News from 2009
Compliance in Privacy and Data Security: How to Avoid Liability
COLUMBUS, OH (DECEMBER 2, 2009)—Interhack computer scientist C. Matthew Curtin co-presents Compliance in Privacy and Data Security: How to Avoid Liability with privacy attorney Benita Kahn of Vorys, Sater, Seymour and Pease LLP at the Columbus Bar Association on December 14, 2009.
Attorneys will learn both legal and technical aspects of preparing for and responding to data breaches, including recent settlements and legal and technical considerations for creating an incident response and data security program in an organization.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Using Information to Focus Resources in Litigation
OCTOBER 23, 2009—Electronic evidence not in traditional “document” form may remain untapped for the lack of someone who understands how it may be used. Interhack computer expert C. Matthew Curtin presents Using Information to Focus Resources—When, Why, and How to Use Computer Experts for continuing legal education credit (CLE) at the Columbus Bar Association on December 9, 2009. By means of examples from major cases that included consulting and opinion rendered by a computer science expert, Curtin discusses
- the types of data that may be relevant to litigation,
- how the information should be managed,
- how litigators can know what really is possible and defensible when a producing party claims that the information cannot be used in some particular way, and
- how producing parties can live up to their legal and ethical obligations without giving the keys to the kingdom to requesting parties.
Successful argumentation requires mastery of the facts. Both plaintiff's and defense counsel benefit by understanding the breadth of information types and their possible uses in litigation.
Legal professionals who would like to participate may register at the Columbus Bar Association Web site.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Preparing for a Data Breach: Three Questions Every CIO Needs to Answer
COLUMBUS, OH (NOVEMBER 24, 2009)—Interhack releases Incident Handling: When the Breach Occurs for chief information officers. It's not a matter of if but when a breach occurs. Prepared CIOs will know the answer to three smart questions before the data loss.
Download the article and also learn
- why data loss incidents are not technical problems,
- what risks are posed to the CIO,
- how effective incident response is a cross-discipline effort, and
- what are the critical elements to incident response.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Prepare for and Respond to Data Breaches
COLUMBUS, OH (DECEMBER 1, 2009)—Interhack rolls out incident response services for executives and attorneys across the country. Reputation is made or broken not on whether an incident takes place, but on how well it is handled. Interhack computer experts help corporations and their counsel prepare for and respond to data loss incidents.
Prepare
It's not a matter of if but when a data breach will occur. Interhack expert consulting can ensure that critical issues have been identified and that necessary steps to address them have been articulated. Incident response drilling prepares technology, legal, human resource, and operations departments to work together whether responding to a data breach or a litigation hold.
Respond
Engage Interhack to determine whether unauthorized access has happened, identify affected individuals, and preserve relevant data.
Prevent
Organizations that would rather not see their brand in the headlines with the words "data breach" engage Interhack experts to assess the security of the private information they process and store.
Beginning in 1997, Interhack research has shown how information systems both fail and succeed to secure the privacy of information. That expertise is applied today at the intersection of law and technology—in response to data loss. Contact us to discuss applicability to your situation and pricing.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Using Science to Combat Data Loss: On the East Coast
OCTOBER 23, 2009—Interhack continues to use science in the battle against data loss. In the spring of this year, C. Matthew Curtin, co-author of the study Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry unveiled the original Interhack research at the RSA Conference in San Fransisco, California. This fall, co-author Lee T. Ayres presents findings on the East Coast at the Computer Security Institute (CSI) 2009 Annual Conference in Washington, D.C.
In the study, Ayres and Curtin propose a taxonomy for classifying data loss incidents with public information. Examining publicized data breaches by type and industry, they find significant results for Finance, Education, Public Administration, and Health Care.
Lee Ayres presents findings on Tuesday 27 October at 4:00PM EDT at the CSI 2009 Annual Conference held at the Gaylord National Conference Center in Washington, D.C.
Where to Get the Study
The research paper Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry is published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society. The I/S Journal is an interdisciplinary journal of research and commentary, concentrating on the intersection of law, policy, and information technology. It represents a one-of-a-kind partnership between one of America's leading law schools, the Moritz College of Law at The Ohio State University, and the nation's foremost public policy school focused on information technology, Carnegie Mellon University's H.J. Heinz III School of Public Policy and Management.
Subscribe to the I/S Journal or download a copy of the paper from Interhack's Web site.
