Blackberries and overtime?

Some interesting thoughts from Sharon Nelson regarding the use of blackberries/smartphones and remote access and how the use of these tools might affect hourly employees.

This is an interesting subject for me, I carry a blackberry, and occasionally log in from remote locations, and am an hourly employee. I try to be fair about using it, and charging overtime for what I do. For example a 2 minute email reply that I sent the other day from the National Mall, I'm not going to worry about. Yes, I'm on vacation, and yes I don't have to answer emails, but here was a peer who needed a quick bit of tech advice and I could help them without too much difficulty. I don't mind using 2 minutes of my time for that. On the other hand, if the firm starts expecting me t be available to answer emails any time I'm on vacation, or just at home in the evening, we're going to have to be fair to me, and my home life as well.

Any of you in the same situation? How do you and your employer handle it?

Labels: Career, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 11:05 PM | 0 comments | Links to this post

 
New Communication Tools and the Right People

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:09 PM | 3 comments | Links to this post

 
Upgrading Away

Lots of upgrading since last night.

First it was the new version of Twhirl, 0.8 with the additional Friendfeed support. On my Vista desktop last night it had some stability issues after I first installed it and tried connecting to Twitter and Friendfeed at the same time. It crashed a couple of times on me, the windows went away once, and then it suddenyl started working just fine and has since. Go figure.

On the Mac I updated today, and it's been running pretty well. I haven't run it with Friendfeed for very long, I'm not sure I like seeing Friendfeed through yet another Twhirl window, as opposed to just in a Firefox tab.

Also today, I spotted a mention that AVG had made the free home version 8 available. This version has added some antispyware features and tools to keep you safe online, like a link scanner that finds dangerous sites from your search results and lets you know before you click on them. That's an interesting concept, though I haven't see it in action yet.

I upgraded my Vista VM on the Macbook to version 8. It makes for a nice test environment. One word of advice, the installer says it will uninstall previous versions, but it didn't work at all for me. I had to go back and uninstall 7.5 then run the install for 8.

I'm going to spend a few days making sure this is stable and runs well before I upgrade my desktop machine to 8.0.

Lastly, tonight I updated VMWare Fusion to the newly release 1.1.2. That seems to have gone smoothly, and my Vista VM is running as well as it always does in Fusion.

So far, so good....

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:44 PM | 0 comments | Links to this post

 
Well it's a nice monitor

Well it's a nice monitor
Originally uploaded by mikemac29

Labels: Photography, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 2:17 PM | 0 comments | Links to this post

 
Repetitive Social Network Mashups

Have we reached a point with social networking tools where there are too many, trying to do too many things? Now that many of them seem to be giving you a place to add different pieces of your online presence in one place, do we run the risk of being repetitive?

I first had this thought earlier today when Douglas Welch asked, on Twitter:

?Twhirl/FriendFeed integration nice but need way to exclude Twitter from the FF feed"

He has a point. If Twhirl is trying to give you both your Friendfeed and Twitter followers in one place, wouldn't it be great if it would not show you the Twitter updates in Friendfeed of people you are already following on Twitter? In my own Friendfeed you see another example. I hooked it up to my del.ico.us links so that you could see pages I'm tagging over there as I tag them throughout the day/evening. On the same feed though, is my blog feed, which includes a summary list of del.ico.us items daily. That's repetitive, but there's no way for me to provide both services to my readers, those who follow me on Friendfeed and those who only subscribe to the blog.

I think one of the features that will really make one of these services stand out, will be the ability to recognize duplicate items and weed them out for us automatically. That way you're using something that pulls together all the various stuff a person you want to follow is doing, without having to weed through repetitive entries. It's something worth thinking about, anyway.

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:12 PM | 0 comments | Links to this post

 
Email Archiving

I got to spend lunch today at a local ILTA meeting, watching a presentation about email archiving technology. The presentation was pretty informative, if not a bit long, but the part that really had me shaking my head was when the presenter talked about the technology having the ability to archive everything directly from the Exchange server, and then not be deleted unless by an Admin, usually someone in IT.

Excuse me, what?

I get the concept that we need to treat email like other business records, but not all of our email would be considered a business record. In fact, most of it is crap. Email list postings, newsletters, personal emails etc. There's a whole lot of stuff that, if I'm an email administrator, I don't want to keep. I don't want to have to search through all of that junk if it comes time to do some e-discovery, I don't want to pay for all the extra storage, etc. I just want that stuff gone.

