Thought I would go over some information concerning the forensic aspect of these types of cases. It is a rehash of a previous post, but the information is still relevant.
For a majority of the current BitTorrent copyright infringement cases, the only Plaintiff/Troll to likely conduct a forensic examination at this time is Malibu Media/Troll Lipscomb. The reason for this is forensic consultants are not generally cheap. Malibu Media has adapted their case filings to what they deem the more serious long-term offenders; so they believe their false-positive rate is lower than the other mass-Doe cases. Even with this belief, the forensic consultant is costly and not to be employed lightly.
Many other factors come into play, such as the Defendant’s likely income and ability to pay a judgment. Spending thousands of dollars for a forensic examination is pointless if the defendant has no money/assets to pay from. The best you get from a non-paying party is more headaches and the right to brag that you “actually do go after offenders.” The large judgments (as well as the fees/costs) against the three defendants in the PA Bellwether trial are good for Malibu Media/Troll Lipscomb’s PR/fear image, but not necessarily the bottom line (getting paid). There may be some debate on the long-term benefit of this case, but the up-front costs were born by Malibu Media/Troll Lipscomb. Remember that the business model is to generate revenue on a repeatable basis, not stamp out piracy of Plaintiff’s content.
When Will Forensics Occur?
This is usually done after depositions (interviews of the network users) and written interrogatories (questions to the ISP subscriber/Defendant(s)). The forensics can take place during such activity, but a forensic consultant will better benefit from knowing what the Defendant stated in their Answer, Interrogatories, and Deposition. If the answers the defendant provided indicate guilt or looks really bad, a settlement may occur prior to any forensics. Usually a forensic examination is going to happen if the previous actions failed to disclose any direct evidence or that a settlement could not be reached.
What Will They Look For?
Anything and everything that can possibly help them. Mainly this means evidence of a BitTorrent client installed on the system, Plaintiff’s movies, any .torrent files, and any of the “other” files (AKA: Exhibit C) that were being shared via BitTorrent on the public IP address of the Defendant.
Other things that will likely be searched for are dates showing when the current operating system was installed on the computers, as well as general use of the system. Was it installed after the Doe was notified of the case by the ISP??? – Indicating a system was wiped & reloaded. Does the system have very little use up until the Doe was notified of the case by the ISP??? – indicating a possible replacement system. Or was a new system purchased after this notification – indicating that a system was possibly removed/replaced from the residence.
They will likely look at the Web history to see if you visit sites such as “The Pirate Bay,” “TorrentFreak,” or even “DieTrollDie” and “Fight Copyright Trolls.”
– Deposition question asked of Doe #1 (PA Bellwether case) –
Identify each Web site, blog, or message board, which you have visited, or which you have subscribed, posted to, which refers to, relates to, or discusses Internet Piracy, BitTorrent file sharing, or which provides information to people regarding suits which alleged people have committed online copyright infringement.
Is there any programs that could be used to securely delete (wipe) files from the system??? We have seen Trolls claim “CCleaner” was used to destroy evidence simply because it has that ability. I would assume they would also look for data encryption programs that could be used to hide possible evidence.
These items will be looked for in the system file structure, as well as the unused portions of the hard drives (Unallocated Space). The Unallocated space of the hard drive can hold lots of past information, but the context of it is sometimes hard to know. What if a search of the hard drive comes up with the SHA-1 file number and file name for the Malibu Media movie “Pretty Back Door Baby” (B17E6CBB71FF9E931ED034CFC5EC7A3B8F29BB1E) in the Unallocated Space of the hard drive? Does this mean you guilty??? Or is that part of a Web search you conducted once you started to look into the case. Here is what I get if you search for that SHA1 file number in Google.
Oh look, “The Pirate Bay” is in the search results, I guess I’m guilty… Not. What if I clicked on the link to The Pirate Bay result??? It still doesn’t mean you did anything wrong. But that will not stop Plaintiff from claiming you are the offender and you visit “pirate” sites.
The free rein Plaintiff wants to conduct such forensic examinations is scary, as it is so open in comparison to what they are actually searching for – BT Client, BT/.torrent files, Plaintiff’s movie(s) in the complaint, and Third-party movies (Exhibit C). As far as Federal civil law suits, I don’t know if this “Wide-Open” (Fishing Expedition) forensic examination can be tailored down to a search for the relevant evidence.
I would certainly try to limit the scope of the search. I believe a court could limit the scope of the search to the obvious relevant evidence, as well as when the OS was installed, activity at specific dates/times in question (claims in the complaint), and for obvious signs of data destruction (Unallocated Space is overwritten with “0”s, etc.). Any other information sought needs to be part of a specific request with the proper justification supporting it (My opinion).
Now What Happens If The Forensics Turns Up Nothing?
If a forensic examination fails to turn-up a “smoking gun,” (Plaintiff’s movie(s), BT Client, .torrent files, and the Third-party files (Exhibit C)) the Plaintiff/Troll is likely to point to any file or data remnant that may support their position. Remember that in these cases, the burden of proof is only preponderance (AKA: More than likely that a Doe did it).
Even if they find absolutely no evidence, they can simply claim that you removed the offending system from the residence and did not provide a copy of the hard drive for analysis. Such activity is of course possible and Troll Keith Lipscomb has stated as much in the PA Bellwether trial.
The following folder contains the audio recording for the PA Bellwether trial and can provide some good insight. Note: I’m attempting to obtain a transcript of the trial – will hopefully post soon. Audio Folder