Personal Cell Phone Forensics inlcudes social media, business and personal messages, photos, emails and GPS.
Leading computer forensics Expert Lee Neubecker, discusses the complexities of personal cell phone forensics with Debbie Reynolds from Debbie Reynolds Consulting. We both agree the litigation involving cell phones becomes personal and proves difficult to gain possession. Personal and business text messages, social media posts, photos, GPS records, emails, are all weaved together and become part of the discovery equation. eDiscovery in today’s era is incomplete without including data from smart phone including text messages, Skype, WhatsApp, Slack, Signal and other messaging platforms. Learn more about eDiscovery as it relates to personal cell phone messaging systems by watching Reynolds and Neubecker discuss the topic in today’s blog video interview.
The transcript of the interview follows:
Lee Neubecker: Hi, I’m here today again with Debbie Reynolds, and we’re going to talk about something interesting, which every piece of litigation now is getting into. We’re talking about cell phone forensics. What’s been your experience with litigation involving cell phones and discovery?
Debbie Reynolds: Well, whenever they’re cell phones involved eye-rolling begins because people take their cell phones very personally. As opposed to someone’s laptop, which maybe they don’t want to give up, they will fight tooth and nail not to give up their cell phones. And obviously people, they mix work with pleasure and they’re doing different things. They may not want you to see, even if it’s nothing criminal going on, people just feel very tied to their cell phone. The hardest thing is actually getting possession of it and letting them know that you’re not going to look through their juicy texts or their photographs, especially if it’s not an issue in the case.
Lee Neubecker: I know that whenever you need to get into text messages, it becomes a sensitive topic for people. But there are effective ways to get effective discovery without totally trampling over someone’s privacy in many issues involving contract disputes or other civil litigation, what’s important is to identify the relevant custodians. Let’s say we have your cell phone in the conversation with mine, we can then take that, we can create a single PDF document showing each conversation thread and then you could quickly go through it, if it’s your phone in which your attorney identify relevant, not relevant, and then only take the ones that are between the relevant parties and load that up into the review platform.
Debbie Reynolds: Right. And to one thing, one very effective thing that people are doing now, and that’s something that you do, Lee, is where someone, they don’t want the other side to see their whole cell phone so they’ll have a forensic company collect the phone and say, only give them X. That’s actually a very secure way. It gives people peace of mind knowing that they’re not giving everything over, that the forensic folks can actually do some of this pre-work before people actually start looking at things.
Lee Neubecker: Yeah. And like what I’ve done is, they’re not going to pay me to spend time looking at their photos, nor do I want to look at that stuff.
Debbie Reynolds: No. No one cares. I think that’s what people don’t understand. We’ve been working on cases for over 20 years and I really don’t care what’s on the phone or what you said or what videos on there. It really makes a little difference to us.
Lee Neubecker: What I try to do is I try to quickly create almost a summary index of okay, these are the conversation threads. Tell me which phone numbers are relevant, aren’t relevant, who are the relevant parties, and then we can just pull those specific threads out, put them up into the review platform.
Debbie Reynolds: Exactly.
Lee Neubecker: Now, sometimes there’s issues where photos are relevant specifically, if it’s important that you know the whereabouts or someone on a given date and time. Photos often can establish whether or not someone was really at home sick or out on vacation somewhere. There’s embedded GPS data that is recorded into most photos that are taken with smartphones.
Debbie Reynolds: Unless someone decides to strip it out. I think if you don’t do anything to it, it will collect that data. But there are ways to strip that information out. And also, people can turn off GPS tracking on their phone.
Lee Neubecker: Yeah. Well, thanks for being on the show again today.
Computer Forensic Experts will help you win your case
Data Diva Debbie Reynolds and Enigma Forensics’ CEO Lee Neubecker discuss what to look for in selecting a computer forensics expert to assist with preservation, litigation and eDiscovery.
The transcript of the video follows
Lee Neubecker: Debbie, thanks for being on the show again today. I’m here with Debbie Reynolds, she is Eimer Stahl’s data protection officer and she also is the director of their eDiscovery subsidiary. Thank you for coming in and being on the show.
Debbie Reynolds: Thank you, it’s always a pleasure, Lee.
Lee Neubecker: So, today we’re going to talk a little bit about the differences between eDiscovery and computer forensics and when it’s necessary to bring in an expert to actually be the testifying expert or to handle more sensitive issues, and what you look for when you’re pulling in a computer forensic expert to assist one of your projects?