I also don't want to pay for someone in IT to sit and decide what is a business record and what isn't on all the email that comes into a server. No offense to the IT folks, but really, are you the most qualified person in your organization when it comes to knowing what needs to be kept and what doesn't? I actually hope you aren't, because that says bad things about your users. :)

They should be the one's who decide what is a business record and what isn't. We shouldn't have to "keep everything, forever", just in case they can't or won't do that properly.

Seriously, there's got to be a better way, but everything I've looked at is just as much of a mess as the next option. It's not a pretty picture.

Labels: LitigationSupport, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:41 PM | 3 comments | Links to this post

 
Friends are Hard to Define

I've been randomly taking a look at Facebook's "People you may know" feature over the last week or however long it's been available. It occurs to me today that this feature is actually a perfect example of the limits of the "friend" definition on Facebook and other social networking services.

Here's an example. I have some friends on Facebook, and also MySpace, who I only know through one of my websites. For the sake of example, let's look at my fellow Friends in Tech members, very few of whom I've met, and who live in pretty diverse geographical areas. Between all of us, we're spread pretty much all over the country, but we also interact fairly regularly online and are friends in that sense, so many of the FiT members are also connected on social networks like Facebook. That's to be expected.

The problem comes in when you consider that to Facebook, any friend is a friend in the same sense. It pulls the "people you may know" group from your friend's contacts. Just because they know someone who I also know, doesn't mean I know them, and in the Internet age, where I'm interacting with folks from all over the world, let alone the US, the chances that they have many, many friends that I know nothing at all about, increases dramatically.

I've got people on my friends lists who I've worked with in the past or people who my wife works with, who are mostly local to us. I've got people on my lists who are regular readers of this blog, and people who are regular readers of my child abuse blog. I have folks I met at a legal conference, and people I've known from my years in IT. Do you think those groups of people would know each other just by virtue of knowing me? I may be a link between them, but I'm a tenuous link at best.

Wouldn't it be better if we could better define our friends and this matching feature actually took that data into account when suggesting people we might know? Instead of being presented with a list of people who are local to someone I only know online, wouldn't it be better to see only the other online friends that person has, and vice versa for people I know and see in real life on a regular basis?

I think that'd be a whole lot more useful than what I'm seeing at Facebook right now, and I'm hopeful that someone over there will take a really hard look at using the Friend List feature, and someone at Myspace is taking a long look at using the friend groups feature to help push this further along that path. Is anyone listening?

Labels: Blogging, FriendsinTech, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 11:09 PM | 0 comments | Links to this post

 
Color me Impressed

Well, you all already know how impressed I've been with using VMWare Fusion on my Macbook for those times when I need to dip into the Windows world for something, but today I really stressed out that virtual machine and it handled it like a charm.

The basics, I had to dump a series of Excel spreadsheets into one sheet, so that I could use the magic of COUNTIF and SUMIF to match data across all of them at once and get a sum. Unfortunately, putting all of them together left me with over 300,000 rows, which our Excel 2003 at work just wasn't going to deal with. So I fired up the Macbook and the Vista VM with Office 2007 on it, and hooked up an external drive to it with all that spreadsheet data. I then proceeded to build that 300,000 row sheet and then do my counts and sums. You'd think working in a spreadsheet with 300,000 rows on a virtual machine running off a laptop would be painfully slow, but it really wasn't, at all. The only time it paused was when I asked it to calculate the sums of 2000 records all at once, but let's face it, any machine would pause for that, virtual or not!

In short, I love being able to do something that resource intensive and still have OS X running stuff at the same time! It's quite awesome.

Before anyone asks, or calls me names, I am aware that I probably could have done this same processing in Numbers just in OS X, but it needs to get done, and get done correctly, and I haven't been around the block enough with the iWork suite to feel like I could have gotten it done very quickly, so Excel was the choice for me, at least this time.

Labels: LitigationSupport, Mac, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:37 PM | 0 comments | Links to this post

 
You need my passwords???

Tonight when I powered on my desktop PC, I was caught somewhat by surprise by Outlook asking me for my Gmail IMAP password. I fired up Twhirl at the same time and was somewhat surprised that it asked for my Twitter password as well, but I entered it and immediately tweeted to see if anyone else was having Gmail IMAP issues. Before anyone could respond, I got prompted for all my other email passwords as well, so I knew maybe something else was up, and when my Twitter pals responded that Gmail was working fine for them, it clinched it!

