5 Evidence Handling Failures That Cost Attorneys Everything

These are real cases with real consequences. Every one of them involved an evidence handling failure that modern tools could have prevented.

Not theoretical risks. Not worst-case hypotheticals. Five situations where attorneys, parties, and forensic examiners failed to preserve, protect, or verify digital evidence, and paid for it with sanctions, default judgments, suspended licenses, and a verdict that shocked the country.

The dollar amounts speak for themselves. So do the outcomes.

1. Allied Concrete Co. v. Lester (Va. 2013)

What happened: Isaiah Lester filed a wrongful death suit after his wife was killed in a construction accident. During discovery, opposing counsel sought access to Lester's Facebook page. Lester's attorney, Matthew Murray, told his paralegal to tell Lester to “clean up” his Facebook page.

Lester deactivated his account and deleted 16 photographs, including photos of him holding a beer and wearing a shirt that would have undermined his emotional distress claims. When opposing counsel asked directly whether Lester had a Facebook account, Murray represented that he did not.

That was false. And it was discovered.

The result: The trial court imposed $542,000 in sanctions against Murray personally and $180,000 against Lester. The Supreme Court of Virginia affirmed. Murray accepted a five-year suspension of his law license from the Virginia State Bar, effective July 2013. He resigned as managing partner of his firm.

The lesson: Social media evidence carries the same preservation obligations as every other form of electronically stored information. Telling a client to delete it is spoliation. Misrepresenting its existence to the court is fraud. The sanctions hit the attorney harder than the client because the attorney directed the destruction.

Allied Concrete Co. v. Lester, 285 Va. 530, 736 S.E.2d 699 (2013). Attorney discipline: In re Murray, Virginia State Bar (2013).
Read the full case analysis →

2. Victor Stanley, Inc. v. Creative Pipe, Inc. (D. Md. 2010)

What happened: Victor Stanley sued Creative Pipe for copyright infringement over decorative outdoor furniture designs. During discovery, Mark Pappas, Creative Pipe's principal, used wiping software and disk defragmentation programs to permanently destroy files on his computers. He did not implement a litigation hold. He repeatedly misrepresented the completeness of his document production to the court.

Magistrate Judge Paul W. Grimm, one of the most influential jurists in electronic discovery law, conducted an exhaustive analysis spanning 89 pages. He described Pappas's conduct as “the single most egregious example of spoliation” he had encountered in nearly fourteen years on the bench.

The result: Default judgment on the copyright infringement claim. Judge Grimm ordered civil contempt and initially recommended imprisonment of up to two years unless Pappas paid sanctions. The district judge affirmed the default judgment and the full sanctions award of $1,049,850.04 ($901,553 in attorney fees plus $148,297 in costs), though the imprisonment component was removed on review.

The lesson: Active destruction of evidence combined with the absence of a litigation hold is the worst possible combination. Pappas did not just fail to preserve — he affirmatively destroyed evidence and then lied about it. Every element compounded the next. No litigation hold meant no defensible process. Wiping software meant the destruction was intentional. Misrepresentation to the court meant sanctions escalated from remedial to punitive. Default judgment meant Pappas lost on liability without a trial.

Victor Stanley, Inc. v. Creative Pipe, Inc., 269 F.R.D. 497 (D. Md. 2010).

3. GN Netcom, Inc. v. Plantronics, Inc. (D. Del. 2016; 3d Cir. 2019)

What happened: GN Netcom (maker of Jabra headsets) sued Plantronics for anticompetitive conduct. During discovery, it emerged that Don Houston, Plantronics' Senior Vice President of Sales, had directed employees to delete emails related to competitive practices on at least three separate occasions between 2012 and 2014. Houston himself “double-deleted” his own emails — deleting them and then emptying the deleted-files folder — destroying an estimated 40% of his email archive.

The scope of the destruction was staggering. Between 36,000 and 90,000 emails were destroyed, with an estimated 950 to 2,350 responsive documents permanently lost. Internal communications revealed that Plantronics employees used code words to discuss competitors: “zebra” for GN, among others. The code words suggested awareness that written communications about competitive practices could create legal exposure.

The result: The district court imposed a $3,000,000 punitive monetary sanction and an adverse inference jury instruction. But the story did not end there. On appeal, the Third Circuit affirmed the sanctions but reversed the district court's exclusion of GN's expert testimony on the scope of Plantronics' spoliation. The case was remanded for a new trial. The parties ultimately settled in July 2020 after eight years of litigation.

The lesson: Even when you win sanctions, the victory can be reversed on procedural grounds. GN obtained $3 million in sanctions and an adverse inference instruction — a strong position going into trial — and still had to go back and do it again because the district court erred in excluding expert testimony. Sanctions are not self-executing. The procedural framework for proving spoliation must be followed as carefully as any other evidentiary issue.

GN Netcom, Inc. v. Plantronics, Inc., 2016 WL 3792833 (D. Del. July 12, 2016) (sanctions order); 930 F.3d 76 (3d Cir. 2019) (reversal and remand).

