E-Discovery: Computer Forensic Images and Computer Forensic Reports

[Editor’s Note: John C. Ellis, Jr. is a National Coordinating Discovery Attorney for the Administrative Office of the U.S. Courts, Defender Services Office. In this capacity, he provides litigation support and e-discovery assistance on complex criminal cases to defense teams around the country. Before entering private practice, Mr. Ellis spent 13 years as a trial attorney and supervisory attorney with Federal Defenders of San Diego, Inc. He also serves as a digital forensic consultant and expert.]

CJA panel attorneys frequently ask me for strategies for how to manage and review computer forensic images they receive in discovery. It is a great question. Forensic images are often difficult for CJA panel attorneys to access, and they can contain an immense amount of information (often much more than the rest of the discovery production). Without opening them, they already know that a lot of the information in the forensic image is irrelevant. But they also know that often crucial information is in the forensic image that is important for them to know so they can prepare their client’s defense.

Short technical background:

There are two ways data from a computer is provided in discovery:

  1. Duplicates, which refers to “an accurate and complete reproduction of all data objects independent of the physical media”; or
  2. Forensic Images, which refers to “a bit stream copy of the available data” (see SWGDE Digital & Multimedia Evidence Glossary, June 2016).

Usually the government provides forensic images.  The forensic image is created using specialized software such as opentext EnCase or AccessData Forensic Toolkit (FTK). These forensic images cannot be opened without specialized software. Although there are free viewer programs, such as AccessData’s FTK Imager, which enable users to review the contents of forensic images, the process can be time-consuming and difficult.

Computer Forensic Reports

Isn’t there a better way? Yes, there is. Computer Forensic Reports (there are caveats). But first, why are they important and relevant to you?

Besides the forensic image that the government provides you, they may also provide you something called a Forensic Report (or forensic program generated report). Two common examples for computers will be an EnCase Report or an FTK Report. These reports, generated through the forensic software program, can allow you to see and review the information extracted from the image in a more user-friendly way. This can frequently mean you won’t need to use a forensic image viewer or a computer expert to assist you.

FTK HTML Report

FTK HTML Report

Now these computer forensic reports are not the same as a law enforcement report written by an agent discussing what information was on a computer and describing the evidence they think may be relevant to the criminal investigation. These forensic reports are generated through the forensic tool that was used to examine the data found on the device.

So, the first thing you should do when the government provides a forensic image to you is to ask the government if they have a forensic report as well and request a copy.

Forensic reports are useful because they can make it much easier for a legal professional to review data extracted from the device without having to use a forensic tool. Since most forensic examiners work with law enforcement, they typically create these reports for case agents and prosecutors. The information in the report can include information about documents, images, emails, and web browsing history. These reports often show both the content of a file as well as the metadata (such as the date the document was created). These reports are limited to the data extracted from the original device, the parameters of the forensic program, and the choices made by the forensic examiner.

The forensic reports can be provided in a several formats, including PDF, Excel and HTML. Many forensic tools also include a reader or viewer program that is proprietary to the forensic too, such as Magnet’s AXIOM Portable Case, opentext’s EnCase and AccessData’s FTK also have reader or viewer programs. These forensic reports allow legal professionals to search, review, sort and filter information in ways that can be superior to reviewing the reports in PDF, HTML or Excel formats.

Axiom Portable Case

Axiom Portable Case

These reports are valuable and frequently provide most of the information that a legal team will need to understand the contents of a forensic image. It should be noted that forensic reports may not contain all data that was on the original digital device.  Therefore, counsel should consider engaging a forensic expert or consultant when he or she does not understand the forensic report or image.

[NOTE: Law enforcement will frequently generate a forensic report after completing an extraction from a mobile device. A common forensic report seen in federal criminal cases is a Cellebrite Reader Report. We plan on doing another blog post focused on mobile devices shortly.]

