This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Front Range OWASP Conference 2013/Sessions/Sess1 Mgmt2

Jump to: navigation, search

Electronic Discovery for System Administrators

As the Federal Rules of Evidence have evolved over the last several years, and as the volume of information in digital format has overtaken traditional printed media, electronic discovery had become more important than traditional paper-based discovery in litigation. While vendors can help with production, system administrators play a key role in the acquisition and production of Electronically Stored Information (ESI).

This presentation is designed to present an overview of the discovery process, explain how it differs from traditional computer forensics, and offer tips for administrators and managers to better assist in the production of ESI in the event of litigation (and hopefully to reduce the costs associated with production).

Slides Video

Russell Shumway

Russ is the Computer Forensics Lead Aerstone. Russ has over 18 years of experience as an Information Security Consultant, providing technical incident response, computer security, forensics, and electronic discovery advice to both public and private sector organizations. Previous clients include large financial institutions in the U.S. and Europe, including 7 of the 10 largest banks in the U.S. and 13 of the top 50 in the world, as well as health care, insurance and high tech manufacturing organizations.

Prior to joining Aerstone, he spent 5 years as the Technical Director for Electronic Discovery and Forensics for SNR Denton, one of the top 25 law firms in the world, where he assisted clients and attorneys in technical investigations, discovery collection and processing, and the development of discovery protocols. His experience also includes consulting with Guardent and Global Integrity Corporations. As the Technical Director for Response Services for Global Integrity he managed the company's Open Source Monitoring Program and assisted in the development and implementation of the Information Sharing and Analysis Center (ISAC) for the financial services sector. He has provided incident response consulting on major security breaches where potential losses exceeded $50 million dollars.

As a U.S. Army Reserve Officer, he performed vulnerability assessments and audits of classified and unclassified military computer networks for the Army Computer Emergency Response Team. He was the first person (military or civilian) to be certified to execute penetration tests on Army systems.

Mr. Shumway is a Certified Information Systems Security Professional (CISSP). He graduated from the University of Pennsylvania in 1983 and received a M.S. in the Management of Information Systems and an M.B.A. from the Katz Graduate School of Business in 1995.

Mr. Shumway has developed and taught graduate level courses at the University of Virginia and at the University of Fairfax.

Russ Shumway