Turns out, for whatever reason, Vista stopped remembering my stored passwords. As any good IT guy would, I hit Google next. I found this post on Minty White which seemed similar to my problem, so I followed the suggestion about deleting a registry key, restarted and all was well with my passwords again!

Ah Google, where would we be without you? ;)

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:36 PM | 1 comments | Links to this post

 
Quick Impressions of Evernote Beta

I had about 15 minutes to play around with this today, just long enough to notice that there's no option to not share certain notes with the mobile version of Evernote. Pretty much, once you decide to sync with the mobile version (Actually, it's turned on by default), all your data goes up to Evernote's servers.

So, while the fact that it syncs online and offline solves one of my issues with my current setup, it doesn't help in regards to data I want, or need, to keep off their server.

In other words, it might make for a good replacement for Google Notebook, by offering similar functionality and adding the ability to access your notes when you are offline, albeit the only computer you could use offline would be the one with Evernote installed.

On the other hand, as I said earlier if Google Notebook got hooked up to Google Gears, that would eliminate the advantage. Perhaps, though, I'll find more Evernote features that make it worthwhile when I have more than 15 minutes to experiment.

I seem to have some invites to the mobile beta, at least I think that's what they're for. If you're interested in one drop me an email at mike.mcbride at that other Google service that I've given my life to. ;)

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:08 PM | 0 comments | Links to this post

 
Evernote Impressions

Some of you probably know by now, that I'm a sucker for note taking applications that help me be more organized. I often say, if it's not on my to-do list or calendar, it may as well not even exist. (Case in point, this weekend I had planned to catch up on the John Adams series that is sitting on the DVR, but as I went through the list of things I needed to do last weekend, that wasn't on it, and I forgot to watch them.)

Anyhow, my current note-taking organization method involves two tools, OneNote and Google Notebook. I love OneNote, but since I currently use 4 or 5 different computers during the course of any given day, let's face it, the really current to-do lists need to be online, hence the reason they are on Google Notebook. Of course, for more in-depth stuff, notes I don't particularly want to share with the Google machine, or information I absolutely need to have during times I may not be able to get online, OneNote works just great.

Now comes the new version of Evernote. I took advantage of the  offer on giveaway of the day last week to grab a copy of the Mac beta for my laptop, and this was really the first time I got a look at the web client. I currently use the old, free version of Evernote at work for some specific things, like using a time tracker to jot down time that I need to bill without opening up our billing system to enter it completely or keeping track of work info that I really don't want to put online, even in a private notebook, so I am somewhat familiar with the Windows version, albeit in an earlier form.

Might this be the answer to the vexing conundrum of having information available from any computer, and also when I'm offline? It might just be, at least until Google gets their Gears hooked up to Notebook, which to my mind should have happened already, shouldn't it?

I haven't even begun to test out Evernote on the Mac, but when I do, I'll be sure to let you all know if the trial brings about any change in my current organization routine. It's certainly possible!

Labels: LitigationSupport, Personal, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:38 PM | 0 comments | Links to this post

 
FriendFeed

I've seen numerous people talk about using FriendFeed of late, a few who even talked about using it instead of an RSS aggregator because you can put everything you're doing online in one feed and give it to people who really want to know what you're doing that much.

Tonight, I took a quick look at it and I seriously don't see the point. First off, do you really want to follow every single thing I do online? Yeah, didn't think so.

Second, and more importantly, why the heck would I take my full post blog feed and push it into a Friendfeed where it gets pushed out to you, the subscriber, as the title only? How is that more useful to you? (Is it possible that I'm missing something here? I put the feed for this blog in and got only titles out!)

Here's an idea, there are any number of feeds available to you if you want to follow what I'm up to, how about if you take those feeds, in their full length, and use a service like Yahoo Pipes, or xFruits to mix and match the ones you want to follow, instead of having me decide for you, and getting a crappy title only feed that you'll probably quit reading within a few months anyway?

