Oracle Corporation et al v. SAP AG et al
Filing
834
Declaration of Joshua L. Fuchs in Support of 833 Memorandum in Opposition, filed bySAP AG, SAP America Inc, Tomorrownow Inc. (Attachments: # 1 Exhibit A, # 2 Exhibit B, # 3 Exhibit C, # 4 Exhibit D, # 5 Exhibit E, # 6 Exhibit F, # 7 Exhibit G, # 8 Exhibit H, # 9 Exhibit I, # 10 Exhibit J, # 11 Exhibit K, # 12 Exhibit L, # 13 Exhibit M, # 14 Exhibit N, # 15 Exhibit O, # 16 Exhibit P, # 17 Exhibit Q, # 18 Exhibit R, # 19 Exhibit S, # 20 Exhibit T)(Related document(s) 833 ) (Froyd, Jane) (Filed on 9/9/2010)
<![CDATA[
D
ockets.Justia.com
John A. Polito D i r c c t Phone: 4 1 5 . 3 9 3 . 2 3 1 4 415.393.22R6 Dircct Fax: john.polito(4l bin gh am.com
March 1 2 , 2 0 1 0 Via E m a i l a n d U . S . M a i l J o s h u a L. Fuchs, Esq. Jones D a y 717 Texas, Suite 3 3 0 0 Houston, T e x a s 7 7 0 0 2 - 2 7 1 2
Re:
O r a c l e v. S A P
D e a r Josh: m i n g informalion T h i s further r e s p o n d s t o y o u r letter d a t e d F e b r u a r y 1 9 , 2 0 1 0 , c o n c e p p l e m e n t s m y lettcrs to y o u dated F e b r u a r y 2 6 , 2 0 1 0 a b o u t Mr. M a n d i a ' s work, and s u ns. A s 1 noted in and March 6, 20 I O with responses t o t h e r e m a i n d e r o f y o u r questio e believe Defendants already p o s s e s s o r c o u l d ea<;ily d e r i v e the my l a s t l e t t e r , w ny o f it in view o f i n f o r m a t i o n r e q u e s t e d , a n d t h a t w e h a v e n o o b l i g a t i o n to p r o v i d e a e s p o n d i n g in t h e inlerest disc10sures w e h a v c a l r e a d y m a d e , b u t w e a r e n e v e r t h e l e s s r o f an e f f i c i e n t deposition. a g e s 70-74 (now 20. Determination o f First Deliverable in A p p e n d i x K. section 3, p g d o c u m e n t a t i o n for pages 9 2 - 9 5 ) : M a n d i a ' s first d e l i v e m b l e a n a l y s i s o m i t s s u p p o r t i n Steps 2 , 3 , 4 , 5 and 6.
n d H a r d Drive ORCL.X-MAlv-000058 is Ihe dala sel e r e a l e d f r o m Dise 9, Disc 1 8 6 a Appendix B. Section 5.b, a l pa~es 78 defined as Delivered Updales a n d F'ixes in
/2-13
Boston Hartford Hong Kong london los Angeles New York Orange County Santa Moníca Sílicon Valley Tokyo Walnut Creek Washington
t 's Appendix K, Seclion 3 lisIs al! supporlin~ documenta/ion j o r Mandian as described in Steps 2 through 6 0 1 1 pages determinolion o f "Firsl D e l í v e r a b l e " 92-93. This supporting documenlation i n d u d e s the jol!owing' · Figure 2 2 on page 9-1, a f l o w ehart (hat describes the proeesses and algorilhms M a n d i a n l l l s e d lo delermine which objects were First Deliverables, j o r which jixes. a n d j o r which customers,
3, on A narrative deseription o j Mandiant 's process, in Appendix K, S'ection pages 92-93, including Steps 2-6;
·
·
Bingham McCutchen l l P Three E m b a r c a d e r o Center San F r a n c i s c o . CA
in Ful!lislings o f d a l a seIs Mandianl relied on, as w e l l as resulling data, -000051, O R C L ' ( ¿ x c e l spreadsheels Ihal were prodllced as ORCLX-MAN -MANlvfAN-000054, ORCL.X-MAN-000055. ORCL.X-MAN-000057, ORCLX 000058 a n d ORCLY-A1.AN-000071 .. and,
94111-4067
f¡15·393·2000 415.393.2286 bingham.(om
J o s h u a L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page 2
·
X-MANMandiant 's HRMS Fix Analysis Aecess database, p r o d u c e d as ORCL whieh Exeel spreadsheets described in Appendix K were 000316, f r o m exported.