NLST webinar

The National Litigation Support Team (NLST) recently presented a national webinar entitled, “Managing and Reviewing Electronic Discovery for CJA Panel Attorneys.” This 90-minute webinar was recorded and is available on fd.org for your review. The recording provides an overview of technology, techniques and search strategies that can help CJA panel attorneys (and federal defender organization personnel) with your review and analysis of electronically stored information that is provided in discovery. We discussed resources that are available to you as a CJA panel attorney or federal defender employee, and questions to ask the next time you get a complex case. Topics covered include the importance of search and retrieval techniques, encryption, Box.com, Adobe Acrobat Pro, dtSearch, CaseMap, Casepoint, and new federal criminal Rule 16.1.

If you are interested in viewing the recording, please go to fd.org/program-materials-and-videos. (NOTE: To view the webinar, you will need to be either a CJA panel attorney who has registered with fd.org , or a member of a federal defender office. If you need assistance accessing the information, go to fd.org/login-help). If you have follow-up questions about any of the topics (as the presentation was meant as an overview), please email us.

Three Types of PDFs

Acrobat

PDFs (portable document format files) are a common file format in federal criminal discovery. But are all PDFs created equal? As you all have experienced, the answer is no, they are not.

Think about PDFs in three distinct categories:

  1. True PDFs;
  2. Image-based PDFs; and
  3. Made-searchable PDFs.

For discovery review, these distinctions are important because it impacts whether the PDF is searchable and the accuracy of your text searches within the PDF file. With voluminous discovery, the ability to search and review PDFs is critical for organizing and reviewing it.

  • True PDFs (also known as text-based or digitally created PDFs). These PDFs are created using software such as Microsoft Word, Excel, or using the “print to PDF” function in those programs. They consist of both text and images. We should think about these PDFs having two layers – one layer is the image and a second layer is the text. The image layer shows what the document will look like if it is printed to paper. The text layer is searchable text that is carried over from the original Word file into the new PDF file (the technical term for this layer is “extracted text”). There is no need to make it searchable and the new PDF will have the same text as the original Word file. An example of True PDFs that federal defenders and CJA panel attorneys will be familiar with are the pleadings filed in CM/ECF. The pleading is originally created in Word, but then the attorney either saves it as PDF or prints to PDF and they file that PDF document with the court. Using either process, there is now a PDF file created with an image layer plus text layer. In terms of usability, this is the best type of PDF to receive in discovery as it will have the closest to text searchability of the original file. Click here to see an example of a True PDF.
  • Image-based PDFs (also known as image-only PDFs). Image-based PDFs are typically created through scanning paper in a copier, taking photographs or taking screenshots. To a computer, they are images. Though we humans can see text in the image, the file only consists of the image layer but not the searchable text layer that True PDFs contain. As a result, we cannot use a computer to search the text we see in the image as that text layer is missing. There are times when discovery is produced, it will be in an image-based PDF format. When you come across image-based PDFs, ask the U.S. Attorney’s Office in what format was that file originally. Second, ask if they have it in a searchable format and specifically if they have it in a digitally created, True, Text-based PDF format. They may not, as they often receive PDFs from other sources before they provide them to you, but you will want to know what is the format in which they have it in, and what is the original format of the file (as far as they know). Click here to see an example of an Image-based PDF.
  • Made-searchable PDFs (also known as “OCRed” PDFs). Image-based PDFs can be made text searchable by applying optical character recognition (OCR). CJA panel attorneys frequently use Adobe Acrobat Pro (or other PDF editor software) to make image-based PDFs searchable. During the OCR process, the software program interprets each character on the image as text and adds a text layer to the image layer. Made-searchable PDFs are like True PDFs, but the searchability of the OCRed document will depend on the quality of the image, or the recognizability of the writing. They are often not 100% accurate when you do keyword searches of the text. Click here to see an example of a Made-searchable PDF.

The ESI Protocol (formally known as the Recommendations for Electronically Stored Information (ESI) Discovery Production in Federal Criminal Cases) noted the limitations of OCR process on scanned paper.

“Generally speaking, OCR does not handle handwritten text or text in graphics well. OCR conversion rates can range from 50 to 98% accuracy depending on the underlying document. A full page of text is estimated to contain 2,000 characters, so OCR software with even 90% accuracy would create a page of text with approximately 200 errors.”

