top of page

LITIGATION SUPPORT TIP OF THE NIGHT

Featured on the ACEDS blog.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.

See my post on Running Regex Searches With a Grep Utility on the ILTA litigation support blog.

New tips for paralegals and litigation support profesionals are posted to this site each week. Click on the blog headings for better detail.

See How-To Videos on my YouTube channel.

Monitor Network Activity with TCPView

Feb 4, 2021

TCPView is a Microsoft program which will list all transmission control protocols on your system. It can be downloaded for free here. Any server connected to your computer or network will be listed.

You can view the address of each TCP endpoint, and see how many bytes it is using. By right clicking any one endpoint, you can terminate it.

ree

TCPView is particularly useful for detecting which programs running on your PC are accessing the internet. Simply shutting down your web browser and email client should reduce the number of running endpoints by a few hundred. What remains may be putting an unnecessary drain on your system, and could possibly be malware.

Don't Let the FUDs Get You!

Jan 20, 2021

Keep in mind that while your antivirus software may detect many types of malware, there are also a great number of malware programs which are 'fully undetectable' or FUD.

Malware may be encrypted so it's not possible for antivirus to scan through it.

Malware developers will check the detectability of their programs using widely used antivirus programs.

Malware can also evade antivirus software by using 'fileless techniques'. This means that the malware will run entirely in RAM - there will be no actual files downloaded to a PC. Rebooting your operating system can clear RAM, but some malware can manipulate the registry or PowerShell to keep functioning. It is also possible for ransomware attacks to work without using any files.

Beware of zero day attacks, that will successfully circumvent antivirus software before the malware is discovered. While virus definition updates are distributed daily, thousands of new malware attacks are also devised each day.

Data Encrypted at Rest in Relativity

Jan 12, 2021

RelativityOne encrypts data at rest on servers so attackers cannot read the data without encryption keys.

FedRAMP, HIPAA, and other regulations may require data at rest encryption. Relativity uses the Microsoft Azure platform which according to this white paper meets, “more than 70 international and industry-specific compliance standards, such as ISO 27001, SOC 2, Type II, HIPAA, and FedRAMP, as well as country- specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.”

Note that the HIPAA Security Rule does not actually require encryption but it does make it an 'addressable implementation' which means that it may be found that it is reasonable and appropriate to encrypt data. If not, alternative measures can be taken.

FedRAMP's Control Specific Contract Clauses, which provides language to be used in the provisions of contracts addressing cloud security, states that, "Cloud Service Providers pursuing a FedRAMP authorization will have to support the capability to encrypt data-at-rest; however, contract clauses should indicate any specific agency requirements for data encryption."

bottom of page