Seminar on Introduction to IT Forensic Process and Litigation
Lawyers are going to rely on and use more evidence recovered or secured from electronic sources. As “paper trails” dematerialize into electronic records, how ready are you to navigate the evidential issues related to them? This was the topic the Cybersecurity and Forensics Committee (“CFC Committee”) of the Law Society of Singapore tackled in its “Seminar on Introduction to IT Forensic Process and Litigation” held on 27 October 2017.
This event followed the over-subscribed and well attended talk on Cybersecurity for Lawyers of 18 May 2017. The seminar was equally well attended, with over 80 lawyers despite having a marketing lead time of only three weeks, demonstrating a real thirst for knowledge in this area. The session introduced participants to the IT forensic process, the tools and processes which are used to recover, secure and work with electronic evidence, and the ins and outs of presenting or relying on such evidence.
Lim Kian Kim (Chair of the CFC Committee) opened the session with observations about the importance of relying on electronic records. Next in the programme was a technological presentation covering the ins and outs of recovering electronic evidence by guests Michael Lew, President of the High Technology Crime Investigation Association, Singapore Chapter (“HTCIA”), and Gino Bello (Member, HTCIA).
Michael and Gino described how lawyers and forensic consultants can work together to achieve their common objectives. They talked about the pitfalls of not properly scoping the engagements, how to focus your searches and understanding the weaknesses and strengths inherent in the evidence. Attention was paid to extracting and recovering data from different sources, such as on premise servers, clouds and mobile devices. They provided an overview of what is needed to successfully extract and recover the data from a technical perspective, as well as what the lawyer should do to ensure a successful outcome.
After a short tea break came the panel discussion led and moderated by Bryan Ghows (member of the CFC Committee), and featured contributions by other CFC Committee members Sanjiv Kumar Rajan, Leow Jiamin, Prasad s/o Karunakarn and Eunice Lim.
Bryan set the stage by describing trends in the use of IT evidence and how lawyers need to collaborate with the IT forensics team. Sanjiv then touched on the legislative framework dealing with computer evidence and shared his experiences in working with IT forensics teams. He was followed by Eunice who covered the process of working with IT forensic evidence, from collection to processing, reviewing, reporting and through to case presentation. Jiamin then took the audience through some recent case law and case studies on collecting and using such evidence and pointed out that one would need IT forensics if there is a cybersecurity breach. Prasad concluded by discussing how lawyers need to consider the chain of evidence, whether working with IT or non-IT evidence.
The CFC Committee has received much positive feedback from those who had attended the seminar. This seminar represents a strong finish for the committee’s first full year of operations. The committee is looking forward to organising more conferences, including a full day conference in the 3rd quarter of 2018. Stay tuned!
The panel – (from left) Bryan Ghows, Sanjiv Kumar Rajan, Eunice Lim, Leow Jiamin and Prasad s/o Karunakarn.
Michael Lew, President HTCIA (SG Chapter) introducing the audience to concepts in IT forensics process.
Gino Bello, HTCIA (SG Chapter) discussing the nuances of collecting IT forensics evidence.
The open floor panel discussion. Michael rejoins the panel to take questions.
A large turnout for the session.
An audience member poses a question to the panel for consideration.
(Photos by Jack Ow)