People ask how accurate software programs are in the OCR conversion. That is important, but the biggest factor for how searchable your OCR PDF will become is the underlying quality of the scanned image. A clean copy of a pleading will have high accuracy; a twice photocopied school paper record from the 1950s will be less accurate.

A quick way to see what the quality of the text is compared to the image is to select the text in question in a PDF file (you can use Control + A in Windows or Command + A in Mac to copy all the text on a page), and then copy and paste the text into a Word document. Put the two files side by side and visually compare them.

Side by Side

Why You Should Consider a Windows Computer and Laptop Buying Advice

W10

Why do we recommend having a Windows computer for CJA panel attorneys?

One of the great modern-day debates is Windows versus Apple. Like college football rivalries (think Alabama versus Auburn or UCLA versus USC), this discussion can generate intense emotions on both sides of the aisle. Add into the mix the introduction of Chromebooks (using a Chrome OS operating system), and it can be difficult for CJA panel attorneys to decide what to use in their practice.

For this conversation, let’s talk about laptops. When talking to people outside of the federal criminal defense world, we would usually say choosing a laptop depends on personal preference. You should pick the laptop that makes sense to you and allows you to be most productive. If you find you are more productive with a Mac, that’s great. People may be drawn to one operating system or the other for any number of reasons. Typically, the most important factor in choosing an operating system is which one you have used the most.  The mechanics of how that system functions will seem more intuitive to you, because you have years of experience using it.

However, for federal criminal cases, we suggest having a Windows machine available to you.

Why?

Three reasons:

  1. The Department of Justice, as well as most law enforcement agencies, use Windows computers. The systems they use to manage evidence and electronically stored information (ESI) will, by default, work on Windows machines. As a result, when they produce discovery to the defense, it will work (usually) on Windows machines.
  2. Several important software programs and digital forensics programs do not work on Macs. Examples include dtSearch, CaseMap, Cellebrite Reader (a free viewer that can speed up review of cellphone dumps) and FTK Imager (a free tool to look at computer images the government seized, so that you can see what the computer looked like to the person who used it). Now you may not need to use these tools (there are work arounds or alternatives), but it is a limitation. In addition, while many file formats can be opened on either Windows or Apple machines, such as Word documents, PDFs and PowerPoint files, there are other file types that do not work natively on Macs. For example, certain proprietary audio and video files can only be played on applications that work in Windows. Now that all discovery being provided by the U.S. Attorney’s Office is encrypted in transit, they often use tools designed to function on Windows machines and not Macs. Of course, you can try to work it out with the government, so you receive something that is Mac-friendly (and many times they will be accommodating), but it is not their default procedure.
  3. There are other costs associated with Macs. For one, PCs are often cheaper than their Mac counterparts.  Additionally, programs offered for a discount to CJA panel lawyers by the Defender Services program typically are Windows based.

Does this mean we are saying you should abandon your Mac? No. Plenty of us use both Windows and Macintosh computers at work or at home.  What we are saying is that you should consider having a Windows computer available to you to assist you in your CJA cases, as it can save you time and money in the long run.

Which laptop should I buy?

When it comes to buying a Windows laptop, there are hundreds of options.  The following minimum criteria should be considered when purchasing a new laptop:

  • 12.5 to 14-inch size screen – typically a good balance between usability and portability. This assessment is something to consider. If you are going to be mobile, go on the smaller side. If you are going to more stationary, consider the larger screen;
  • At least a Core i5 CPU;
  • At least 8 gigabytes (GB) of RAM;
  • Screen resolution of 1920 x 1080;
  • At least 500 SSD (solid state drive);
  • 8+ hours batter life;
  • Windows Professional – which gives you Bitlocker, an easy way to encrypt files and folders.

If you can afford to spend a little more, adding to these minimum specs options can result in better performance. For myself, I like to have at least a machine with Core i7 CPU, 16 gigabytes of RAM. Many of our colleagues have found that if they have a more robust machine, problems they had scrolling through large PDF files or viewing proprietary video files in their older, less powerful machines went away. However, price is always the top issue so shop around and find what works for you and your budget.

