, section 502, says that, "Data means a representation of information, knowledge, facts, concepts, computer software, computer programs, or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer or in transit or presented on a display device." Again, this is of benefit to the legal community since this eliminates any "wiggle room" when complying with a subpoena.

Interestingly, the terms "Damage" and "Injury" also have a wonderfully large range. They apply when computers or data are physically damaged, merely altered, or when legitimate access to either is denied. This allows prosecution and litigation over such varied threats as virus creation, conversion of resources or data destruction.