Category Archives: Digital Forensics


Risk or Reward? The importance of SOC 2

Risk or Reward? The importance of SOC 2

By: Josh Markarian on August 9, 2017

As legal technology and advancements within areas such as cloud technology and software-as-a-service, clients are facing increased pressure to make sure their data is safe. Many companies resort to third party vendors to outsource services such as preserving and collecting ESI.

Unfortunately, recently third party vendors have been the source of some ugly data breach scenarios which can cause detrimental damage to both the client and the vendor. Not only will your reputation take a toll but you make encounter lawsuits and other large fines.

Service Organization Control “SOC” Reports

To best understand the implications of SOC Reports its best to understand the different types of SOC reports:


Type 1:  focuses on a description of a service organization’s system and on the suitability of the design of its controls
Type 2: contains the same opinions as a type 1 report with the addition of an opinion on the operating effectiveness of the controls


Focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Type 1: focuses on suitability of the design of a service provider’s controls over data
Type 2: centers on operating effectiveness of these controls.


Summary of a SOC 2 audit normally used for marketing purposes. There are less details in this report.

Why do you need a SOC 2 verified vendor?

The SOC 2 audit provides additional assurance regarding vendor controls that relate to operations and compliance relevant to one or more of the following five principles: security, availability, processing integrity, confidentiality and privacy. Not only will you be able to assure your clients of the safe guarding of their data, you will be able to comply with all of the data privacy and security laws.

TERIS | SOC 2 compliant with the highest level of security

Every employee HIPPA certified
Fingerprint reader for building entry
24/7 security surveillance cameras
Data stored in server room with a bank vault

vaultteris glass

E-Discovery preparation and permenance

Document review has become a major profit service for law firms. This gives an inlet to new technologies that allow smaller law firms to take clients they would never normally be able to handle. Additionally, E-Discovery takes the responsibility out of the domain of Industry Titans Instead of making them enlist a large pool of high cost attorneys. This has created scalability that is leveling the playing field in litigation services. Litigation services are crucial to consult even before a lawsuit or any type of litigation takes place. Third party E-Discovery support allows small and mid-sized firms to keep rates low and quality high in order to compete with Industry titans. This is largely achieved through pooling associates when needed and providing IT systems to keep up with demand.

For this system to work smoothly for boutique competitors These Services help to implement; Preparation tactics, document reduction policy, Data mapping assistance, internal investigation, and frequency Data management needs. Third parties also help smaller firms by exploiting their ability to use review software and hire review teams as needed, without carrying infrastructure and head count costs year round. Another added benefit of the E-Discovery industry is the displacement of the larger Discovery firms. These firms often work with current small outside counsel and just handle discovery, but end up taking whole case.

Third parties use SAAS or service as a solution for optimal price scaling on the fly so that production of evidence and overall cost control stay within reasonable boundaries. Working with third party litigation services is also important post litigation. Working with your provider you can easily identify pain points in order to avoid similar occurrences in the future. Lastly Document review is done by custodians and forensic analysts. Making sure that your company aligns with the decisions made by these key players ensures a continuous feedback loop and results in better preparation for any type of litigation activity in terms of quality and validity.

All of these factors point to the fact that the E-Discovery isn’t going anywhere, Instead it is rapidly expanding. Data mapping assistance, internal investigation procedures, and technology migration provide robust business development opportunities downstream for legal work. As the usage of electronically stored information (ESI) increases, inevitably so will the mid-sized firms assigned to handle the tasks that are an externality of this data. If A firm adopts a third party litigation service and educates staff on the risks of their electronically stored information they are much less likely to end up spending superfluous amounts on the costs listed above than if the litigation was never outsourced in the first place.

Everything You Need To Know About The Arkfeld Conference 2016

One of the most important digital conferences in Arizona will be starting shortly. The ASU-Arkfeld eDiscovery and Digital Evidence Conference will take place in the Armstrong Hall on March 9-11, 2016, making it the fifth to date The three exciting days at ASU campus in Tempe will include stimulating information about the newest issues affecting electronic information, information governance and data analytics.

So what is The Arkfeld Conference? If you haven’t been following the latest news, The Arkfeld Conference is an annual conference taking place at the Sandra Day O’Connor College of Law. It is a Program run by attorney, author and educator, Michael Arkfeld, who believes that digital advances are very important to law professionals. William Kellerman describes Arkfeld as the ”intersection of law and technology”, in order to ensure effective education and competency among legal professionals.

Last year’s conference attracted over 150 professionals, including attorneys, service providers and counsel. The theme of ”Know the Law, Know the Technology” discussed a variety of eDiscovery issues and allowed a wide array of ideas and valuable networking opportunities for those attending.

