By now you are aware of the new amendments to Federal Rule of Evidence 902, governing authentication, that expressly address electronic evidence.   The amendments, which took effect on December 1, 2017, designate electronic evidence that was generated by a process that produces an accurate result to be “self-authenticating.”  FRE 902(13).[1]  This means that log files, spreadsheets, metadata and registry files collected by a certified forensic examiner from a computer or electronic device can pass the authenticity threshold without need for live foundational testimony.   Additionally, electronic evidence “copied” from a digital device, hard drive or file can be self-authenticating if a “qualified person” such as a certified digital forensic examiner certifies that it is authentic “by a process of digital identification.”  FRE 902(14). [2] Here are two examples of the smart use of digital forensics well before trial – in fact, at the start of your case — to overcome authenticity objections and to save time and money by eliminating additional trial witnesses.

Example One:  You want to prove which documents your client’s ex-employee was accessing in the days and weeks before she quit to take a job with a competitor in violation of her employment and non-compete agreement.    The Windows operating system on her work computer tracks such information.  A certified digital forensic examiner makes a forensic image of the work computer, which is still in your client’s possession, analyzes the image, and assembles the list of accessed documents by using special forensic tools.   The document access list would be self-authenticating at a hearing or trial if you provide a certification from the examiner complying with Rule 902 and give notice, because the access list was generated by the Windows operating system, which is a system that produces an accurate result.  FRE 902(13). Importantly, if your client’s IT department, not qualified to perform forensics, reviewed the work computer without using proper forensic tools, there is a significant possibility that the access dates were changed, which would not only preclude the chance to use the self-authentication rule, but also actually destroy important evidence.  And, waiting for a year or two, until the trial date looms, to secure this evidence may mean that the evidence is no longer available because your client “repurposed” the computer.

Example Two:  You want to show the personal injury plaintiff’s medical condition, post-accident, by using pictures from his Facebook page.  A digital forensic examiner collects the Facebook page using special tools which generate a “hash value,” an alpha-numeric value that is unique to the collected ESI and which digitally identifies it as unique and establishes that it was collected accurately on a certain date.   The examiner’s certification of this process would establish self-authentication under Rule 902(14).  A “screen shot” taken by your paralegal would not.  Moreover, a delay until the eve of trial obviously would risk the unavailability of this evidence.[3]

Therefore, although your trial date may be a year away, you should plan for proper ESI collection now, during or even before formal discovery starts, so that you may take advantage of the new self-authentication amendments and ensure the availability of this often-fleeting electronic evidence.  Do not wait until you are listing your evidence in your pretrial statement to try for “self-authentication” status – by that time the electronic evidence may require a new collection, and the evidence could be long gone.

[1] FRE 902((13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11).

[2]  FRE (14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule (902(11) or (12). The proponent also must meet the notice requirements of Rule 902 (11).

[3]  See State of Louisiana v. Demontre Smith, La. Court of Appeals, April 20, 2016 (social media posts ruled as inadmissible due to lack of authenticity); Linscheid v. Natus Medical Inc., 2015 WL 1470122, at *5-6 (N.D. Ga. Mar. 30, 2015)(print-out of LinkedIn not admitted).