Thank you for the suggestions. I've considered using second drives /
partitions, removable drives, and encryption with keys kept on USB memory
devices. For various reasons having to do with the nature of donated
equipment (new, but limited in flexibility) none of them is quite suitable to
the particular purpose, though encryption comes closest.

This due diligence issue is one for protection of the lawyers more than the
protection of the clients, and it really isn't a matter of them being lazy.
There are circumstances where a lawyer and clients are operating under
extreme stress. If it's sufficient to be sure that the notebook is not left
unattended for more than a couple of minutes, then it's sufficient. It would
be hard to explain without a pretty thorough explanation of their working
methods. But it is extremely important to have the technology be as
unintrusive as possible. These are good guys giving their time for free to
take care of folks who have no other access to legal help of this particular
type.

"DevilsPGD" wrote:

> In message <C4BFE233-461C-4CC7-8C18-34B88BBD2900@microsoft.com> jimmuh
> <jimmuh@discussions.microsoft.com> wrote:
>
> >No, in other words there is a concept called "due diligence" at work here. It
> >is impossible make any system perfectly secure. But there's a hell of a
> >difference between being able to do a casual inspection and retrieve previous
> >versions through a folder's properties dialog on a machine inadvertantly left
> >unattended for a few minutes and having to use forensics to get the same
> >data. The difference is recognized quite widely in court. And these guys are
> >-- well, lawyers.
>
> Understood, to a point -- Recovering files from a "oops I deleted it by
> accident" point of view is unreliable. Undeleting files from a "The
> rest of a client's life or livelihood depends on these files being gone"
> is trivially simple for someone with relatively few skills (and access
> to Google to find a tool to do it)
>
> I would hope my lawyer does more then the minimum required to qualify as
> due diligence.
>
> That being said, there are a few options...
>
> The easiest would be a second logical drive (physical or partition)
> which doesn't use Shadow copies. You could even mount that partition
> into the user's Documents directory, or redirect their Documents to an
> appropriate location.
>
> Better yet would be solution using encryption, which would only require
> you to destroy the keys to effectively remove access to the data.
> --
> Insert something clever here.
>