At the fifth annual conference, Arkfeld has undertaken the theme, ”Respect the Past. Understand the Present. Shape the Future.” It will be intriguing to see exactly what technological advances will take place in order to shape the future. Some of the highlights advertised by Arkfeld include mock demonstrations on eDiscovery, as well as insights from some of this year’s featured speakers.

This is where we will be hearing from some interesting voices, including U.S. District Judges Shira Scheindlin of New York, Craig B. Shaffer of Colarado, and Xavier Rodriguez of Texas. Furthermore, we’ll be hearing insights from Technologist Steve Watson from Intel Corporation and the Associate Dean of WP Carey School of Business at ASU, Michael Goul. TERIS continues to be a long time sponsor of the Arkfeld Conference.

To register:

The Evolution of Digital Forensics – Part 3

8036a634-0bd3-451a-890f-df5f6a756c2cProfessional Responsibilities

Forensic experts must exercise considerable caution when approaching digital evidence, since there is some legal argument that any opened computer file has already been tampered with, changing its content and thus the quality of the information (evidence) it provides.  Developing and maintaining professional competence is necessary to assure:
  • all the appropriate evidence is recognized and collected,
  • irrelevant materials are also recognized and discarded, and
  • accurate assessment of the data’s meaning in relation to evidentiary requirements.

Improper handling or examination can be sufficient to eradicate, damage or alter digital evidence.  Failure to take the proper precautions or demonstrate suitable professional acumen can not only challenge, but potentially ruin, a digital report or presentation.  Thus, the forensic practitioner’s job description exceeds mere expert collection of evidence.

However, an evidentiary trail exists for every activity launched online, every digital step taken, every document drafted or deleted.  Each can be tracked with relative assurance by using digital forensics.

Most essential is:

  • collecting and securing data without corrupting or compromising their content,
  • assuring no critical data is withheld.
  • exercising due diligence and appropriate professional skill during data analysis, interpretation, documentation and preservation, and
  • developing suitable electronic disclosure strategies for courtroom application, involving collaboration with attorneys and paralegals.

If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

The Evolution of Digital Forensics – Part 2

8036a634-0bd3-451a-890f-df5f6a756c2cTypical Cases Requiring Forensic Assistance

Digital forensics provide attorneys a verifiable avenue of document discovery and attribution.

In legal cases, digital forensics have valuable applications for both the prosecution and the defense.  Digital evidence is useful for a significant range of circumstances; among the most pertinent are:

  • Banking/embezzlement/securities theft.
  • Child pornography.
  • Elder abuse/exploitation.
  • Excessive/illegal phishing.
  • Fraud/illicit use of eCommerce.
  • Hacking/malware/spreading of viruses.
  • Identity theft.
  • Illegal online purchases/related theft.
  • Intellectual property theft.
  • Stalking/cyber-stalking.

Each of these crimes requires recovery of specialized data and materials.  Digital forensic experts need to be adept at the entire range of these cases.

In commercial law, digital forensics generates solutions for detecting and recovering stolen business secrets or customers.  While prosecutors can use digital forensics to attribute guilt to alleged cyber-criminals, legal defendants can similarly apply electronic discovery to demonstrate their innocence.  Disproving oppositional claims can save individuals or corporations money, reputation, and incarceration.

Look for additional information on the Evolution of Digital Forensics – Part 3. If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

The Evolution of Digital Forensics – Part 1

8036a634-0bd3-451a-890f-df5f6a756c2cThe Evolution of Digital Forensics – Part 1

The unprecedented growth of digital forensics is a natural outcome of computers expanded use in virtually every sphere of human activity.  Digital forensics investigates computer-originated crime, through application of an evolving range data recovery tools and related forensic software.  All digital devices, including mobile tablets and smartphones, can be subjected to forensic exploration and assessment.

Among evidence essential to digital forensics are:

  • the time/date a file was created,
  • the last time it was accessed, written, edited and saved, and
  • if the accused actually saw the material.

These factors can provide a picture of whether a particular individual was genuinely involved in an alleged crime and if not, who else might have been.  They also determine if incriminating evidence is authentic or was planted to implicate a person or firm.

Digital Forensics in Use

The Basic Process

Expertly implemented, suites of forensic software find deleted emails and files, as well as erased images and details of Internet history and use, thought to be irrevocably lost.  In this way, materials

  • accidentally misplaced,
  • purposefully hidden, or
  • perhaps unlawfully destroyed can be retrieved and used as evidence in criminal cases, if necessary.  In addition to recovering such evidence, appropriately enacted digital forensics also:
  • authenticate the material to ensure it was created during the period of the alleged criminal activities, and
  • evaluate its relevance to the legal case under consideration.

Look for additional information on the Evolution of Digital Forensics – Part 2 and Part 3. If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

Cost Control: Digital Forensics – Part 3

Cost ControlTo understand when and where to spend money on digital forensics, it is important to understand first what you are buying, then understand when it should be used. Stages 1 – 3 are covered in Digital Forensics – Part 1 Acquisition (collection) and Part 2 Analysis.