Here's a start, take what you want and have a good time:

All posts blog feed:

http://feeds.feedburner.com/OutOfTheFryingPanAndIntoTheCube

Just Tech Posts:

http://feeds.feedburner.com/MikeMcBrideTech

Just Lit Support Posts:

http://feeds.feedburner.com/MikeMcBrideLitSupport

Just Photo Posts:

http://feeds.feedburner.com/MikeMcBridePhotography

Child Abuse Survivor Blog:

http://feeds.feedburner.com/ChildAbuseSurvivor

Flickr Photos:

http://api.flickr.com/services/feeds/photos_public.gne?id=19269532@N00&lang=en-us&format=rss_200

Twitter Updates:

http://twitter.com/statuses/user_timeline/800069.rss

If you need more, check the right side of the blog template for even more places I am online. Again, take what you want, mix and match how you like, don't wait for me to make a feed for you. This is 2008 people, don't let some service like Friendfeed tell you how you should follow people!

Labels: Blogging, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:30 PM | 0 comments | Links to this post

 
Vista SP1, so far no news is good news

Oddly enough, while the Vista virtual machine on my Macbook prompted me to get SP1 Tuesday, my actual Vista desktop still doesn't see it as an available update. What's up with that? (I'm assuming it was the fact that my laptop saw it while connected to another network, my home roadrunner network seems to not see it.)

Well, as it turns out that fit pretty well with my plan anyway, go ahead and do the update on the VM and see how it goes for a few days, then do it on my desktop. Other than the length of time it took to install, it hasn't really created any noticeable problems or performance hits on the VM, even with a few programs running on both it and on the host OS X. Of course, that VM never really had any problems either, at least not that I've seen in the short time I've had it running, so I can't say that there's much for me to go on with that.

Then again, isn't that the point of a stability update like SP1? To make it so you don't really notice your OS? I haven't really noticed anything about Vista running in the VM since then, so that's a good thing, right?

Anyway, so far so good. I've even reached the point where I'll go ahead and allow the update when my desktop sees it, whenever that will be!

Update: Upon further review, I think I know why I can't get it through Windows Update, the same reason Preston Gralla couldn't get it on his Dell.

Labels: Microsoft, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:58 PM | 1 comments | Links to this post

 
Weird SpamBayes Problem

I noticed the other day, just before I was getting ready to leave town, that every time I opened Outlook at home, instead of having all my junk mail marked as junk, suddenly more of it was showing up in the inbox, and what didn't show up there always wound up in Junk Suspects as opposed to Junk Email. It seemed as if SpamBayes had somehow lost all of it's memory about what was spam and just wasn't sure about anything anymore.

Finally, last night I had enough. I went in and had SpamBayes redo it's training. I pointed it to the Junk Email folder and said "learn what is spam!". (Literally, I said that out loud, I do that sometimes, don't you? Hello? Bueller?)

Tonight, when I opened Outlook, things seem to be back to normal again. I wonder what happened to cause it to lose it's training like that?

Labels: Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:54 PM | 0 comments | Links to this post

 
Techshow Day 3 Session 2

Automated Documents

Barron Henley and Allan MacKenzie

Barron: Quit using copy/paste and search replace to create documents! You copy over errors into all your documents. Most of the people, who consider themselves power users, don't use word processing software effectively at all. Movement away from per hour billing to flat fee means you need to work quicker and get more done!

Allan: Within Word you can use fields to simply fill in a letter, or other common docs, you can even set up the template to use fill in questions to fill in those fields. You can use styles to reuse what is typed in one field in another field. Use Autotext, not just globally, but specific to a template as well, makes it easier to find and use in that template. So, you can create a clauses folder with autotext entries and simply enter the clauses that are relevant to only that template. If you use links to a template your letter will update any time you change the autotext library for that template, say if you make part of it underlined, then you hit Ctrl-Shift-F9 to close links before saving. Minor programming in 2003 will allow you to automate that as well. (Note, need to research exactly how these sorts of macros are written and how we could use them.)

Autotext in 2007 is different, you need to add it to the quick access toolbar to reach it...

Commercial Drafting Systems: Can be a nice option if you don't have time to design these yourself. Lexis has forms, ABA, and your local Bar Association have good forms. This helps to keep up with law changes, because they send you updated forms, and usually have listserv to help communicate with other users of the form set, who also happen to be in the same practice area as you. On the other hand, they can be expensive, and are charged SAAS, so it's ongoing, may not include all you need or every state, some are difficult to learn, or maybe don't work very well. Biggest complaint Barron hears is complexity of system in some cases.