Schedule An Interhack Program in Your Organization
Interhack presents applications of computer science to business, technical and legal audiences around the country. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com
Computer Science Expertise for the Defense
September 24, 2009—Interhack Corporation continues to showcase its computer expert services at national legal associations in 2009. On October 8-9 the company returns to the Defense Research Institute (DRI), exhibiting at the Annual Meeting in Chicago, Illinois. Attorneys understand that successful defense requires mastery of the facts. When the facts are electronic, they can rely on Interhack computer experts to deliver unassailable opinion.
Interhack Founder and computer expert C. Matthew Curtin will be on hand at the DRI Annual Meeting. In the spring of 2009, Curtin presented Discovery Beyond Documents at the DRI Medical Liability and Health Care Law seminar in Buena Vista, Florida. Defense attorneys, corporate and in-house counsel, and others heard Curtin's account as a computer science expert in a wrongful death case that hinged on interpretation of electronic information. The audience learned how data in electronic medical records differ from the electronic documents that we're most used to and what that means for discovery. They also learned how and when to use an expert in such cases and how to be prepared for discovery… beyond documents.
Curtin has been presenting Interhack's latest research Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry to business leaders and attorneys from around the country. Most recently, he spoke at the Information Security Committee of the ABA Law and Technology Section, showing how industries lose data differently. Attorneys interested in helping corporate clients prepare for, prevent, and respond to data breaches will visit Interhack at booth 501 at the DRI Annual Meeting exhibition.
Interhack provides expert analysis and education to attorneys dealing with electronic information in legal proceedings. The company will provide some of those resources at the DRI Annual Meeting, including
- analysis of the use of electronic medical records in litigation,
- how to drill legal and information technology departments to prepare for litigation and other information security incidents, and
- continuing legal education sessions that demonstrate the use of electronic information in a variety of litigation settings, from criminal defense to class action civil litigation.
Courts and attorneys around the country rely on the opinion of Interhack computer experts when the facts of a case are electronic. Attorneys attending the DRI Annual Meeting this year have the opportunity to discover their secret weapon—unassailable opinion delivered artfully by Interhack.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Where Law, Technology and Risk Management Converge
SEPTEMBER 11, 2009—Interhack Founder C. Matthew Curtin speaks at the Information Security Compliance and Risk Management Institute (ISC/RMI) in Seattle, Washington on September 16, 2009. Based on original Interhack research, Curtin shows how to use science to combat data loss. Attorneys, business leaders, and risk managers will learn about the impact of breach notification law on analysis of data loss incidents, and how such analysis can be used to assess likelihood of incidents.
In their recent research paper Using Science to Combat Data Loss: Analysis of Breaches by Type and Industry, Curtin and Interhack Senior Analyst Lee T. Ayres created a taxonomy for the hierarchical classification of data losses. They applied it to a set of data breaches accumulated by the Identity Theft Resource Center. Curtin and Ayres classified breach events according to industry sector using the 2002 North American Industry Classification System (NAICS). They discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors.
The paper was published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society.
About ISC/RMI
ISC/RMI brings IT and information security professionals, attorneys, and auditors together with concerned academics and public officials for two days of discussion and advanced learning about the arts, sciences, and laws of electronic information and IT use and protection. The 2009 topic is The Changing Environment of Information Security: Dealing with New Technologies, New Threats, and New Laws.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing. Founded in 2000 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust. Today the firm has clients all over North America. Additional information about Interhack is available at web.interhack.com.
Why Information Security is More Than a Technology Issue
AUGSUST 10, 2009---Interhack Founder C. Matthew Curtin addresses IT leaders from Central Ohio and beyond at the CIO Solutions Gallery Security Summit: Challenges To Our Future State Of Readiness. Based on original Interhack data breach research, Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry, Curtin outlines a pragmatic approach to building an information security program that works today.
In Using Science to Combat Data Loss, Interhack proposes a taxonomy for classifying data loss incidents with public information. Led by Curtin, Interhack has examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care. The study is published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society.
The CIO Solutions Gallery is an internationally acclaimed Executive Education open enrollment program offered through the Ohio State University Fisher College of Business in Columbus, Ohio. Attendance is by invitation only.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing. Founded in 1997 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust. Today the firm has clients all over North America. Additional information about Interhack is available at web.interhack.com.
For media inquiries, please contact Abby Park at +1 614-545-4225 or abbyp@interhack.com.
