Portable Devices - Another Source for E-Discovery

In my earlier post "Hosted Apps: A Source for E-Discovery" I pointed out that "hosted applications" are a good source of information when deposing 30(b)(6) representatives and drafting requests for production of electronic information. But what about information buried in portable storage devices such as USB drives, flash drives, hard drives, iPods, PDAs, CD-ROM, DVD drives and even cell phones?

These little gadgets have become very popular tools for transferring data among computer systems and networks. What would be the smoking gun that indicates the deposed party actually utilizing such devices and denied possession of them?

The Windows computer platform may be tight in security but it also contains a trail of bread crumbs that may unveil the presence of some portable devices. Take a look at the Windows registry. It is essentially a database that resides on the computer containing critical information and settings for all the hardware and operating system software, among other things. Each time a portable device is attached to the computer (via a USB, serial / parellel port), Windows grab the information regarding the device manufacturer and serial number if it has one and stores it in its registry.

The registry also keeps a date stamp associated with the last time the portable device was written. So unless the deposed party is a computer forensics expert who knows how to hide her tracks, the Windows registry would likely provide a glimpse of whether the other party is forthright with producing the content you seek.