The Association of Digital Forensics, Security and Law (ADFSL)


This paper describes a cyber-forensics course that integrates important public policy and legal issues as well as relevant forensic techniques. Cyber-forensics refers to the amalgam of multi-disciplinary activities involved in the identification, gathering, handling, custody, use and security of electronic files and records, involving expertise from the forensic domain, and which produces evidence useful in the proof of facts for both commercial and legal activities. The legal and regulatory environment in which electronic discovery takes place is of critical importance to cyber-forensics experts because the legal process imposes both constraints and opportunities for the effective use of evidence gathered through cyber-forensic techniques. This paper discusses different pedagogies that can be used (including project teams, research and writing assignments, student presentations, case analyses, class activities and participation and examinations), evaluation methods, problem-based learning approaches and critical thinking analysis. A survey and evaluation is provided of the growing body of applicable print and online materials that can be utilized. Target populations for such a course includes students with majors, minors or supporting elective coursework in law, information sciences, information technology, computer science, computer engineering, financial fraud, security and information assurance, forensic aspects of cyber security, privacy, and electronic commerce.


Week 1: Investigation and Litigation: Criminal, Civil, ADR, Regulatory, Non-Judicial Tribunals

Bazan, E.B., & Elsea, J.K. (January 5, 2006). Presidential Authority to Conduct Warrantless Electronic Surveillance to Gather Foreign Intelligence Information. In Congressional Research Service Report to Congress. http://www.fas.org/sgp/crs/intel/m010506.pdf .

Granick, J. (January 18, 2006). Mass Spying Means Gross Errors. http://www.wired.com/news/columns/0,700351.html?tw=wn_story_pa ge_next1.

Dubey, P. & Stevens, T. (2005). The Litigation Balancing Act: No Pressure to Measure? http://fiosinc.com/resources/pdfFiles/200505_corporate_counsel.pdf.

Week 2: Traditional Discovery: Interrogatories, Depositions, Discovery Requests

American Lawyer Media, Inc. (No Date). Interrogatories. http://dictionary.law.com/definition2.asp?selected=1005&bold.

Committee on the Judiciary; 108th Congress. (2004). Federal Rules of Civil Procedure; with forms. http://judiciary.house.gov/media/pdfs/printers/109th/civil2005.pdf.

Dubey, P. & Araujo, N. (2005). Evidence lifecycle management – the new frontier. http://www.fiosinc.com/resources/pdfFiles/200507_evidenceLifecycle. pdf.

Mack, Mary. (2004). Taming the litigation beast: Are you ready? http://www.cioupdate.com/insights/article.php/11049_3342321_1.

Rinkle, Ralf. (No Date). The‘Lectric Law Library’s Lexicon on Deposition. http://www.lectlaw.com/def/d041.htm

No author. (2005). Rule 26: General rules governing discovery; duty of disclosure. http://www.law.cornell.edu/uscode/html/uscode28a/usc_sec_28a_0600 0026----000-.html.

No author. (2005). Rule 34: Production of documents and things and entry upon land for inspection and other purposes. http://www.law.cornell.edu/uscode/html/uscode28a/usc_sec_28a_0600 0034----000-.html.

No author. (2005). Rule37: Failure to make disclosure or cooperate in discovery; sanctions. http://www.law.cornell.edu/uscode/html/uscode28a/usc_sec_28a_0600 0037----000-.html.

Redgrave, J. M. ed. (2005). The Sedona Principles: Best practices, recommendations, & principles for addressing electronic document production. http://www.kenwithers.com/articles/sedona/principles.pdf.

Sommer, P. (2005). Directors and corporate advisors’ guide to digital investigations and evidence. http://www.iaac.org.uk/Portals/0/Evidence%20of%20CyberCrime%20v08.pdf.

Week 3: Electronic Data Production and EDD Project Planning

Brown, C. L. T. (2003). Bate’s numbering – What’s in a number anyway? www.techpathways.com/uploads/BatesNumbering.pdf.

Hedges, R. J. (2004). Discovery of digital information. http://www.kenwithers.com/articles/hedges092704.pdf.

Kinnaman, M. (2005). Let’s Get Relevant: Using document analytics to reduce total discovery cost. E-Discovery Law & Strategy, 2 (2). www.attenex.com/newsEvents/inTheNews/pdf/Lets_Get_Relevant_Ed iscovery_LS_06_2005.pdf.

No Author. No Date. Guidelines for the discovery of electronic documents in Ontario. http://www.krollontrack.com/library/ontario.pdf.

No author. No date. Embedded information in electronic documents: Why meta data matters. http://www.lexisnexis.com/applieddiscovery/lawlibrary/whitePapers/A DI_MetaData.pdf.

Reisinger,S. (2005). In-house attorneys become IT gatekeepers: Big damages in botched e-discovery cases up the ante for in-house lawyers as they take on a new role. http://www.law.com/servlet/jsp/ihc/PubArticleIHC.jsp?id=112834292 6735.

Roitblat, H. L. (2005). Proactive solutions: The next generation of eDiscovery. Retrieved http://www.discoveryresources.org/pdfFiles/Proactive_Solutions.pdf.

Week 5: Admissibility of Electronic Evidence

Preserving chain of custody in e-discovery cases. http://www.lexisnexis.com/applieddiscovery/clientResources/techTips 9.asp.

Preston, Gates, & Ellis. (2005). Motion for exclusion of evidence or adverse inference denied as untimely and because defendant produced all responsive documents. http://www.ediscoverylaw.com/case-summaries-269-motion-forexclusion-of-evidence-or-adverse-inference-denied-as-untimely-andbecause-defendant-produced-all-responsive-documents.html.