Debbie Reynolds: Well, it’s never not a good idea to bring in a forensic person, so I try to get someone who’s a professional in forensics on every case that we have, so, just depends. Some big corporations, they actually have people, ’cause they do so much litigation, they have people who are captive to their organization that do it. More times than not, they either farm out that work, to a company like Lee’s company, or they come to me, they ask me for recommendations. Just depends on where they are, what their ability, who’s available. For me, it’s really important that I work with people that I trust, smart people like Lee, who knows what they’re doing. Me, I tell people, I don’t chase company names, I chase the talent, so, I’ve had situations where I’ve had an investigator or forensic person go from one company to the next, and as a stipulation of us working with them, that case went with them ’cause they had the knowledge, so for me, the thing that I look for is a company, again, people that I know and trust, people that I know are smart that know what they’re doing, people who can really present themselves, ’cause a lot of times you’re going into a situation, you’ve not met these people, you’re going in there, touching their data, people are very sensitive about it, IT people can be very territorial, so having someone who can really put people at ease and be very professional in a situation where it’s semi-hostile, where you know that the IT guy takes pride in what he’s doing, thinks he’s the expert, so you have to kind of disarm that person.
Lee Neubecker: How often are IT people hostile?
Debbie Reynolds: Oh, 1000% of the time. They’re always hostile in some way, some are more passive aggressive than others, but you know, this is their baby, you have to work with them to get access to the data, and a lot of times they feel like, well why can I do this?
Lee Neubecker: And part of the problem, when I’ve worked with the IT people, usually they’re defensive because they’re having extra work to do.
Debbie Reynolds: Oh, absolutely.
Lee Neubecker: And they’re involved in litigation, so what I try to do is I try to sit down with them and say, “hey look, “this is my role, I need to understand enough of your stuff “so that you don’t have to talk to the attorneys, “and then I can buffer you from that so that you can “do your daily work,” and when they hear that, it helps them to understand, okay, you’re here to save me from a deposition.
Debbie Reynolds: Oh, absolutely.
Lee Neubecker: Then they’re more relieved, more willing to work with you.
Debbie Reynolds: Absolutely. I think the challenge is to get, when you start a litigation, companies, in order to try to save money, that’s where they want to save money. They don’t want to spend money on a forensic person, but if I compare cases against one another, two cases are very similar, one they had a forensic person, one who doesn’t, the one that has a forensic person, down the line, their case is more smooth, ’cause we don’t have a lot of questions about who did what, what is where, we don’t have a question about who needs to sign affidavits, who needs to go to court, all that stuff, so all that headache down the line is eliminated when we bring in someone. And I’ve had people on our cases tell me, who’ve decided that they didn’t want to bring in someone, they said no, but bad decision, we should have really brought in someone.
Lee Neubecker: In my opinion, I think it’s important to know who the person to be responsible for that data, if they’d never testified in court before, that’s a potential problem, and a lot of times people don’t ask those questions. Other things like, do they have some type of certification that shows that they mastered the field of computer forensics? And did they have to take a exam that was proctored by some independent party to assess that so that you know that your person truly has the knowledge, they didn’t just attend a class and got a certificate, because that’s a little bit of a difference, and there are many people, though, that I’ve encountered, that haven’t had the formal certifications, and they’re very bright, but when you’re putting the people up, they’ve got to survive a challenge against their admissibilities expert, if they don’t have cases of record, if none of the judges know who the person is, those things are definitely problems.
Oftentimes, I’ve seen new experts get up and make basic beginner mistakes where they let the attorney override what their report is, they let the attorney write the affidavit for them, and then it gets stretched too far, and then there might have been many good things that they had to say, but all of it goes out the window because they didn’t know how to manage the hard, nose-driven litigator that wants that report to be aggressive, so you have to listen and understand those driven litigators, but you also have to protect them from killing the case, and they assume that whatever expert you put there has those skills and a lot of them don’t know when they’re getting into trouble, and they need to be able to stand up for themselves, and do it professionally, and objectively.
Debbie Reynolds: Absolutely, absolutely. A lot of times, they don’t know what they don’t know. We had a person that actually went out and got a cell phone for a case, and we were like, we don’t want anyone to touch it, we want the forensic people to look at it, or whatever, he thought, oh well you know, I’m smart, I know how to do this stuff. Not that he wasn’t smart, but this was not his area of expertise, and he turned this phone on, and basically, the person who had the data on the phone, had sent a command to the phone to be erased, so when they turned it on, it wiped out all the stuff.