4. State of Florida v. Casey Anthony (Orange Cnty. Fla. 2011)

What happened: In one of the most watched criminal trials in American history, the prosecution's case against Casey Anthony relied heavily on computer search records from the Anthony family's home computer. A forensic examiner using a tool called CacheBack testified that the computer had been used to search for “chloroform” 84 times, a claim central to the prosecution's theory of premeditation.

The number was wrong. CacheBack contained a bug that inflated the search count. The actual number of relevant searches was one, not 84. The tool's developer acknowledged the error after trial. The prosecution's own expert retracted the 84-searches figure, but the damage was done: the retraction came after the jury had heard the original testimony.

Compounding the forensic tool failure, law enforcement missed the Firefox browser history entirely. Their analysis focused on Internet Explorer. A search for “fool-proof suffocation methods” in the Firefox history was not discovered until years after the trial, when a software developer reviewing the case found it.

The result: Not guilty on all felony counts. Anthony was convicted only of four misdemeanor counts of providing false information to law enforcement.

The lesson: Digital forensic tools must be cross-checked. A conclusion that depends on a single tool is a conclusion that fails when that tool has a bug. The prosecution's reliance on CacheBack without independent verification of its output created a vulnerability that the defense exploited to undermine confidence in the entire digital evidence case. And the failure to examine all browsers on the computer meant that critical evidence was never presented to the jury.

Metadata matters. Chain of custody documentation matters. Independent verification matters. When any of these are missing, the evidence built on that foundation becomes vulnerable regardless of what it shows.

State v. Anthony, Case No. 48-2008-CF-15606-O (Orange Cnty. Cir. Ct., Fla. 2011). This was a trial court proceeding. There is no published appellate opinion.
Read the full case analysis →

5. Guarisco v. Boh Bros. Construction Co. (E.D. La. 2019)

What happened: In a personal injury case in the Eastern District of Louisiana, the plaintiff produced a photograph during discovery that had been digitally altered. A forensic expert retained by the defense determined that the photograph had been modified on a computer owned by the plaintiff. The plaintiff had also deleted 22 additional photographs and videos from around the time of the accident.

Here is where the case gets interesting. The defendant had found the original, unaltered version of the photograph on social media. Because the unaltered version was still available, the court held that FRCP 37(e) did not apply — that rule governs situations where electronically stored information “cannot be restored or replaced through additional discovery.” Since the original was recoverable, the evidence was not “lost” within the meaning of the rule.

But Judge Carl Barbier did not stop there. He sanctioned the plaintiff under the court's inherent authority, ordering payment of the defendant's expert witness fees. His reasoning was direct: allowing a party to escape sanctions simply because the tampering was unsuccessful would undermine one of the primary purposes of the spoliation framework — deterring the conduct itself.

The result: Sanctions under inherent authority despite the original evidence remaining available. The court made clear that the attempt to alter evidence is sanctionable regardless of whether the alteration succeeds.

The lesson: Even unsuccessful evidence tampering gets sanctioned. The fact that the unaltered original was still available on social media did not save the plaintiff. If anything, it made the situation worse: the existence of the original made the alteration provable beyond any dispute. The court treated the attempt itself as the sanctionable conduct, not the outcome.

For attorneys, this case is a warning about client-produced evidence. If a client provides you with digital photographs or video, and you produce them in discovery without verifying their integrity, you are relying entirely on your client's representation that the files are unaltered. A SHA-256 hash computed at the time of receipt would have flagged the discrepancy immediately — or, if the files were authentic, would have provided mathematical proof of their integrity.

Guarisco v. Boh Bros. Constr. Co., LLC, No. 18-7514 (E.D. La. Oct. 3, 2019) (Barbier, J.).
Read the full case analysis →

The Common Thread

Five cases spanning a decade. Five different jurisdictions. Five different types of evidence handling failures. One common thread: no immutable audit trail, no integrity verification, no chain of custody documentation.

In Allied Concrete, a hash-verified record of the Facebook evidence at the time of the litigation hold would have made deletion immediately detectable — and would have removed the temptation to attempt it. In Victor Stanley, automated chain of custody logging would have documented the destruction in real time, eliminating the months of misrepresentation that compounded the sanctions. In GN Netcom, immutable storage with access logging would have prevented the double-deletion that destroyed tens of thousands of emails. In Casey Anthony, independent hash verification of the forensic output would have caught the CacheBack bug before trial testimony. In Guarisco, a SHA-256 hash at the point of collection would have either confirmed the photograph's authenticity or flagged the alteration the moment the file was received.

None of these outcomes were inevitable. All of them were preventable with tools that exist today.

Attested provides all three: SHA-256 integrity verification at the moment of upload, automated access audit trail for every access event, and viewer identity watermarking that attributes every view to a specific recipient. The evidence that enters the platform is the evidence that comes out — and the system can prove it.