Electronic Evidence as the Smoking Gun

First published February 2005

by Henry J. Fasthoff, IV


Electronic communications–particularly email–may contain a treasure trove of evidence in commercial litigation matters. There are three key reasons for this fact. First, email is a very informal means of communication. Why? I don’t know, it just is. Though I personally insist on specific grammer and sentence structure in my “hardcopy” written correspondence, court pleadings, etc., in emails I sometimes choose not to follow the rules of written English.

Second, though intellectually many of us know it is not, email “feels” anonymous. I’m sure there have been studies conducted in a effort to understand why email feels anonymous. Maybe it’s because of the instantaneous nature of email–you can simply vent your emotions and knee-jerk reactions immediately and press the send button, rather than having time to reflect on your written thoughts as you otherwise would if you were forced to sit down and write a letter; sign it with your own hand; put it in an envelope; put a stamp on in it; and take it to the mailbox and mail it. Whatever the reason(s), the fact of the matter is that email does feel anonymous.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

The third reason email evidence can contain critical evidence in a commercial litigation case: permanence and retrievability. Most people don’t realize that when they “delete” an email from their email program it actually remains on the computer or network unless and until the portions of the computer’s memory containing the email are overwritten by other information. You can be certain, however, that every single electronic communication you make–email or otherwise–is being recorded somewhere. Perhaps on your company’s network server, perhaps at your Internet service provider, or perhaps on your own computer’s hard drive. Savvy litigators know this fact and, depending on the stakes of the case, you could end up receiving a letter such as this should your business find itself in a business dispute:

Dear Mr. John Doe:

This is a notice and demand that evidence identified below in paragraphs 2 through 5 must be immediately preserved and retained by you until further written notice from the undersigned. This request is essential, as a paper printout of text contained in a computer file does not completely reflect all information contained within the electronic file.

The continued operation of the computer systems identified herein will likely result in the destruction of relevant evidence due to the fact that electronic evidence can be easily altered, deleted or otherwise modified. THE FAILURE TO PRESERVE AND RETAIN THE ELECTRONIC DATA OUTLINED IN THIS NOTICE CONSTITUTES SPOLIATION OF EVIDENCE AND WILL SUBJECT YOU TO LEGAL CLAIMS FOR DAMAGES AND/OR EVIDENTIARY AND MONETARY SANCTIONS.

For purposes of this notice, “Electronic Data” shall include, but not be limited to, all text files (including word processing documents), spread sheets, e-mail files and information concerning e-mail (including logs of e-mail history and usage, header information and “deleted” files), Internet history files and preferences, graphical image format (“GIF”) files, all other graphical format images, data bases, calendar and scheduling information, computer system activity logs, and all file fragments and backup files containing Electronic Data.

1. Please preserve and retain all Electronic Data generated or received by the following persons:

John Doe, CEO

Mary Smith, CFO

Bill Brown, COO

2. Please preserve and retain all Electronic Data containing any information about the following subjects:

Emails sent to or received from any employee or representative of ABC Company, DEF Company, or XYZ Company.

3. You must refrain from operating (or removing or altering fixed or external drives and media attached thereto) standalone personal computers, network workstations, notebook and/or laptop computers operated by the following persons:

John Doe, CEO

Mary Smith, CFO

Bill Brown, COO

4. You must retain and preserve all backup tapes or other storage media, whether on-line or off-line, and refrain from overwriting or deleting information contained thereon, which may contain Electronic Data identified in paragraphs 2 through 4.

In order to alleviate any burden upon you, we are prepared to immediately enlist the services of a computer forensic expert to image and examine all drives and media in your custody and control which may contain Electronic Data relevant to this matter. If you enlist your own computer forensics expert to generate evidentiary images of all electronic evidence identified above, demand is made that such expert utilize industry standard computer forensic software in order to facilitate and enable the processing and exchange of such evidence in this matter.

Should your company receive a letter like this, you should take it extremely seriously. Continuing to use any computers or other devices identified in such a letter will result in data being overwritten, which the courts would interpret as destruction of evidence. Destroying evidence can not only result in serious sanctions against the company or individual in the case at hand, as we saw during the Enron mess it can also result in criminal prosecution.

About the Author

Mr. Fasthoff is a commercial litigation attorney by day, and an entrepreneur in the marketing field by night. He represents corporate clients and individuals in the fields of commercial litigation; entertainment litigation; intellectual property litigation; arts law; technology law; and a wide variety of other business litigation matters.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles