Note that you can remove configurable metadata (metadata that can be added or modified by an application user) using Adobe Acrobat.

When viewing an individual PDF, go to File . . . .Save As Other . . .Optimized PDF

Then in the PDF Optimizer dialog box, check off just the box for 'Discard User Data', and select the individual options for different categories of metadata to the right.

Even better, set up an Adobe Acrobat action to scrub the metadata from multiple PDF files. Under Tools . . . Action Wizard . . . Create New Action, select the option in the Protection section for 'Remove Hidden Information'. Bring it over to the right, and then after being sure to uncheck 'Prompt User' so the action doesn't make you save each PDF, click on Specify Settings. You will probably want to uncheck the options for 'Bookmarks' and 'Links' since the final version of a PDF of a court filing may need to retain these features.

The action will give you the option to add one file or an entire folder of files. Start the action to process the files.

22 views0 comments

Last month, CISA (Cybersecurity and Infrastructure Security Agency) published its Cybersecurity Incident

& Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability

Response Activities in FCEB Information Systems . An appendix to this guide provides a checklist to use in responding to a security breach incident.

A bare description of the checklist can be boiled down to these steps:

  1. Report the incident (to CISA) within one hour

  2. Assess the operational and information impact.

  3. Collect data about the incident.

  4. Identify the technical basis of the incident - the IOC (indicators of compromise - such as a file hash or IP address) and the TTPs (tactics, techniques, and procedures - which describe why and how the attack took place).

  5. Use a third party for intrusion detection.

  6. Tune tools to mitigate the attack.

  7. Implement a containment strategy - system backups; close ports and servers; prevent domain name resolution for attackers.

  8. Eradication - reimage systems from backups.

  9. Reset passwords and install updates and patches.

  10. Post-Incident action - after action hotwash to evaluate the incident response.

  11. Coordinate with the CISA and receive a CISA National Cyber Incident Scoring System (NCISS) priority level.

10 views0 comments

If you want to run a regular expression for a string which appears at least X times successively, you can run this search:


This search will find the string 'X', entered after the first ? and then at the end of the second parentheses, whenever it appears Y number of times successively, Y being one less than the number entered in the curly brackets.

12 views0 comments

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.


All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


This policy is subject to change at any time.