Dealing with Encrypted Discovery

Whether it is on media (CD Rom, USB drive, or hard drive) or through the internet (email or USAfx) it is becoming common practice that discovery files will be “encrypted.” Encryption adds a layer of protection by scrambling the data, so files cannot be seen unless a digital “key” (password) is provided. The goal is to protect the data while it is being shipped in case it is lost or stolen.

Decryption” is the process of unscrambling an encrypted file so it is readable. The first step you should take when you receive encrypted files is to create a decrypted copy of the files. The decrypted copies will allow you to search, review and work with them on your computer that the encrypted files will not, and you will not need to enter a password each time to open them.

When receiving encrypted case related materials:

  1. Look for cover letters and associated correspondence that mention password protection or encryption. Often the sender will tell you that the files are encrypted and provide instructions on how to obtain the key (password). If the media contains encrypted files you cannot work with them unless you have that password.
  2. Use a Windows computer. Most decryption programs included on the media are designed to work with Windows computers.  Sometimes decryption can be done on Mac computers, but often it requires additional software not included with the media.
  3. Insert the media and look for either a “password” prompt or a decryption program. Certain encryption programs (like Microsoft “Bitlocker“) will automatically prompt for a password when the media is inserted. Other times the media will include Windows-based software programs that needs to be run.
  4. Create decrypted copies of the files. When you open a file that is encrypted a computer will typically only temporarily decrypt it.  The file may be in a “read-only” mode that will not work well with most software programs and will continue to need a password when reopening.  Making a decrypted copy of the file will allow it to be correctly recognized by the programs on your computer and will no longer need a password when opening the copy.

McAfee Removable Media Protection

McAfee Removable Media Protection” is a common encryption program used by the USA’s when delivering discovery on thumb drives and CD/DVD discs. The media usually includes an executable file that when run will allow users to make decrypted copies of the files. To create decrypted copies:

  • Create a destination. Open File Explorer (the file browser on your computer) and navigate to a destination on your computer (or external drive) with enough room to hold a copy of the files. Create a folder that will keep the decrypted copy of the files.
  • Open McAfee. Insert the media and look for a McAfee program executable file (the file is usually called “MfeEERM” and will have the “.exe” extension).McAfee
  • Run the executable and look for a dialog window prompting for a password.  Enter the password and click “OK”.
    Password
  • Copy the files or folders. From within McAfee:
    1. Select the “Top Level” folder from the left-hand navigation pane.
    2. From the main window (on the right side), select all the files and folders listed, right-click on them and choose “Copy”.
      Copy
  • Paste the copies into the destination. Switch back to File Explorer. Right-click on an empty space within the destination location and choose “Paste”. For larger sets of data (over 10,000 files/folders), try dividing the copy process into smaller batches of about 1,000 files / folders each. Verify the copied files can be opened by closing McAfee and opening a few of the copied files.

Here is a quick video demonstration of the process:

Acrobat download“Encrypted Discovery” PDF file download

Box.com Features

Box.com is a cloud-based repository that allows users to store, access, share and transfer electronic files. It also has features that allow for collaboration on the drafting of documents. We will touch on some of the key features here and more detailed information about each feature will be provided in future blog posts. Users can easily access files from different devices (such as computers, tablets and smartphones) anywhere they can connect to the internet. This allows federal defender offices and CJA panel attorneys to share discovery and work product easily and efficiently in a secure environment. With the national contract the National Litigation Support Team (NLST) has with Box.com, the security features emulates those of USAfX, the DOJ’s re-branded version of Box.com they use to disseminate discovery in many districts. If you are interested in using Box.com for one of your cases or have questions about its utility, please contact Kalei Achiu with the NLST at kalei_achiu@fd.org or 510-250-6310.