Lee Neubecker: So they didn’t put it in a Faraday bag?
Debbie Reynolds: No, they didn’t put it in a Faraday bag, they didn’t put it in airplane mode, they went to Walgreens, got cords, stuck the cord in the thing and turned it on, and that was it.
Lee Neubecker: So then that becomes some spoliation claim against–
Debbie Reynolds: It was spoliation, yeah. Everyone thinks, oh I have a cell phone, so I can do this, and it’s like no. I think people need to understand that what you guys do is very different than what we do in eDiscovery and what a normal person who’s doing IT can do, ’cause you have a different aim in my mind, and you understand spoliation of evidence, and how to get data in the right formats, where another person would not know that ’cause that’s not their background, that’s not their training and that’s not the purpose of what they’re handling data for.
Lee Neubecker: Well I really thank you for being on the show, again, to talk about this, it’s great. I look forward to seeing you again soon.
Insurance Claims and Healthcare Coverage are ‘bots’ making the decisions?
Enigma Forensics CEO Lee Neubecker and David Bryant from Bryant Legal Group discuss computer “bots” used by insurance companies as a way to underwrite policies and making insurance claims decisions. Bots are now determining how a given claim should be scored. See how ediscovery plays a role in getting success for your client.
The transcript of the video follows
Lee Neubecker: I’m here today with David Bryant from the Bryant Legal Group and we’re going to talk a little bit about health insurance claims in his work, helping people get the coverage they deserve.
David Bryant: Nice to be here, Lee, thanks for taking the time to stop by. We’re seeing a very significant shift in the insurance industry with respect to claims adjudication and claims determinations. One way of looking at how this change is happening is to look at the dollar volume that’s being invested into underwriting insurance policies and making claims decisions. The first metric I’d like to share with you is there is a company out of Europe that did some research on money flowing into what’s now called Insurance Tech, and approximately two billion dollars went into the Insurance Tech arena in 2016. This money is being deployed into not only underwriting, but how claims are made and I think everyone out there is familiar with Watson and the new term artificial intelligence. And how that’s playing out in the insurance industry is that a lot of claims decision-making is being taken out of the hands of individuals and being given to what we’ll call “bots”, robots, or termed a “bot” in tech speak. So these algorithms which will be designed by very bright people, such as yourself, to determine what a given claim should be scored. And if there’s a certain score, then a claims individual will be required to deny that claim. This is problematic for some of the insurance companies because if it’s discovered, through the discovery process, it can wind up hurting them in litigation for bad faith denial of a claim.
Lee Neubecker: So, David, can you tell me a little bit about what you do at the onset of one of your case matters to help make sure that you could argue your case in court?
David Bryant: So there’s really two phases to insurance claims. There’s the appeal process and then there is court. If your claim is denied I can always sue an insurance company in court. Typically that’s in Federal Court. I primarily practice in Federal Court but I do State Court as well. So once I wind up in a court setting I will send a litigation hold letter to the general counsel of the insurance company and that letter secures that all of the data in its electronic format is preserved. So if I want the emails on a particular claim individuals hard drive, that information should be present when I request that information by way of that litigation hold letter. When I do discovery in Federal Court we’re looking for electronically stored information. I’m not looking for paper any longer because we’re looking to get the metadata that’s embedded in that electronic information so we can find out who looked at it, when it was looked at, when it was altered. So, Enigma Forensics having the skill set to be able to determine who touches electronic files, who views electronic files, we will bring in your firm in those circumstances when we want that type of information in litigation. Lee Neubecker: So can you give me an example of when you’ve had to rely upon our computer forensic services for us to help you out with a matter and how that played a role in getting success for your client?
David Bryant: So we handle primarily health insurance and disability insurance claims on behalf of individuals and physician groups. So one of the matters that you handled for us dealt with a disability insurance claim and we were looking for certain key words and key word phrases that were on the server or hard drives of the particular individuals at the insurance company. Being able to cull through all this data is a Herculean task and would be extremely expensive for the defendants. So the defendants will typically go to the Court and say, “Judge, this is going to cost us way too much “money and interrupt our normal course of business. “We don’t want, Mr. Bryant, to have access “to this information or put us through the trouble “and cost of doing it.” I brought in your firm and your services and you were able to explain to the judge that you could do a search of all of the information held by the insurance company and find these key words and submit them to the Court in-camera, so there was no privacy concerns, and report to the judge what your findings were. The case soon settled thereafter.
