Category Archives: Social Media Investigations

Practice Tool: Sample FRE 902(14) Certification to Authenticate Social Media Evidence

Update: Law Firm Baker Hostetler has posted a good 902(14) model certification as well.

As part of our continuing coverage of Federal Rule of Evidence 902(14), which goes into effect on Friday December 1, 2017, we will be making available further resources and analysis over the next few weeks in support of this new and important development. To review, FRE 902(14) provides that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed. Instead, such properly collected electronic evidence can be certified through a written declaration by a “qualified person.” This rule will have a significant impact on computer forensics and eDiscovery collection practices. A detailed discussion of Rule 902(14) can be found here.

Today we are providing an example of a Rule 902(14) certification for the authentication of social media evidence collected by X1 Social Discovery. This sample document is for general information purposes only. Your use of this example 902(14) certification is at your own risk, and you should not use this sample documents without first seeking professional legal advice. The provision of this sample document (and the document itself) does not constitute legal advice or opinions of any kind. So with those legal disclaimers, here is the sample 902(14) certification:

Certification under Federal Rule of Evidence 902(14)

(Example Only for demonstration purposes)

 

I, __________________, hereby declare and certify:

 

  1. I am currently a (paralegal) (computer forensic specialist) (electronic discovery specialist) employed by “My Organization” (“My Organization”). My Organization specializes in the discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes and misuse as well as for in support of discovery for civil litigation matters. I am responsible for conducting computer forensic investigations and providing electronic discovery and litigation support.

 

  1. I have participated in more than 100 investigations and preservation efforts from social media sites and other Internet websites, and was the lead on approximately 20 of those investigations. These investigations involved finding relevant electronic information in support of internal investigations, civil litigation and criminal matters. In the course of these investigations, I was responsible for performing in-depth analyses and providing documentation and related materials in support of criminal and civil matters for law firms/litigation support consulting firms, (or for law enforcement agencies at the federal and local level)

 

  1. I have accumulated extensive experience in the identification, preservation, retrieval, analysis, and documentation of computer-related information, including both data at rest and social media evidence and other internet based electronic evidence in support of computer investigations and ongoing litigation matters.

 

  1. I am a licensed user of X1 Social Discovery (“X1”), the leading software used by law firms, law enforcement, government regulatory agencies and litigation support consultants world-wide. X1 Social Discovery is available for purchase by the general public and is generally accepted in the eDiscovery and computer investigation industry. X1 Social Discovery aggregates comprehensive social media content and web-based data into a single user interface, while preserving critical metadata not possible through image capture “screenshot”, or simple computer screen printouts.

 

  1. X1 Social Discovery includes an automated function to generate an MD5 “hash value” immediately upon the collection of an item of social media evidence or a webpage. The Committee notes to Federal Rule of Evidence 902(14) define a hash value as follows: “Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value.’ A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates.”

 

  1. X1 Discovery, Inc., the software company that develops X1 Social Discovery, makes freely available a separate hash value verification software utility that will recalculate the hash value of an item of electronic evidence that was previously collected by X1 Social Discovery to verify that the evidence has not changed since it was collected by X1. If the “verification” hash value generated by the verification utility is the same as the hash value originally calculated by X1 Social Discovery at the time of the acquisition of the item of electronic evidence, then the identical hash values reliably attest to the fact that the evidence, and any exact duplicates thereof, have not changed.

 

  1. I was retained by attorneys for Defendants to provide examination, preservation and analysis of social media evidence in the present case. Pursuant to this request I collected numerous social media evidence from Twitter, Instagram, and Facebook using the X1 Social Discovery software. Attached as Exhibit “A” are the following items of social media evidence:

 

  1. A Facebook post that was publicly available on Plaintiff’s Facebook dated July 10, 2017, which was acquired by me on September 3, 2017 at 3:45pm.
  2. A Twitter post (Tweet) that was publicly available on Acme company’s Twitter feed dated July 13, 2017, which was acquired by me on September 3, 2017 at 3:48pm.
  3. An Instagram post that was publicly available on Plaintiff’s spouses’ Instagram feed dated July 18, 2017, which was acquired by me on September 3, 2017 at 3:55pm.

 

  1. When the items described above were acquired by X1 Social Discovery, the software automatically generated and assigned a hash value based upon the contents of the evidence. This is termed the “acquisition hash.” Using the hash value verification software utility, I recalculated the hash value of the 3 items listed above, on 12/4/17, shortly before I prepared this declaration. The verification hash in all instances were the same as the acquisition hash value, as set forth in the following table:

902 Certification Table

  1. The identical hash values reliably attest to the fact that the evidence has not changed.

 

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed this _th day of December 2017 in Los Angeles, California.

 

 

______________________

Signature of Declarant

 

Download a copy of this example Certification here >

Leave a comment

Filed under Authentication, Best Practices, Social Media Investigations, Uncategorized

ILTA eDiscovery Survey Reflects Increased Social Media Discovery

The International Legal Technology Association recently published a very informative and comprehensive law firm eDiscovery practice survey “2016 Litigation and Practice Support Technology Survey.” ILTA received responses from 204 different law firms — small, medium and large — on a variety of subjects, including eDiscovery practice trends and software tool usage.  The survey reveals three key takeaways regarding social media and website discovery.

The first clear takeaway is that social media discovery is clearly increasing among law firms and in the field in general. 77 percent of responding law firms reported conducting social media discovery in 2016, a 12 percent increase over 2015. Additionally, the responding firms reported a higher average volume of cases involving social media evidence, with a 23 percent increase in firms handling at least 4 matters per year involving social media evidence. (See Survey at pg. 23)

In terms of identified software solution usage, the survey establishes that X1 Social Discovery is the clear leader in the web and social media capture category among purpose-built tools used by law firms. 24 percent of all law firms rely on X1 Social Discovery on either an in-sourced or outsourced basis. The survey also reflects that X1 Social is the number one process used by eDiscovery service providers, by far surpassing the next common process of screen capturing. This is consistent with our own internal data, reflecting the industry’s standardization of social media evidence collection by the sheer volume of customers that have adopted X1 Social Discovery. Nearly 200 law firms and 500 eDiscovery services firms have at least one paid license of X1 Social Discovery. So while X1 Social Discovery is very popular with law firms, it is even more widely used by eDiscovery service providers.

ILTA survey2

Utilization of X1 Social also registered in the separate category of webmail collections.

The final takeaway is that the practice of using screen captures with general IT tools like Adobe and Snagit is still commonly employed by practitioners at law firms, but is virtually non-existent amongst service providers, who typically are on the forefront of adapting best practices. Screen capturing is neither effective nor defensible. It is ineffective because the results are very narrow and incomplete, and the process is very labor intensive resulting in much higher costs to the client than using best practices. (See Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014), law firm spent full week screen capturing contents of Facebook account — which amounted to over 500 printed pages — manually rearranging them, and then redacting at a cost of tens of thousands of dollars).

In addition, simple screen captures are not defensible, with several courts disallowing or otherwise calling into question social media evidence presented in the form of a screen shot image. This scrutiny will only increase with Federal Rule of Evidence 902(14) coming into effect later this year. I have previously addressed Rule 902(14) at length on this blog, but in a nutshell, screen captures are not Rule 902(14) compliant, while best practices technology like X1 Social Discovery have the critical ability to collect all available metadata and generate a MD5 checksum, or “hash value,” of the preserved data for verification of the integrity of the evidence. The generation of hash values is a key component for meeting the requirements of FRE 902(14).

The ILTA Litigation Practice survey results can be accessed here. For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

Leave a comment

Filed under eDiscovery, Social Media Investigations