Box Drive, otherwise known as “Desktop, meets cloud”, allows users to access Box content from their desktop. Unlike Box Sync, Drive brings the entire universe of Box.com files to the desktop without taking up too much space on a hard drive since files are stored in the cloud instead of locally on a computer. However, it does not support offline access to content. Users will need an internet connection to access files. Box Drive can be easily accessed on a user’s desktop from Windows Explorer (Finder on a Mac) or the Windows System Tray (System Notification on a Mac). Documents can be created and/or edited from the desktop and changes will automatically be saved back to Box.com. Drive also gives users the option to “lock” shared files to keep other collaborators from overwriting edits.  Learn more about Box Drive and download it here:  https://www.box.com/resources/downloads/drive.

Box Sync allows users to mirror data stored on Box.com on their desktop or laptops. Unlike, Box Drive, users do not need an internet connection to access files once they are downloaded. Box Sync allows users to choose which files to sync so you don’t have to sync an entire folder. If any changes or edits are made, they will be synced back to Box.com the next time you connect to the internet. Box Sync allows the user syncing documents to choose the location where the synced folder resides. By default, synced folders live on the user’s local C: drive. However during the initial setup, the location can be changed to a shared network drive so that all those with access to that shared network drive can then access the synced folder.  Learn more about Box Sync and download it here:  https://community.box.com/t5/Using-Box-Sync/Installing-Box-Sync/ta-p/85.

Box Edit is a feature that makes collaboration even easier by allowing users to edit files directly from Box.com. Users no longer must download a file, make their changes and then upload it back to Box with a different name. Box Edit works with many programs including Word, Excel, PowerPoint and Adobe Acrobat. Once Box Edit is installed on a computer that also has the program in which the file was originally created, users can access the file in Box, which will then launch the document in the original program. Revisions are made in the original program, the updated file is automatically saved directly back to Box because of the integration. Box Edit will track the version history of the documents so users don’t have to worry about saving files as different versions. Older versions of the documents can be accessed in the version history on Box. Box Edit also allows users to create new documents directly on Box. Users must “Select” New and choose the type of document they want to create. Once created, it is available to any collaborator with access to that folder for editing.  Learn more about Box Edit and download it here:  https://app.box.com/services/box_edit.

Box Notes is an easy to use tool that works on Box.com or as a separate “add-on” for your desktop. Box Notes allows users to quickly take notes, share ideas and collaborate with others. The live editing and collaboration feature allows everyone to see the same note and make changes or suggestions in real time. Users can see a list of all existing notes on Box and their associated folders as well as the last collaborator to update the note. The Box Notes desktop application is a separate add-on feature, but works the same way as Box Notes in your web browser. Once Notes is installed on the computer, a shortcut icon is created on the desktop. It can also be accessed from the list of programs installed on the computer. Users can edit and collaborate on notes as they would on Box.com. Any edits or changes made on the desktop application are available to collaborators in real time on Box.com.  Learn more about Box Notes and download it here:  https://www.box.com/notes.

Box.com FAQ’s

boxbanner

To assist federal defender offices and CJA panel attorneys who need to share and transfer e-discovery in their cases, the National Litigation Support Team (NLST) has obtained (“cloud”) space from Box.com for the short-term storage and transfer of data.

Details

Box.com is a simple cloud-based collaboration program that allows users to store, access, share, and transfer electronic files and documents.  The service encrypts all data and has additional security features.  Users can store an unlimited number of files, for their own use or to share with others, without having to use remote access to office computers. Defense teams can use different devices (such as computers, tablets, or smartphones) to access case data anywhere they can connect to the internet.  This allows CJA panel attorneys to share discovery and work product easily and efficiently in a secure environment.

Box.com is being used by the Department of Justice (DOJ) as their cloud service to distribute e-discovery to the defense. DOJ evaluated it against other similar products and concluded it best met their security standards.

Box.com is committed to ensuring that your data will remain as secure as possible, and providing strong customer support. They have worked closely with the NLST in designing a cloud service that effectively addresses CJA counsels’ growing problem of moving and sharing large volumes of data. The NLST will work directly with each defense team to set up their cloud case folders, and to provide ongoing support of their use of Box.com.