Lee Neubecker: They usually do. Well thank you for being on the show today. If you need to reach David, his info is on the screen. Thank you.
Capital One Data Breach – Interview of Data Privacy & eDiscovery expert on the fallout
Cyber Security & Computer Forensics Expert Lee Neubecker interviews Data Privacy Expert Debbie Reynolds on the fallout from the recently disclosed Capital One Data Breach that occurred following alleged hacking of the company’s data stored in the cloud. Issues discussed include an assessment of how the CEO of Capital One managed the crisis, pending charges filed against Paige Thompson and the Computer Fraud and Abuse Act in the government’s complaint filed earlier this week.
Transcript of video follows
Lee Neubecker: Hi, I’m here today with Debbie Reynolds from Debbie Reynolds Consulting and we’re going to be talking today about the recent news involving the Capital One Data Breach Thank you for being on the show Debbie.
Debbie Reynolds: Thank you for inviting me. It’s such a thrill, you’re such a joy to be around to talk to so it’s great to do this
Lee Neubecker: Well it’s great to have you here. So, trial’s expected this Thursday in the case. Can you tell everyone a little bit about what happened this week?
Debbie Reynolds: So this week is in the news that Capital One had a data breach. There was a woman who used to be, I believe she’s worked Amazon if I’m not mistaken, who had found a vulnerability in Capital One’s cloud system, and was able to obtain private or digital information on over a hundred billion customers or potential customers for Capital One so as far as I can tell they say that she may have gathered social security numbers and other private information about individuals who had even applied, who may not even be customers of Capital One, who have even applied for a Capital One credit card back as far as 2005.
Lee Neubecker: Yep.
Debbie Reynolds: So the vulnerability that was discovered and part of the reason why it was discovered was because she had apparently bragged about it on Twitter and she used her real name and so they were able to pull this stuff together. And I think the SWAT team went to her house?
Lee Neubecker: Yeah, so she was using the IP, iPredator, which is supposed to anonymize and protect you. When she was using that she created her online GitHub accounts and other accounts and it had that IP, the iPredator IP address range in her profile linked to her name. So she wasn’t really being smart about it.
Debbie Reynolds: No. So yeah, I think that she was bragging about what she had, I guess she was proud of what she had done and apparently someone who had seen something she had post on some forum contacted Capital One. This wasn’t a breach in which Capital One found out about; someone from the outside said, “Hey, this girl says that she has your data” and now it’s a really big thing.
Lee Neubecker: Yeah so now she’s charged with a computer fraud and abuse act which I think she’ll probably end up …
Debbie Reynolds: Yeah.
Lee Neubecker: Do you think she’ll get a plea?
Debbie Reynolds: She’s probably going to go to the slammer. It seems like especially when the SWAT team showed up at her house, they’re definitely going to make an example out of her with this. It’s pretty bad because I think right now the reports and what’s coming out from Capital One are different than what she said or what other people said they have. Because at one point they were saying that Capital One in their statement said that certain people’s social security numbers weren’t breached but then we know that they did get people’s social security numbers.
Lee Neubecker: It was mostly Canadian social security numbers, around a million–
Debbie Reynolds: Right.
Lee Neubecker: And then I think it was somewhere around 100,000 or so U.S. citizens.
Debbie Reynolds: Right, exactly.
Lee Neubecker: So it doesn’t necessarily impact the entirety of U.S. customers, but it still is–
Debbie Reynolds: It doesn’t, it doesn’t make you feel good. Yeah so basically over a hundred million people were touched in some way, shape or form. Even though not everyone’s personal data was taken to the same extent as everyone else, but I think this incident illustrates for us a couple of different things. First of all, they were saying that they had credit card information or information on people who had applied for credit cards going back as far as 2005. I’m not sure if they can make a justification for why they even had some of that stuff.
Debbie Reynolds: It’s first place. Especially if and I wonder what rights someone would have if they weren’t actually didn’t translate to being a customer of Capital One. The law’s kind of murky about how they should do that. I guess that’s the same issue with Equifax where not everyone who was touched by Equifax are customers of Equifax, they just happened to have their data.
