Electronic Evidence as the Smoking Gun

First published February 2005

by Henry J. Fasthoff, IV

NOTE: THIS IS ARTICLE IS FOR INFORMATIONAL PURPOSES ONLY. IT IS NOT INTENDED TO BE CONSTRUED AS LEGAL ADVICE.

Electronic communications–particularly email–may contain a treasure trove of evidence in commercial litigation matters. There are three key reasons for this fact. First, email is a very informal means of communication. Why? I don’t know, it just is. Though I personally insist on specific grammer and sentence structure in my “hardcopy” written correspondence, court pleadings, etc., in emails I sometimes choose not to follow the rules of written English.

Second, though intellectually many of us know it is not, email “feels” anonymous. I’m sure there have been studies conducted in a effort to understand why email feels anonymous. Maybe it’s because of the instantaneous nature of email–you can simply vent your emotions and knee-jerk reactions immediately and press the send button, rather than having time to reflect on your written thoughts as you otherwise would if you were forced to sit down and write a letter; sign it with your own hand; put it in an envelope; put a stamp on in it; and take it to the mailbox and mail it. Whatever the reason(s), the fact of the matter is that email does feel anonymous.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The third reason email evidence can contain critical evidence in a commercial litigation case: permanence and retrievability. Most people don’t realize that when they “delete” an email from their email program it actually remains on the computer or network unless and until the portions of the computer’s memory containing the email are overwritten by other information. You can be certain, however, that every single electronic communication you make–email or otherwise–is being recorded somewhere. Perhaps on your company’s network server, perhaps at your Internet service provider, or perhaps on your own computer’s hard drive. Savvy litigators know this fact and, depending on the stakes of the case, you could end up receiving a letter such as this should your business find itself in a business dispute:

Dear Mr. John Doe:

This is a notice and demand that evidence identified below in paragraphs 2 through 5 must be immediately preserved and retained by you until further written notice from the undersigned. This request is essential, as a paper printout of text contained in a computer file does not completely reflect all information contained within the electronic file.

The continued operation of the computer systems identified herein will likely result in the destruction of relevant evidence due to the fact that electronic evidence can be easily altered, deleted or otherwise modified. THE FAILURE TO PRESERVE AND RETAIN THE ELECTRONIC DATA OUTLINED IN THIS NOTICE CONSTITUTES SPOLIATION OF EVIDENCE AND WILL SUBJECT YOU TO LEGAL CLAIMS FOR DAMAGES AND/OR EVIDENTIARY AND MONETARY SANCTIONS.

For purposes of this notice, “Electronic Data” shall include, but not be limited to, all text files (including word processing documents), spread sheets, e-mail files and information concerning e-mail (including logs of e-mail history and usage, header information and “deleted” files), Internet history files and preferences, graphical image format (“GIF”) files, all other graphical format images, data bases, calendar and scheduling information, computer system activity logs, and all file fragments and backup files containing Electronic Data.

1. Please preserve and retain all Electronic Data generated or received by the following persons:

John Doe, CEO

Mary Smith, CFO

Bill Brown, COO

2. Please preserve and retain all Electronic Data containing any information about the following subjects:

Emails sent to or received from any employee or representative of ABC Company, DEF Company, or XYZ Company.

3. You must refrain from operating (or removing or altering fixed or external drives and media attached thereto) standalone personal computers, network workstations, notebook and/or laptop computers operated by the following persons:

John Doe, CEO

Mary Smith, CFO

Bill Brown, COO

4. You must retain and preserve all backup tapes or other storage media, whether on-line or off-line, and refrain from overwriting or deleting information contained thereon, which may contain Electronic Data identified in paragraphs 2 through 4.

In order to alleviate any burden upon you, we are prepared to immediately enlist the services of a computer forensic expert to image and examine all drives and media in your custody and control which may contain Electronic Data relevant to this matter. If you enlist your own computer forensics expert to generate evidentiary images of all electronic evidence identified above, demand is made that such expert utilize industry standard computer forensic software in order to facilitate and enable the processing and exchange of such evidence in this matter.

Should your company receive a letter like this, you should take it extremely seriously. Continuing to use any computers or other devices identified in such a letter will result in data being overwritten, which the courts would interpret as destruction of evidence. Destroying evidence can not only result in serious sanctions against the company or individual in the case at hand, as we saw during the Enron mess it can also result in criminal prosecution.

About the Author

Mr. Fasthoff is a commercial litigation attorney by day, and an entrepreneur in the marketing field by night. He represents corporate clients and individuals in the fields of commercial litigation; entertainment litigation; intellectual property litigation; arts law; technology law; and a wide variety of other business litigation matters.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw 

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. 

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. 

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. 

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 3rd May 2023 11:07 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...