Are you among the fortunate minority who haven't yet had to conduct a computer-forensics investigation? That doesn't mean you don't need a strategy. The production of electronic documents during a lawsuit--eDiscovery--is increasingly crucial in modern litigation. Helping drive this trend are recent amendments to the Federal Rules of Civil Procedure--the legal code governing discovery during civil litigation in federal court--which formalize and create new requirements regarding eDiscovery.
So what strategy should you take? A forensics product or service provider can fill a specialized niche unaddressed by eDiscovery vendors, which focus on restoring large amounts of data for searching, analysis and production to an opposing party (watch for our eDiscovery feature). However, within a particular lawsuit, an intense search of a particular system may be needed, requiring a dedicated forensic product. Recently, a Minnesota federal district court ordered a plaintiff to produce all relevant documents including those deleted and corrupted--a task beyond most eDiscovery products.
Having a forensics tool at the ready may provide flexibility that makes business sense. When preserving evidence in preparation for a discovery request, creating forensic-quality mirror images of systems provide numerous benefits. If the scope of the eDiscovery request concerns events or communications in the past, a properly created forensic image of the relevant systems' hard drives can help guard your company from claims of "spoliation" of evidence.
However, for all but the largest enterprises, justifying $100,000 for a good forensics tool is going to be tough. But forensic-quality imaging tools--rather than a full-blown forensics system--are available at a fraction of that cost, deferring the cost of analysis until you need it.
The advantages of having in-house imaging capabilities robust enough to withstand the rigors of litigation extend to other areas of IT as well. In particular, information security will get a shot in the arm. As any investigator will attest, in the rush to diagnose and respond to a security incident, well-intentioned IT staff often change or destroy critical evidence. In the heat of the moment, the scope and implications of a particular incident are notoriously difficult to assess, meaning that the window of opportunity to image a system usually slams shut. Proactively developing this capability lets you respond to security incidents with the full force of the law when required.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