Mobile Devices

Mobile devices is not a “stage” but they are a special consideration.  Mobile devices can provide a wealth of unique information such as gps and location tracking, call logs, SMS information, pictures and other data that may not be available elsewhere.  Mobile data in the form of SMS aided in the exoneration of Patrick Lumumba in the murder of Meredith Kercher.  Eoghan Casey. ed. Handbook of Digital Forensics and Investigation.

Recommendation:  Mobile device collection is very costly yet the data contained on them is very elusive.  If there is a reasonable chance that there is unique data you will need then an image of the device is recommended.

Look for additional information in Digital Forensics – Part 1 and 2If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

Cost Control: Digital Forensics – Part 2

Cost ControlTo understand when and where to spend money on digital forensics, it is important to understand first what you are buying, then understand when it should be used. Stage 1 Acquisition (collection) is covered in Digital Forensics – Part 1.

Stages 2 and 3

Stages 2 and 3 are treated together because analysis without reporting is not particularly helpful.  Analysis is the process by which forensic experts utilize a variety of techniques and technologies to recover data and interpret the results.  This goes beyond your typical ediscovery processing of known and obvious data and is a specialized service only done by very skilled professionals—ideally.

“The evidence recovered is analyzed to reconstruct events or actions and to reach conclusions, work that can often be performed by less specialised staff. When an investigation is complete the data is presented, usually in the form of a written report, in lay persons’ terms.”  M Reith, C Carr, G Gunsch, “An examination of digital forensic models”. International Journal of Digital Evidence.

Recommendation:  This is an expensive service.  Before purchasing, be sure that you cannot gain the same results through “standard” ediscovery processing and review.  If you find that you do need this service, carefully consider your provider for proper qualifications and certifications.  An important heuristic if you move forward with analysis is to narrow the scope as much as possible.  Carefully consider which custodians and devices should be analyzed.  While you do not want to miss anything important, irrelevant or repetitive information can cause costs to soar to astronomical levels.

Look for additional information in Digital Forensics – Part 1 and 3If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

Cost Control: Digital Forensics – Part 1

Cost ControlWithin the last decade, use of digital forensics has drastically increased.  The reasons for this are numerous, from mining to investigation to simple preservation as an insurance policy against future litigation.  To understand when and where to spend money on digital forensics, it is important to understand first what you are buying, then understand when it should be used.  This is a very brief treatment of those questions.

Digital forensics occurs in stages and understanding which stages need to occur in a given case is important and potentially will save you or your client from overspending.  “A digital forensic investigation commonly consists of 3 stages: acquisition…analysis, and reporting.”  Casey, Eoghan, Digital Evidence and Computer Crime, Second Edition.

Stage 1

Acquisition (collection) “involves creating an exact sector level duplicate (or “forensic duplicate”) of the media, often using a write blocking device to prevent modification of the original. Both acquired image and original media are hashed (using SHA-1 or MD5) and the values compared to verify the copy is accurate.”  Maarten Van Horenbeeck. “Technology Crime Investigation”, May 2008.  Targeted forensic collections can also occur that net specific data such as email.  Targeted collections are the most common and often the most useful scenario.

Acquisition is the most common digital forensic procedure because it leads to others by necessity.  This is also generally the least expensive stage.  Even if stages two or three are never reached, collection can provide an excellent insurance policy or negotiation tool to parties who are or could possibly become involved in litigation.

Recommendation:  If you are or expect to be involved in litigation, by all means do either a targeted or full forensic collection as circumstances warrant.  This is a fairly low cost hedge against spoliation or loss of important data that could be critical to your cause.  Targeted collections, if they are sufficient for the matter, are preferable.

Look for additional information in Digital Forensics – Part 2 and 3If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

Digital Forensics Basics – Part 2

Forensics or Forensic Science as a Concept

Digital forensics is commonly used in conjunction with computer forensics to either support or refute a possible hypothesis being considered during an investigation. By using digital re-enactments and creating similar conditions through digital means, investigators can reproduce an event in great detail. They can also add variables that can help to determine time, duration and location when those elements would otherwise remain unknown.

While it is not fool proof, a digital recreation of an event can shed valuable light on a crime scene that may have been overlooked by the initial investigation. By taking known elements and combining them with computer generated graphics and animation, an investigator can digitally enhance or reproduce images that may be too grainy or blurred when looked at with the naked eye.

To create a digital recreation of an event or moment in time, an investigator must enter every detail into the software. When an investigator starts with what is known, he or she can add variables to produce possible outcomes. This can create accurate time lines and all show a pattern of activity if a crime was committed over several months time.

Digital forensics is a virtual playground when it comes to tools and techniques. With the right training, a technician can literally re create something with a few key bits of information.

If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button