Interhack Founder Matt Curtin Discusses the Future of Data Loss at IT Value Studio
Interhack Founder Matthew Curtin joins futurist Thornton May at his sixteenth IT Value Studio in Jacksonville, Florida to discuss The State of Data Loss. Curtin sheds light on the future of data loss by presenting findings from a study of data breaches he co-authored and released earlier this year. The study, Using Science to Combat Data Loss: Analyzing Breaches by Type and Industy, revealed how major industries lose data differently.
Value Studio 16 is convening some of the brightest people on this planet to examine The State of...: Where Are We Today & Where Are We Going. Curtin will present along with the former CIO at Pepsi & Dell - Jerry Gregoire; Director of Operations Research at McDonald's - Mike Cramer; gaming gurus J. C. Herz and Thomas Fenady - Sr. Director, Information Technology at Activision | Blizzard; and the CTO at OnStar- Sanjay Khunger. Attendees can expect an animated discussion of what in the world is going on and what we can do about it.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Contact us if you would like to discuss application of Interhack's research in your business or law practice.
Interhack Exhibits Computer Expert Services at American Bar Association Expo
JULY 30, 2009—Interhack showcases its computer expert services at the American Bar Association (ABA) Annual Meeting and Expo in Chicago, Illinois, on July 31–August 1, 2009. Attorneys understand that successful argumentation requires mastery of the facts. When the facts are electronic, they can rely on Interhack computer experts to deliver unassailable opinion.
During the event, Interhack Founder and computer expert C. Matthew Curtin will speak at the Information Security Committee of the ABA Law and Technology Section about original Interhack data breach research, Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. He will show how industries lose data differently and how attorneys who understand the legal implications can help corporate clients prepare for and prevent data breaches.
In the Expo, Interhack provides resources and education to attorneys dealing with electronic information in legal proceedings. Interhack resources include
- analysis of the use of electronic medical records in litigation,
- how to drill legal and information technology departments to prepare for litigation and other information security incidents, and
- continuing legal education sessions that demonstrate the use of electronic information in a variety of litigation settings, from criminal defense to class action civil litigation.
Courts and attorneys around the country rely on the opinion of Interhack computer experts when the facts of a case are electronic.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Interhack Senior Analyst Lee Ayres Appears on Information Security Panel
Interhack Senior Analyst Lee Ayres appears on an information security panel at a TechColumbus Breakfast Series event. Lee explained What We Learn from Analysis of Data Breaches based on research he coauthored with Interhack founder Matthew Curtin.
The research introduces a taxonomy for classifying data loss incidents with public information. Using the taxonomy, Interhack has examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care. A firm understanding of the rates at which types of breaches occur, proportionate to one another, helps with the distribution of limited security budgets, by helping guide the expenditure of capital to where it will have the greatest impact.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Contact us if you would like to discuss application of Interhack's research in your business or law practice.
Interhack Exhibits at Ohio State Bar Association Annual Convention
Interhack returns to the Ohio State Bar Association's Annual Convention in Cleveland, Ohio, on May 13-15, 2009. The company showcases its computer expert services. Attorneys understand that successful argumentation requires mastery of the facts. At Interhack's exhibit booth, they get to know how to use computer experts with litigation experience when the facts are electronic.
Resources provided include analysis of the use of electronic medical records in litigation, how to drill legal and information technology departments to prepare for litigation and other information security incidents, and continuing legal education sessions that demonstrate the use of electronic information in a variety of litigation settings, from criminal defense to class action civil litigation.
All analysis is performed by Interhack computer experts, whose opinion courts around the country rely upon to render sound decisions in cases where electronic information is material.
Schedule An Interhack Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Data Breaches Vary by Industry
Study Shows Finance, Education, Healthcare, and Government Lose Sensitive Personal Data Differently
APRIL 23, 2009—Proposing a taxonomy for classifying data loss incidents with public information, Interhack has examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care.
“We discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors.” Matthew Curtin, founder of Interhack and co-author of the study said. Curtin and Interhack Senior Analyst Lee Ayres created the taxonomy for the hierarchical classification of data losses and then applied it to a set of data breaches accumulated by the Identity Theft Resource Center. Curtin and Ayres classified breach events according to industry sector using the 2002 North American Industry Classification System (NAICS).
The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration's proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.
The taxonomy and data breach study have many applications. For one, finding likelihood of security incidents has been a sort of guessing game for information security practitioners. “We believe we can make a science of finding likelihood and helping defenses to be properly focused,” Curtin said. “We have the analytical tools, and we see promise in the approach.”