The NLST will manage:

  1. creating case folders to hold electronic information on a case in the cloud,
  2. inviting team members (“collaborators”) to help them get access to the cloud data, and,
  3. granting rights of different team members to get into specific folders.

Because cloud contracts like this store case information on servers owned by Box.com, attorneys remain ultimately responsible for the use of this service. Before using it, CJA members should review their local bar opinions regarding the use of cloud computing and storage.

Once approved, the NLST will send you a form asking for the case details including who will serve as the “point of contact” for each defense team, and who on the team should be given access to the what files that have been stored on the cloud. Note that additional team members can be added later. The NLST will set up a short session to show all those who will use this cloud service how to navigate the system, and how to upload and download data. The NLST will be the team’s first point of contact if there are any questions about using Box.com, technical questions, or any concerns regarding using this
cloud-based case information repository.

Please note that Box.com does not offer advanced e-discovery features found in online document review programs such as Relativity, Summation, or Catalyst. It does not have a database and other advanced tools for organizing, reviewing, and analyzing e-discovery. Rather, its purpose is for short-term storage and transfer of information in the “cloud.”

When the case has concluded, (or sooner if counsel no longer needs this service), the CJA lawyer must delete all case materials from Box.com. The NLST will help ensure the case files are deleted, and the case is properly closed. Counsel should always maintain a copy of all files on their office computer system (besides the information stored in the cloud), as only duplicate files should be stored on Box.com.

Below are some answers to Frequently Asked Questions (FAQ’s) in regards to this service:

What is the difference between Box.com and Dropbox?

Box.com and Dropbox are both cloud based repositories. The Department of Justice is using Box.com, renamed USAfx, to distribute discovery to defense counsel in many districts. Since the DOJ has approved of the security protocols of Box.com, we felt that it would be helpful to make Box.com available to federal defender offices and CJA panel attorneys on a national level. For that reason, the National Litigation Support Team (NLST) has a national contract with Box.com and not with DropBox. The NLST assists in creating and managing case folders on Box.com for the sharing of work product and discovery but we do not support the use of DropBox in any way.

Since USAfx is just Box.com rebranded, can I use my USAfx user ID to log in to a case folder that I have asked the NLST to create on Box.com?

Unfortunately, no. Your user ID and password for USAfx is unique to USAfx and will only work on USAfx. You will need to set up a regular Box.com account and use that user ID and password to access any case folder created by the NLST.

How do I request a new case folder to be set up?

If you think your case would benefit from having a case folder set up on Box.com, please contact the NLST (Kalei Achiu – kalei_achiu@fd.org, 510-250-6310; Alex Roberts – alex_roberts@fd.org, 510-637-1955; Kelly Scribner, 510-637-1952) Once it has been decided that Box.com is the way to go, fill out a request form at: http://survey.fd.org/TakeSurvey.aspx?SurveyID=boxrequest. You will be notified once your case folder is ready to be used.

What is a collaborator?

Every person invited to work within a folder on Box.com is known as a collaborator. Each collaborator needs to have their own Box.com account and needs to be invited to the folder by the NLST.  If you receive an invitation to collaborate on a folder and you don’t have a Box.com account yet, you will first need to set one up.

Can I invite other users to collaborate on a case folder myself?

Only the NLST can invite collaborators to a folder to ensure that only those who should have access to a folder are granted access.

We have an expert on our case. Can we give them access to just a specific folder under our case folder on Box.com

Box.com works well for sharing a subset of information with an expert. Each sub-folder can have a different set of collaborators so you can set up a folder that only you and your expert can access.

Can access to a folder be limited to “read only” for certain users?

Each person invited to collaborate on a folder can be set up with their own unique permission level. The permission levels options for Box collaborators are:
Box.com Permission Levels

How do I setup a Box.com account?

To set up a free, personal Box.com account, which is all you need to access any case folder created by the NLST, simply go to https://app.box.com/signup/n/personal and follow the instructions.

Can I access my Box.com folder on my phone or tablet?

