The Shell team at Microsoft at some point decided to improve things a bit and implemented a new way of comparing Unicode strings that contain numerals. The change took effect after Windows 2000, so operating systems such as Windows Server 2003, Windows XP, Windows Vista and Windows 7 sort numerals in folder and file names according to their numeric value. While this seems logical and may be helpful to most people, we believe that it brings new issues, especially in the legal industry.
Date/time information extracted from e-mails and electronic documents is a major aspect of electronic evidence. In order to interpret and display the extracted timestamps correctly, most digital forensics and e-Discovery software require the end user to specify a time zone. The selected time zone can have numerous effects such as the appearance of timestamps on printed e-mails or whether or not certain documents fall within the relevant time frame during culling. Especially in cases that involve multiple time zones, it is critical to determine how time zones should be handled in order to avoid potential problems down the road.
Let’s assume that you received an external hard drive from a forensic examiner in connection with ongoing litigation. Naturally, the first thing you would want to do would be to plug it in, take a look at its contents and gather information such as the amount and type of data contained on the hard drive before you plan your next steps. You are well aware that you must not modify the contents of the hard drive as this would cause spoliation of electronic evidence. Did you know that the mere act of plugging a hard drive into your computer to view its contents is usually enough to modify its contents?