Curtin unveils the taxonomy and data breach study at RSA Conference 2009 in San Fransisco, California on April 23 in the presentation Using Science to Battle Data Loss: Analyzing Breaches by Type and Industry.
Where to Get the Study
The research paper Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry is being published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society. The I/S Journal is an interdisciplinary journal of research and commentary, concentrating on the intersection of law, policy, and information technology. It represents a one-of-a-kind partnership between one of America's leading law schools, the Moritz College of Law at The Ohio State University, and the nation's foremost public policy school focused on information technology, Carnegie Mellon University's H.J. Heinz III School of Public Policy and Management.
Subscribe to the I/S Journal or download a copy of the paper from Interhack's Web site.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing. Founded in 1997 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust. Today the firm has clients all over North America. Additional information about Interhack is available at web.interhack.com.
For media inquiries, please contact Abby Park at +1 614-545-4225 or abbyp@interhack.com.
Interhack Presents Hands-On Incident Response Testing at RSA 2009
On April 21, Interhack founder Matthew Curtin and Cleveland Clinic Data Security Administrator Keith Fricke present a new development in preparing organizations to address high-risk situations like information security incidents and litigation at RSA Conference 2009.
Curtin and Fricke present on the use of live drills to help organizations to respond effectively when the time comes to act. They bring together such diverse resources as IT, Legal, and Public Relations to test an organization's capability to respond to such issues that could become disasters if improperly handled. Testing scenarios include data breaches, insider misconduct, litigation holds and electronic discovery requests. The testing includes hands-on data collection and analysis, reporting of activity, and cross-examination of tools and techniques through mock depositions. Scenarios are developed to address the particular needs of the organizations being tested.
Hands-On Incident Response Testing will be presented at 3:00 P.M.–3:50 P.M. at The Moscone Center in San Fransisco, California where RSA Conference 2009 is being held.
For more information about hosting live incident response drills for your organization, contact Interhack.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Based in Columbus, Ohio, Interhack supports clients all over North America. Additional information about Interhack is available at web.interhack.com.
Interhack Speaks at Regional International Legal Technology Association Event
Interhack Senior Analyst Lee Ayres speaks at the International Legal Technology Association (ILTA) regional event in Columbus, Ohio on April 20, 2009. Lee will discuss identification, preservation and collection of data in litigation, the second and third stages of the Electronic Discovery Reference Model.
Lee helps attorneys in litigation understand how to make use of the systems and data available to them as evidence. Lee also builds custom software to analyze data in legal proceedings. His work is used by Interhack expert witnesses to find the right questions to ask and the best answers science can provide.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please for rates and availability. us
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission.
Established in 2000, Interhack Forensic Computing helps in-house counsel, incident response teams, law enforcement agencies, and law firms establish facts that can be used in litigation or criminal prosecution.
Additional information about Interhack is available at web.interhack.com.
Perfecting Incident Response
Interhack Senior Analyst Lee T. Ayres discusses the merit of live incident response drilling in a presentation to the The Association of Telecommunications Professionals at their next meeting on April 8, 2009.
The meeting begins at 8:30 A.M. and ends with lunch. It is open to members and non-members who may register online.
Practice Makes Perfect
Many organizations now have plans for handling “incidents” in their organization—a loss of confidentiality, integrity, or availability of an important resource. How well those plans will work, though, can be anybody's guess.
For good reason, incident response training is standard operating procedure in police, fire fighting, and the military. In business, incident response training can run the gamut from tabletop scenarios over the lunch room table to full mock events using real servers and personnel. Drawing on Interhack's experience running live drills with their clients, Lee T. Ayres will relate the process of planning for, executing, and cataloging the lessons from incident response drills and how to communicate the value of these drills to your business.
For more information about hosting live incident response drills for your organization, contact Interhack.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. Additional information about Interhack is available at web.interhack.com.
Uses and Limits of Forensic Data Analysis
Computer expert Matthew Curtin explains how to prepare electronic evidence that can stand up to the defense. He presents Uses and Limits of Forensic Data Analysis to the Ohio Investigators Association on March 25, 2009 in downtown Columbus, Ohio.
The real world is considerably more complicated than portrayed on television and even by vendors of tools for forensic data analysis. What happens when an investigator uses evidence to draw conclusions that might be challenged by a forensic computer scientist hired by the defense? Using examples from his own practice, Curtin will discuss cases that turned unexpectedly against prosecutors and offer advice for ensuring that when charges are made, they're made properly, and they can withstand defensive analysis.