Box.com is mobile device friendly. You can download the Box app to your phone or tablet and access your folders and documents using the same log in credentials you do on Box.com when sitting at your computer.

Why am I being asked verify my account with a text code?

We want to make sure that the data being shared is done so in a secure way. Asking for a text code in addition to your user name and password is one way of ensuring that the person who is logging in is in fact the person authorized to see the data. This two factor authentication process is just one of the many security measures that makes Box.com a safer way to transfer data between legal teams, clients and experts.

How do I upload items?

There are two ways to upload items into your case folder. You can either (1) drag and drop a file or folder from your computer into the folder or (2) click on the “Upload” button at the top of the page and browse to the filer or folder you want to upload.

How do I download items?

There are two ways to download items into your case folder. You can either (1) right click on the file or folder and choose the download option or (2) click on the ellipses […] next to the file or folder and choose download.  Folders are downloaded as .zip files so you have to extract the files to your computer once the download is complete.

Can I get notified when another collaborator adds or deletes documents from a folder?

You can set your user preferences to receive email notifications when another collaborator downloads, uploads, makes comments, previews or deletes items from your case folder. Click on the down arrow next to your name and select account settings. Then click on Notifications along the menu bar. From there, you can select when you receive email notifications based on the actions of other collaborators.

How do I setup a sub-folder within a case folder?

If you have a folder on your computer that you want to make a sub-folder in your Box.com case folder, drag and drop the folder from your computer into your case folder. If you want to create a new sub-folder, click on the “New” button and a sub-folder will appear.

What happens when something is deleted?

Items that are deleted are moved to your Box.com Trash folder.  Deleted items will stay in the Trash folder for 90 days, during which time you can go into your Trash folder and restore those items to your case folder. After 90 days, they will be permanently deleted.

Is there a maximum amount of data that I can use Box.com to share?  What if I have 75 gigs or 1 terabyte?

There is no limit to the number of files or folders that can be shared on Box.com. For most users, there is a 250MB per file upload limit.  If you need to upload files larger than 250MB, contact the NLST for assistance.

How do I edit a Microsoft Office document that has been shared on Box.com and track each version on Box.com?

Collaborators can use Box Edit to make changes to Microsoft Office documents.  The changes will be saved directly back to Box.com along with access to prior versions of the document (see: https://app.box.com/services/box_edit for details and requirements).

Why is “NLST Admin” the Owner of the folder I requested to be created?

The NLST has a national contract with Box.com and is responsible for the creation and management of case folders in order to ensure sure that the appropriate security settings and collaborator permissions are used.  We are responsible for the security of our hosted space on Box.com and we want to make sure that nobody is accidentally allowed access to any case data.

Can I use Box.com to store old case files?

While your personal Box.com space can be used for any purpose, the case folders set up on Box.com by the NSLT is not designed for the storage of old files long term.  Case folders are meant for the short term sharing and transfer of files and to allow for teams to collaboratively edit documents while tracking each version.

dtSearch User Preferences

When you first open dtSearch the window layout and user preferences will be using the programs default settings.  We’ve found that modifying certain settings will increase the search capabilities and will make navigating and working with the program easier.  The system will remember your preferences so you only have to modify these settings once.

By default, the program is set to search document content, but not file or folder names and there are times when searching file and folder names can be helpful.  Additionally, the search results screen uses a top-bottom layout (the list of results will be on the top with a document preview on the bottom).  Since most documents have a portrait orientation, a side-by-side layout is generally easier to work with.  With Adobe Acrobat documents, there is an additional plug-in needed to be able to navigate through search results within the same document.

To change the user preferences, go to the “Options” menu and choose “Preferences”.

image1

In the Preferences window, under “Indexing Options” place a check next to “Index filenames as text” (leave “Include path information” checked as well).

image2

 

Next, go to “Search results” within the “Search Options” section and place a check next to “Checkbox” and “Type” within the “Items to include in search results” section.  Then under the “Window layout” section, select “Vertical split”.

image3

Finally, select “PDF view options” in the “Document Options” section.  Look in the “Highlighting hits in Adobe Reader” area.  If the screen reads “A plug-in is needed…” then select the “Configure Plug-in” button and follow the screen prompts to install (if the screen reads the plug-in is installed then there is nothing more you need to do).

image4

Once you have made the changes, click “OK”.  You will receive a message notifying you that the new window layout won’t appear until you close and restart dtSearch.

