LITIGATION SUPPORT TIP OF THE NIGHT

The Tip of the Night for June 19, 2019, noted that Windows 10 stores the history of text and photos copied to the clipboard. Don't miss how easy it is to access this clipboard. If you simply prese the Windows key + v, the clipboard will appear at the lower right.

Attorneys will love being able to easily access the multiple quotes they have copied and pasted into a brief from caselaw on Lexis or Westlaw.

It's also a good as a simple forensic tool to check on a user's past activities. The clipboard history tool needs to be activated. Windows 10 apparently does not have it turned on by default.

NIST Special Publication 800-88 sets standards for media sanitization. The concept addresses controlling access to sensitive information. Organizations have to ensure that data cannot be reconstructed from residual data. For a given category of confidentiality, it must not be feasible to retrieve the data for a commensurate level of effort.

1. Information unintentionally stored in media should be accounted for.

2. Media sanitization usually happens when ESI is disposed of.

3. Senior management must be responsible for media sanitization.

4. Different media stora devices should be assigned different levels of confidenetiality.

5. There are three methods of media sanitization:

a. Clear - overwrite data with non-sensitive information.

b. Purge - block erase and cryptographic erase will make it infeasible to recover data.

c. Destroy- the data is physically destroyed through incineration or other techniques.

Appendix A to this NIST guide specifies how different types of media should be sanitized. For example, network routers should be reset to default settings to be cleared; only certain routers have purge capabilities such as block erasing; destroying a router requires a licensed incinerator.

In his blog post of June 17, 2020, the great Craig Ball discussed how to determine the precise time that a gmail message was sent by reviewing the original code of the message. This can help clear up confusion caused by email threads between people in different time zones. Here's a rundown of how to do this.

1. In an email message sent from a gmail account, select the drop-down menu by clicking on the three dots to the right of the message's header, and then select 'Show original'.

2. This will open the raw code for the message. Review the code for references to a timestamp. You should be able to find these by searching for the tag, "t=". The value following this tag measures the number of 100 nanosecond intervals between the precise time the message was sent and midnight on January 1, 1601. Windows uses this arbitrary date (or the date of the first full century since the adoption of the Gregorian calendar) as a yardstick. In this example we find the number, '1594755105' used as a time code.

3. On the site of Dan's Tools, there is an epoch timestamp converter. When the number 1594755105 is entered it gives the precise time of July 14, 2020, 19:31:45 UTC.