St.Clair v. Johnny’s Oyster & Shrimp, Inc., 76 F.Supp.2d 773 (S.D.Tx.1999)

Weeks 6 and 7: Computer Forensic Expert Witnesses and Scientific Evidence and Daubert Constraints on Admissibility of Electronic Evidence

Frye v. U.S., 293 F. 1013 (D.C. Cir. 1923)

Daubert v. Merrell Dow Pharmaceuticals, 509 U.S. 579 (1993)

GE v. Joiner, 522 U.S. 136 (1997)

Kumho Tire Co., v. Patrick Carmichael, 526 U.S. 137 (1998)

Martinez v. Bynum, 461 U.S. 321 (1983)

Rink v. Cheminova, 400 F.3d 1286 (11th Cir. 2005)

Week 8: Evidentiary Aspects of Modern Communications Technologies

McAree, D. (2005). New liability frontier: Instant messages. http://www.law.com/jsp/article.jsp?id=1125392711384.

McCurdy, G. S. & Dawson, M. J. (2004 ). Are instant messages discoverable? Is this digital medium more like emails or phone calls? http://www.prestongates.com/images/pubs/Dawson NLJ.pdf.

Sharpe, L. & Lange, M. C. S. (2004). Juggling the worlds of paper and electronic discovery. http://www.krollontrack.com/include/document.asp?file=/publications/ abtl.pdf.

Skupsky, D. S. (1996). Discovery and Destruction of E-mail. In The internet and business: A lawyer’s guide to the emerging legal issues (chapter 5). http://www.itechlaw.org.

Verizon Online Services, Inc. v. Ralksy, 203 F. Supp. 2d 601 (E.D. Va. 2002).

Waters, J. K. (2006). Zantaz launches first discovery e-mail search. http://www.law.com/jsp/ltn/pubArticleLTN.jsp?id=1138701909475.

Week 9: Cost Balancing of Electronic Document Production

Blouin, D. (2004). The discovery dance. http://www.law.com/special/supplement/e_discovery/discovery_dance. html.

Gawlicki, S. M. (2005). GCs find new ways to cut e-discovery costs: Altria and Cisco bring e-discovery in-house. http://www.insidecounsel.com/issues/insidecounsel/15_169/technolog y/236-1.html.

Plotkin, J. (2004). White Paper: E-mail discovery in civil litigation: Worst case scenarios vs. best practices. http://www.veritas.com/Products/www?c=collateral&refId=322.

Robichaud, T. D., & Gilinsky, M. (2004). Zubulake V: Emerging trends in the duties regarding electronic evidence. Mealey's Litigation Report: Discovery, 1(12). www.discoveryresources.org/ pdfFiles/04_zubulakeV_092004.pdf.

Sachdev, A. (2005). Costly electronic discovery 'part of potentially every case in the 21st Century.' www.evestigate.com/PDFS/chicagoTribune_041005.pdf.

Eight related Zubulake decisions issued between 2003 and 2005 detailed in ftn.13.

Week 10: Privilege and Privacy of Electronic Evidence

Lucchetti, A. & McDonald, I. (2006). Spitzer’s targets use his tactics: Grasso, Greenberg seek documents on attorney general’s operations; impact on the governor’s race. The Wall Street Journal, C.1.

Weeked States Department of Justice (2002). Searching and seizing computers and obtaining electronic evidence in criminal investigations. Retrieved December 16, 2006, from http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm.

Reino de Espana v. American Bureau of Shipping (SDNY Dec. 14, 2005).

Week 11: Spoliation and Obstruction of Justice

Ballon, I.C. (1999). Spoliation of e-mail evidence: Proposed intranet policies and a framework for analysis. http://library.findlaw.com/1999/Feb/22/131004.html.

Leddin, B. J., & Gonsowski, D. (2005). Spoliation of Electronic Data: The wages of sin in a virtual world. New Jersey Law Journal, CLXXIX(3). http://www.fiosinc.com/resources/pdfFiles/20050117_spoliation.pdf.

Redgrave, J. M., Cook, R. C., & Ragan, C. R. (2005). Looking Beyond Arthur Anderson: The impact on corporate records and information management policies and practices. www.rdrw.com/pdf/arthur092005.pdf.

Week 12: Regulated Electronic Records Management

Launchbaugh, C. (2004). E-Records management: A sad state of affairs or golden opportWeeky? Records management professionals have an opoprtuntiy – and an obligation – to communicate the importance of including electronic records in their organization’s records management program. www.discoveryresources.org/pdfFiles/Launchbaugh.pdf.

Murphy, B. (2005). Sarbanes-Oxley records management implications. http://www.s-ox.com/feature/detail.cfm?articleID=924.

Talcott, K. D. (2005). Dealing with third-party providers: Spell out expectations before entering a relationship. http://www.cowengroup.com/news/thirdparty.html.

All weeks: additional links to selected online resources:

http://www.usdoj.gov/usao/iln/osc/ http://www.fiosinc.com/

http://www.daubertexpert.com/ http://www.dauberttracker.com/


http://www.applieddiscovery.com/ http://www.krollontrack.com/

http://www.uscourts.gov/library.html http://www.lawpartnerpublishing.com/

http://www.ironmountain.com/Index.asp http://www.forensic-evidence.com/site/Linkwo.html




http://www.law.com/special/supplement/edd/ http://www.waybackmachine.org/




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.