To see the changes, close dtSearch and re-open it.  You will see the window layout is in the side-by-side “Vertical split” view.  When you run a search, your search results will now appear on the left, with checkboxes and the document viewer on the right.  Within PDF documents you will now be able to use the hit navigation buttons.

image9

Going forward, any new indexes you create will include the ability to search file and folder names.  If you wish to add this feature to any of your existing indexes, run “Update Index” from the “Index” menu.

For additional help with dtSearch, please use the “Help” menu or visit dtSearch.com.

.

 

 

Acrobat DC New Features

All of you use Adobe Acrobat on a daily basis.  Whether it is Adobe Acrobat Reader, Standard or Pro, it is an excellent tool for legal professionals for everything from saving pleadings to file with the court’s case management/electronic case file system to reviewing discovery.  Some of you have been using Acrobat for a while and know that Adobe comes out with new versions every couple of years.  The latest version of Acrobat stopped using the number of release to distinguish a new version (like Adobe Acrobat XI), but now calls itself DC, which stands for Document Cloud, and labels the version by the year of the release (Adobe Acrobat DC 2016 the most recent version).  Like many other software companies, Adobe is moving to a cloud based service giving users the option of working on multiple devices seamlessly if they choose to store their files online.  Though designed for cloud use, users do not have to store their documents remotely, and they can continue using Acrobat DC as a desktop program as they always have.

Acrobat DC has a new look compared to previous versions, has been designed to be tablet and cell phone friendly, and gives users the ability to work on a document from different devices seamlessly. The addition of a user friendly tabbed tool bar makes switching from one document to another that much easier.

The “Home” tab shows the most recent files you have worked with.  You can also search for a file in the search bar, open a file by navigating to it by clicking on “My Computer” or going to the File Menu and selecting → Open.

9-20-2016 1-29-00 PM.jpg

Once you open a document, the “Document” tab appears at the top of the screen, allowing you to easily navigate from the Document to the Tool Center to the Home page.

9-20-2016 1-31-49 PM.jpg

The “Tools” tab, otherwise known as the DC Tool Center centralizes all the features of Acrobat in one place for easy access. Now you can quickly find the tool you need without having to remember which  menu in the tools section to navigate to.

9-20-2016 1-44-24 PM.jpg

The “Search Tools” option in DC is intuitive and easy to use. If you want to OCR a document, type OCR in the “Search Tools” section of the Tool Center and all the toolsets related to recognizing text will appear.

9-20-2016 1-45-13 PM.jpg

The tool pane that users see when looking at a document can be customized. You can add a tool to the tool pane by selecting “Add Shortcut” from the Tool Center or by right-clicking in the Tool Pane when searching for a tool and adding it there.

image5

When Tool Groups are opened, they are automatically pinned to the top of the screen. The Tool Group stays open until you close it or open another tool.

9-20-2016 1-47-39 PM.jpg

DC gives you multiple ways of accessing the tools you are looking for and then quickly going back to working with your documents.

image8.png

The new tabbed tool bar is just one feature of Acrobat DC that makes upgrading worthwhile.  More features will be highlighted in upcoming posts so stay tuned.

dtSearch Desktop Demonstration Video

dtSearch is a popular search and retrieval program. Here is a brief 12 minute video that demonstrates how to setup a new dtSearch index and how to run searches within an index.

As mentioned in the dtSearch Desktop post, we have been able to obtain a limited number of licenses that will be made available to CJA panel attorneys with current, active cases.  To request a license go to the dtSearch Desktop post and fill out the request form on the bottom.

Note: like most litigation software programs, this program was developed for Windows-based operating systems and does not work with Macintosh operating systems.