Sample Interrogatories
The Interrogatories below are meant to be a starting point - in any particular case, some will not apply and you will have to craft others specific to your case. However, the questions below will generally help identify how a company's computer system is configured and assist in identifying how you need to proceed in securing the relevant electronic evidence in your case. Clearly, some of these involved a request for a production of documents or may be questions appropriate in a deposition.
General Interrogatories
Describe the configuration of your company's network, including the operating systems used, the number of workstations, laptops, and servers, their physical location and diagram how all devices are interconnected.
What software applications are used, both off the shelf and custom?
Is all software properly licensed and is there an annual or other periodic license audit?
Identify any databases used internally by the company and their functions.
Fully describe the back-up system and the software (including version) and hardware (including manufacturer name and model) used, including the tape rotation schedule and identifying when tapes are overwritten. Include what data is backed up and from which device.
Do you have keep backups offsite and, if so, identify the address and/or entity responsible for storage.
Are there security measures in place to prevent unauthorized access to backup media, and if so, what are they?
Identify any loose or removable media, including but not limited to disks, zip disks, CD-ROMs, DVDs, tapes, thumb drives, etc. that may contain data relevant to this litigation or impending litigation.
Identify the system administrator(s) with contact information.
Identify the individual to whom the system administrator reports with contact info.
Identify any IT personnel who may have knowledge with respect to the data relevant in this litigation or possible impending litigation.
Describe the network authentication procedures.
Describe any company intranets or extranets, their functions and security mechanisms.
Do employees use PDAs and, if so, identify the number and kind of PDAs used.
Identify the number and location of all company workstations and laptops, including the manufacturer, model and class of the machines, operating systems used and user name.
Identify the manufacturer, model and location of any networked digital copiers used by the company.
Do employees work from home computers? Is there a VPN or other form of remote access to the network? Describe authentication methods used.
What e-mail package does the company use, including version?
Is there an e-mail server? If so, identify the manufacturer and model, as well as operating system and mail server software used and location.
Where is e-mail stored?
What network activities/events are logged (e.g. SNMP traps, router logs)?
Are there any intrusion detection systems set up on the network?
Who is the company's Internet provider?
Who hosts the company's website?
Is there any monitoring of employees' computer activity - if so, describe in detail what is monitored and by whom and the retention period for any logs.
Identify the manufacturer and model of any firewall, as well as its configuration.
Identify the manufacturer and model of any router, as well as its configuration
Is any company data held by a third party, e.g. an application service provider? If so identify the provider and the nature of the data held.
Do you outsource any of your IT services? If so, identify the provider, the nature of the provider's services and contact information.
Are company cell phones, pagers and PDAs in use? If so, identify the manufacturers and models and name the individuals who have them.
How is security structured? Who has access to which applications, drives, etc? Note the distinction, if applicable, between read-only access, and read/write access. If there is a mail server, who has administrative rights?
For individuals who may have knowledge pertaining to this litigation, identify their names, their user names, logons, passwords and e-mail addresses.
Identify any encryption programs that may be used, the level of encryption, what it is used to encrypt and provide the decryption keys and any pertinent instructions for decryption.
Is there an Internet and e-mail use policy?
Is there a company computer security policy or procedures?
If litigation is planned or in place, have all employees been instructed to preserve possible evidence? On what date were those instructions given and produce the instructions that were sent.
Has any data relevant to the litigation or possible impending litigation been deleted? If so, specify what data was deleted and the dates of deletion.
If litigation is planned or in place, has the company suspended overwriting of backup tapes and selling, donating, or otherwise disposing of equipment as it might typically do in the normal course of business?
List any equipment that was disposed of between xxxxxx and xxxxxxx.
Is there any sort of disposal policy?
List any software or hardware modifications made to the computer of xxxxxx between xxxxxx and xxxxxx.
Identify any graphic representations you may have of your network or your telephonic system.
Does the company have a PBX - if so, identify the manufacturer and model and whether the PBX interfaces with the telephony system and if voice mail is present.
Do you retain any voice messaging records?
Do you retain any records of phone usage - if so, identify what records are kept.
Identify any policy pertaining to the retention or disposal of such records.
Identify by job title, name, business address and telephone, all individuals who have the responsibility for enforcing any Internet or e-mail usage policies, document retention policies, and any employee monitoring.
Has the company ever provided electronic evidence in other litigation? If so, state all case names, courts, date of production, and media in which the evidence was produced.
Has the company been the target of any computer crimes in the past and, if so, provide dates and details.
When composing interrogatories for individuals (or taking their deposition):
Do you make individual back-ups of your system, copies of files or any portion of the network?
Do you use floppy disks, zip disks, CDs, DVDs, thumb drives or other media to make back-ups or for portability reasons?
Do you work from home at times?
Can you connect to the company server remotely? If so, by what method?
If so, where do you store any files created?
Who owns the computer, you or the company?
Do you use a pager, PDA or cell phone for work purposes? If so, who owns them?
At work, do you ever use a machine other than your own - if so, whose?
Does anyone else ever use your machine at work - if so, who?
Is a password required to connect to the company network? If so, how often do you change your password?
Does anyone else have access to any of your passwords - if so, who?
Do you have a secretary or assistant who has access to any of your data and, if so, identify them and the data to which they have access.
Do you maintain a calendar?
Do you maintain a task list?
Do you maintain a contact list?
Is there a firm-wide calendar?
Do you have voicemail and, if so, is it retained?
What operating system is on your computer?
What software is loaded on your computer?
Do you have any non-standard software (not used firm wide) on your company computer, and if so, identify the software and version.
How much storage space is on your hard drive?
Do you have a CD-ROM drive?
Do you have a floppy drive?
Do you have any other peripheral equipment as part of or attached to your computer?
Do you print to a networked printer and, if so, identify the manufacturer and model.
Do you use a digital photocopier and, if so, identify the manufacturer and model.
How long have you used your computer?
Have there been any hardware/software changes to computer since you begin using it and, if so, identify them.
In connection with this lawsuit, have you been asked by anyone to delete or to
look for information? If so, what information and who gave the instructions?
Do you ever employ encryption? If so, when and what product and version to you use.
Do you ever copy data from your computer onto other media?
Does your company have an intranet?
Does your company have an extranet?
Identify your supervisor and give his/her contact information.
Identify the people who work under you and give their contact information.
What is your job title?
Describe your duties.
As part of your job, do you participate in any chat groups or newsgroups? If so, identify them.
Do you use any e-mail package other than the company e-mail software? If so, which one?
Do you use web-based e-mail?
Have you accessed company data from any computer other than computers at work or at your home and, if so, identify those computers.
Do you use instant messaging or ICQs? If so, which ones and do you ever log your messages?
1