The investigators will take back an Introduction to Forensic Computing written by Curtin and published in the Information Systems Control Journal.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission.
Established in 2000, Interhack Forensic Computing helps in-house counsel, incident response teams, law enforcement agencies, and law firms establish facts that can be used in litigation or criminal prosecution.
Interhack is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.
Discovery Beyond Documents
Interhack founder Matthew Curtin presents Discovery Beyond Documents at the Medical Liability and Health Care Law Seminar for the Defense Research Institute (DRI) on March 12, 2009. Defense attorneys, corporate and in-house counsel, and others will gather to hear Curtin's account as a computer science expert in a wrongful death case that hinged on interpretation of electronic information. The audience will learn how data in electronic medical records differ from the electronic documents that we're most used to and what that means for discovery. They will also learn how and when to use an expert in such cases. Finally, counsel will learn how to be prepared for discovery beyond documents.
This seminar will be held in Lake Buena Vista, Florida. You can register online at the DRI Medical Liability and Health Care Law seminar Web site.
Abstract
When medical liability is in question, clinical system activity and clinicians' electronic notes can be used in ways that no paper documents can. Matthew Curtin, a technologist, writer, and entrepreneur, has faced these issues as a computer expert working in litigation since 2000. Using examples from his practice, Curtin will show the difference between data and metadata, the kinds of information available beyond electronic versions of "documents," and how computer science can be applied to answer important questions. Points to consider for records management will be offered to help organizations maintain appropriate information without allowing opposing experts the opportunity to go on fishing expeditions.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.
Asking the Right Questions: Forensic Analysis of Data, or How to Make BlackBerry Data Hearsay
Interhack founder C. Matthew Curtin and Interhack Senior Analyst Lee Ayres demonstrate how easily BlackBerry data can be falsified such that an investigator using available tools wouldn't be able to tell.
Abstract
Tutored by television crime dramas, many people have come to assume that electronic information is always what it appears to be on its face. This is, in fact, the forensic version of a longstanding tendency that people have to believe anything that comes from the computer, no matter how absurd.
We will consider a brief history of the forensic analysis of data, showing what is and is not possible with various types of electronic information. Drawing from our own practice in high-stakes criminal and civil adjudication, we will illustrate the difference between knowledge and understanding—and how failing to recognize the difference can prove disastrous.
In the second half of this presentation, we focus on the forensic analysis of mobile devices, with particular emphasis on BlackBerry devices. We will present for the first time original research undertaken at Interhack and perform a demonstration showing how standard forensic tools, including Secure View and Paraben, will fail to detect implanted and backdated data in BlackBerry devices.
Appearances
- December 12, 2008—Cleveland, Ohio chapter of Infragard
- This meeting is open to the public.
- February 25, 2009—Central Ohio chapter of Infragard
- This meeting is open to the public. It will be held from 9:00AM-12:00PM at Highlights for Children, 1800 Watermark Drive, Columbus, Ohio 43215. Please RSVP if you would like to attend.
Schedule This Program in Your Organization
Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.
About InfraGard
Information about the mission of InfraGard can be found at www.infragard.net.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission.
Established in 2000, Interhack Forensic Computing helps in-house counsel, incident response teams, law enforcement agencies, and law firms establish facts that can be used in litigation or criminal prosecution.
Interhack is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.
The Next Twenty-Five Years in Computer Science
Interhack Founder Matthew Curtin will speak at the next Franklin University Tech Connect event about the future of computer science. He will show students and community members how to stay relevant in a world where information technology is ever-changing.
This Tech Connect event will celebrate the 25th anniversary of Franklin University's Computer and Information Sciences Program. It will be held on Monday January 26, 2009 from 5:30PM to 7:30PM in the Ross Auditorium on Franklin University's main campus downtown at 201 S. Grant Avenue. The event is open to the public. Read Franklin's news release for more information and to RSVP.
Abstract
The rapid pace of Information Technology has become an article of faith for many. While we are surrounded by new products and new versions of products, all of these rest upon common foundations established decades earlier. A firm grasp of computer science theory can make the difference between a frustrating career spent always attempting to catch up and one where "new" things can be quickly and properly classified and assimilated. A successful career as an information technologist has required a solid background in computer science. In the next twenty-five years, this foundation will require the ability to make that science relevant—without watering it down.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.