Document Assembly Products:

HotDocs
DealBuilder
Rapidocs
Qshift
Pathagoras
Perfectus
Activedocs
Exari
AmazingDocs
Dynamic Document Drafting

HotDocs (a Lexis Nexis Product) is the market leader. HotDocs has a web-based component as well. Barron is showing off doing a letter in Hot Docs by answering questions. Simplified training, want to do a letter, "open the letter template". You program the one template and everyone shares that so you know every letter is going to have the correct stuff in it.

What documents to automate: create chart, two axis how frequently you use them, and how difficult they are to do. Start easy when you're learning how to program templates! If you start with the hardest document you handle, you'll never get anywhere, start with things like fax cover sheets, and grow from there. You can still save lots of time with these simple documents being automated, maybe 5 minutes at a time.

Barron is on office.microsoft.com talking about training videos that are on there. Also suggests the Word MVP site. He wishes he could give every law office the simple understanding of how to really use their word processing software. He actually got applause with that one..:)

OK, this will be the last post for today, not going to try to blog 60 sites in 60 minutes, it goes too fast, and then I'm off to spend the afternoon with the wife before flying home. I'll have more to say about the event overall soon.

Labels: LawFirms, LitigationSupport, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 10:47 AM | 0 comments | Links to this post

 
ABA Techshow Day 3 Session 1

Before I get started, I've got to say I had a good time meeting up with other bloggers last night. Kevin O'Keefe organized the event and picked up the tab, which was awesome. Got a chance to meet and chat with a few fellow bloggers, who I won't even try to link to, because I would undoubtedly leave someone out and I don't want to do that, but trust me when I say that I enjoyed meeting and chatting with all of you, and I'll be adding some new subscriptions to my Google Reader.

After spending some time there, I met up with Angela and walked up to Millennium Park, had dinner at Pizano's on Madison, and tried to take some interesting night time photos. We'll see how that worked out. :)

Just a couple of sessions this morning, then meeting back up with Angela for the St. Patrick's Day parade.

Session 1 Notes: Managing Email, Britt Lorish Knuttgen and Dan Pinnington

OHIO: Only Handle it Once
RAFT inbox: Refer/Read, Act, File, Toss
Flagging and/or folders as organizational tools. (We're already dealing with fallout of people filing things in folders and never deleting anything, we need to hit that concept hard before anything else!)

Are you doing work, or avoiding work by dealing with email? Turn off the new message "ding" and popup!

Speakers are suggesting using more than one email account, keeping various things out of your business email, like listserves, and personal email that you don't look at as often. (Since we block all outside email accounts, and web-based accounts, does it actually encourage people to use their work email address for everything? I think it does.) -Interesting live Twitter discussion about this idea, since I posted it there too, shows power of Twitter right there.

Lots of questions about problems with spam filters. Obviously, folks still have issues getting real email through spam filters. I am not surprised by that.

Uh-oh he's talking about Sent Items folder. As proud as I am of my clear inbox, I tend to keep a whole lot of Sent Items, too used to needing to CYA with emails I sent. ;)

One minute rule: decide what to do with a message within one minute, even if it's setting yourself a task to accomplish the more complicated task.

Use signature blocks like auto text. (I've been getting some good use out of this, learned it at the help desk, because we were getting many of the same questions through email, so we made the answers or common replies signature blocks. Now I use them for things like letting someone know when a Summation load is finished, for example)

I've never got the hang of search folders, why not actually use folders?

Britt is encouraging people to save client emails in the Doc or Practice management system so that it's attached to the client/matter instead of just sitting in someone's mailbox. YAY! I wonder if she'll come talk to some of our attorneys? :) (She demonstrated it with World Docs, didn't look much different than Worksite/Mailsite)

Labels: HelpDesk, LitigationSupport, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 9:26 AM | 1 comments | Links to this post

 
Techshow Day 2 -CSI For Real: Science of Computer Forensics

Craig Ball and John Simek

Craig: a simple Walmart purchased hard drive holds more data than you can imagine. 80GB is a ton of stuff, and maybe 2/3 of what is on that drive is unreadable to you, so you can't even be sure what it says. Even then, we've moved way beyond that. We're talking servers, cell phones, blackberries, thumb drives, memory cards and into access control tools, toll tag data (key card systems), even iPods keep track of things. Digital cameras and surveillance, (EXIF data, freeway cams, etc.), copiers and fax machines have data on them, gps tracking and ever air bag systems have data. And then we get to the Internet, Facebook, Gmail, etc.

