FloCon 2019 has ended
Back To Schedule
Wednesday, January 9 • 2:00pm - 2:30pm
Data as Evidence: Analysis of Logs for Litigation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Security goes well beyond the operational need to identify activity and decide whether it should be allowed to continue unencumbered, further scrutinized, or halted. When it comes to identifying responsible actors and making victims whole, remedies largely depend on criminal and civil adjudication. Successful prosecution and recovery of damages requires that data may be admitted as evidence into the legal record, that the means of analyzing the data withstand scrutiny, and that counsel, court, and jurors understand the story the data analyst finds. Furthermore, careless or myopic analysis used in real time security operations can have disastrous effects when the analysis is scrutinized in litigation.

In this presentation, we consider three case studies where the author led a team that analyzed system
logs, developed findings from the data that were relevant to the nature, scope, and severity of the alleged damage, and presented those results. We focus on the legal processes at work in securing data for analysis, methods for assessing and making use of data, the legal standards for offering expert opinion, and techniques for effectively presenting findings to legal professionals and lay jurors.  The cases are: 
  • Pharmatrak Privacy Litigation, United States Court of Appeals, First Circuit. 329 F.3d 9, in which plaintiffs alleged that pharmaceutical companies collected and sent personal information to third undisclosed third parties, in violation of their privacy policies. Forensic analysis of operational system logs led to critical findings that set standards for application of Federal wiretap statutes to web technology.
  • Ford, et al v. SBC Communications Inc. and SBC Internet Services, Inc.  d/b/a AT&T Internet Services, Inc., Circuit Court of St. Louis County (Missouri) Cause No. 06CC-003325, Division No. 6, in which disparate datasets were analyzed to find any cases where fees were collected for service that could not be provided. New York Stock Exchange Specialists Litigation, U.S. District Court, Southern District of New York, 405 F. Supp. 2d 2, in which the California Public Employees Retirement System (CalPERS) represented a class of investors who were allegedly harmed by securities specialists interpositioning themselves into otherwise executable trades. Analysis of tick-by-tick data from the systems that capture, relay, and display orders for the entire New York Stock Exchange over a five year period made possible findings needed to address the allegations. 
We discuss techniques for analysis and present examples from the case studies and conclude with
principles for data analysts both to support operational needs and to create the foundation to protect the organization in subsequent 

Attendees Will Learn: 
• When system data and analysis can be exposed to the scrutiny of an adverse party.
• How adverse parties can use the data in unexpected ways.
• How to identify both operational needs and long-term impacts of data collection, analysis, and presentation.
• How to present findings that will withstand not only internal questions but adversarial inquiry

avatar for Matthew Curtin

Matthew Curtin

Founder, Interhack Corporation
C. Matthew Curtin is the founder of Interhack Corporation, a computer expert firm based in Columbus, OH.  His practice helps attorneys and executives in high-stakes situations to understand and make use of computer technology and relevant data.  He has appeared as an expert witness... Read More →

Wednesday January 9, 2019 2:00pm - 2:30pm EST
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130