Lee Neubecker: What would, how would you have advised Capital One had you gotten in there before the data breach?
Lee Neubecker: You think you might have been able to–
Debbie Reynolds: Well, you know–
Lee Neubecker: Get them in a better situation?
Debbie Reynolds: I think a lot of corporations, my view is that a lot of corporations have this mindset or business has this mindset of does it work? Does the computer work? Can I do the thing I need to do on a computer? The question that they’re not asking is is it secure? So a lot of them have a blind spot in terms of securing things because as long as it doesn’t impact their ability to work, they don’t really care how it works. So now companies have to ask how does it work? Is it secure? A lot of companies have these issues where they’re moving from internal infrastructure to the cloud and we know that the cloud infrastructure would typically be more secure quote unquote than someone’s on premise infrastructure but that all depends on how it was configured. The vulnerability that this woman was able to exploit in Capital One had to do with how the permissions and things were configured on a cloud infrastructure.
Lee Neubecker: And she had worked in that environment.
Debbie Reynolds: Right. So she had a little bit of extra insight–
Debbie Reynolds: Exactly.
Lee Neubecker: In this process.
Debbie Reynolds: Exactly. But I don’t know if you probably run into the same thing where you’re having clients that have cloud issues and they may feel more secure in themselves. Okay, we think our native is more safe than the cloud, not to say that the cloud is not safe, but if we have someone who doesn’t know how to fill those gaps and stop those vulnerabilities, it could be a huge problem.
Lee Neubecker: What do you think of the CEO’s response from Capital One?
Debbie Reynolds: I saw CEO’s response. I don’t know, someone needs to do a series about this where you compare all the response letters from these data breaches or whatever.
Lee Neubecker: That’s a great idea.
Debbie Reynolds: Not a bad response at all. I think the danger though is there may be an issue with consumer confidence obviously because no one wants their data breached, but if the things that are being said by the CEO or other leadership it becomes evident that it’s different than what actually happened, that’s going to be a problem.
Lee Neubecker: Yeah, cool.
Debbie Reynolds: I think rushing, the desire is to rush. To put out as much information as you possibly can but already the news reports are contradicting what the company is saying about what was actually breached.
Lee Neubecker: Well the complaint is available, I’ll post that on my website as well.I read the complaint and there’s a lot of detail in there and you’re right, in the news story they’re talking about Amazon cloud, they talk about a company that presumably is a subsidiary of Amazon inside the complaint.
Debbie Reynolds: Right.
Lee Neubecker: But they didn’t specifically mention Amazon in the complaint.
Debbie Reynolds: No, no so it’s going to be customers when they feel like they’ve had a data breach they definitely want, you know there’s attention that has to happen where the company wants to be as forthright and forthcoming as possible about what’s happened, but the facts may still be rolling out.
Lee Neubecker: Yeah.
Debbie Reynolds: The drip, drip, drip of it all may be tough I think.
Lee Neubecker: But I thought at least it was good that they public acknowledged it. It didn’t take forever to acknowledge it.
Debbie Reynolds: Oh, right exactly.
Lee Neubecker: And apologize, I mean–
Debbie Reynolds: Oh, absolutely. It does goes a long way–
Lee Neubecker: They just did that so I applaud them for not–
Debbie Reynolds: Absolutely.
Lee Neubecker: Sitting on it like Equifax.
Debbie Reynolds: Right. They didn’t say, “Well I’m sorry that you were hurt or you felt hurt,” or something where it’s like oh yeah, you know there is harm there so you might as well acknowledge it and try to at least be forthright about what you know and we know it.
Lee Neubecker: And from what I read too, not all of the data, some of the data was tokenized but there were birth dates, there were some socials. Debbie Reynolds: Right.
Lee Neubecker: And some other information that certainly if that were you or me, well we’re kind of becoming used to this all the time. It’s sad, but.
Debbie Reynolds: Right, well I mean and what we’re seeing, what I’m seeing, what companies are trying to argue in the U.S. having to do with data privacy is if you put, let’s say you’re on Facebook and you say, “Hey, today’s my birthday!” You know so if Lee puts his birthday on Facebook, is Lee’s birthday private? So let’s say you’re a Capital One customer, they could argue you know your birthday is not private because you put it on Facebook. That’s going to be an interesting theme.
Lee Neubecker: Well thanks so much for being on the show today.