Digital Forensic Analyst Uncovers Metadata Back-dating: Supports $1 Million Sanction

Patrick Burke David Klausner has joined the $1 million club – meaning the small group of forensic analysts who have uncovered evidence tampering serious enough for a judge to impose a million dollar fine. Using EnCase® along with several other forensic tools, Klausner, operating out of Redwood City, Calif., demonstrated to a federal court in Chicago that key evidence purposely had been backdated by turning back the clock on a PC before an original set of source code was overwritten and replaced with back-dated updated source code. See the decision here.

Klausner’s testimony also convinced US District Court Judge Sharon Johnson Coleman that computer hard drives, USB drives and zip drives were “wiped.” Klausner explained how he had discovered the wiping because the wiping tools leave behind a “fingerprint” that may be detected by certain forensic tools. The key witness later admitted that he used a wiping program and that the purpose of his wiping was “[t]o make sure that any files on there were not recoverable other than the ones that I put on there.”

According to the decision, the sanctioned company’s lawyers, instead of investigating the questioned authenticity of their key evidence, simply complained that the accusations were unfounded. Judge Coleman sanctioned the lawyers too: they must reimburse Klausner’s client for the cost of pursuing the investigation of the wrongdoing. Which places Klausner well into the $1 million club.