There are many digital footprints left behind. Rather than being scared of this, be aware that this rich, useful information can be used to get at the truth. The smart guy surfing pr*n may know to get rid of his internet history and cache, and delete the images, but he may not be aware of index.dat, or thumbs.db, let alone deleted items recovery tools.

Other useful information: Registry tracks any connected USB devices. Prefetch can show recently used apps just like recently opened documents. Windows Registry User Assist Keys, encrypted in ROT-13, (Really not encrypted at all in reality, just moves letters 13 letters ahead in alphabet). The only thing it is protected against, is a keyword search, which is important to know.

Craig is describing how Windows deletes files by deleting the file table information, even though the data is still on the disk. (Need to see if this presentation is on the CD, might help explain forensics to non-technical people.)

John: Email and internet activity are the two main areas of interest in cases. Index.dat can show you that information. Showing Net Analysis tool to show how it reads the internet history that exists in index.dat. It shows last visited date, secondary date, which is the date from the server (can be useful occasionally), and username. Can filter for search terms that were used.

John: You get a really good idea of the personality of the user when doing an exam. Craig: It's mind-reading really. You can watch classic behavior, someone gets a subpeona, starts searching for law.com, legal information, lawyers, etc. Then they start searching for permanent deletion tools. He's never found evidence more damning than the hole left behind by getting rid of information. Jury will assume the absolute worst! People will wipe things that they simply don't want people to see, even when it isn't that bad, that's why you get the PC and clone it before human frailty comes into play. Recovering that data is more costly, and will lead to partial information that you now have to defend, rather than full information that may, again, not be that bad.

Craig asked for a volunteer with thumb drive, is using FTK to examine that drive live. There's not much on it, nothing in the unallocated space, but we can see everything on it, and the deleted items, we can see the last time he accessed stuff on it, etc.

Hashing is invaluable, it can help the examiner eliminate all the system files and other stuff that isn't user created. Also being able to verify file types to get to those documents that the extension has been changed on. It can extract all images, regardless of where they might be embedded, and has a skin tone recognition to pull out images that have skin tone in them.

John: that being said, there are no silver bullets. Just because you have a tool, doesn't mean you can interpret what you have with your knowledge and that tool. You may need another tool, for email for example.

Read Craig's articles on DIY forensic imaging. Use FTK Imaging, because it's free. Get a write blocking device. Don't run forensic examinations on original drives, they change the information! John's example, IT guy ran undelete utility when he examined drive to find deleted files, the evidence was ruined at that point.

Craig has moved away from cloning, does software imaging instead. Except when doing "black bag" collections, when you come in at night and get a clone and leave the PC back in it's original state as quickly as possible.

Unallocated clusters on servers rarely has useful information, servers, especially RAID arrays, overwrite information very quickly, you really need to get it quick and know where the data was before deletion.

Time to hit some vendor booths, more later!

Labels: LitigationSupport, Tech

Digg this | Post to del.icio.us| FaceBook | Stumble Upon| Google Bookmark| 4:16 PM | 0 comments | Links to this post

 
ABA Techshow Keynote-Marc Rotenberg Executive Director of EPIC

Interesting Keynote on Internet Privacy. Good discussion about Spitzer, RealID, The wiretap bill, cloud computing, warrantless laptop searches at the border, etc.

I was especially interested in Marc Rotenberg's take on Google Apps. He's not a fan. Rightly, he's concerned about the amount of information Google has about you by having access to your email contents, documents, etc. He's bothered by advertisements sitting alongside your emails but understands how attractive the ease of use, and lack of cost, that is involved with the services. Also very concerned about Google's retention of search information.

(Disclosure: I use Gmail, but also understand what I'm giving them and what I'm not. Work email doesn't go through there.)

Also interesting fact about Full Body Imaging. The device is basically a digital camera, it takes the image that is not filtered at all, but is displayed filtered for the TSA agent. There are concerns about where those original images are being stored, and whether there will be litigation ensuring that TSA doesn't keep those.

They don't have any recommendations for privacy tools, there's a bit of complexity in figuring out how well they really work. Some make claims which are not actually true upon investigation. Somehow, I'm not shocked by that! :)

Learn more about EPIC