ipt to exeeute A s s t a t e d in Appendix K, Seetion 3, Mandiant u s e d a Visual Basie ser 8 on p a g e 9 3 o f parts o f Figure 22, including the portions that eorrespond to Steps 5 e p r o d u c i n g as Appendix K, Section 3. Though Defendants did n o t request it, we ar b y Mandiant ORCLX-MAN-000386 an exemplar Visual Basie (VB) seript, p r o v i d e d o fAppendix K, Section 3, along f o r D e f e n d a n t s ' convenience, t h a t p e r f o r m s S t e p s 5 - 8 LX-MANwith i n s t r u c t i o n s f o r its use, p r o d u c e d as ORCLX-MAN-000388. ORC LX-MAN-000316 (which contains DRCLX000386 is designed to be used with DRC certain d a t a MAN-000054 a n d ORCLX-MAN-000058 as database tables) a n d with Appendix B, Section 5.b, Step 6. For D e f e n d a n t s ' a n d metadata listed in X-MAN-000387, convenience, Mandiant has constructed a n d we are p r o d u c i n g DRCL put to ORCLXwhich contains this same information in a l o r m a t easily u s e d as an in MAN-000386. rces 01 The l o 1I0wing paragraphs reiterate the approach deseribed in the sou 1 Defendants ' s u p p o r t i n g information j u s t d e s c r i b e d a n d a n s w e r each c o m p o n e n t 0 question 20, broken out as 20.1 through 20.4, below.
20.1 Appendix. K , Section 3, pages 70-74, Steps 2, 3, a n d 4 i x " ( " D U F " ) for S t e p 2 d i s c u s s e s M a n d i a ' s s e a r c h o f e v e r y " D e l i v e r e d U p d a t e and F íate each file with the s p e c i f i c FIX " e a c h o f t h e 1773 unique Fix l O s in o r d e r to assoc t a t i o n that s h o w s ID the file addressed." However, M a n d i a d o es not provide d o c u m e n rocess o r the specific unique files. In S t e p 3, t h e d a t a g a t h e r e d a t this s t e p o f t h c p ID, yet again he M a n d i a identifies files with a file name o r file path c o n t a i n i n g a Fix d o c u m e n t a t i o n to demonstrate this part o f t h e analysis. In S t e p p r o v i d e s no s u p p o r t i n g and 3 t h a t 4 , M a n d i a c r e a t e s a d a t a b a s e t a b l e c o m b i n i n g t h e results o f S t e p s 2 e s p o n d i n g files in " i n c l u d e d e v e r y reference to the 1773 unique Fix IDs, a n d the c o r r provide a citation w h i c h t h e s e r e f e r e n c e s were c o n t a i n e d , " y e t t h e A p p e n d i x does n o t t o t h i s d a t a b a s e table.
s p l a c e d into a Steps 2 a n d 3 were performed as a single operation a n d the output wa pendix K. Section 3, Step 4, DRCLX-MAN-000054 temporary tableo A s n o t e d in Ap ow in DRCLXcontains the results o l S t e p s 2 a n d 3 combined; in other words, eaeh r erated b y either Step 2 or Step 3. M A N - 0 0 0 0 5 4 was g e n
2 0 . 2 Appendix K, Section 3 , pages 70-74, Stcp 5 5 8 and O R C L X In Step 5, Mandia states t h a t h e used the data in O R C L X - M A N 0 0 0 0 f o r e a c h F i x I D t h e files a s s o c i a t e d w i t h M A N 0 0 0 0 5 4 to create a query 10 d c t e r m i n e t o m e r received the Fix ID, the cus10mers receiving each file, and the dates e a c h c u s d e t h e q u e r y o r d o c u m e n t a t i o n r e p r e s e n t i n g the u n i o n the file. M a n d i a do es not pro vi o f O R C L X - M A N 0 0 0 0 5 8 and O R C L X M A N 0 0 0 0 5 4 .
hash. The DRCLX-MAN000058 a n d DRCLX-MAN000054 w e r e j o i n e d on MD5 iscloses t h a t j i l e s relerence in Step 4 to 1 8 , 8 3 5 u n i q u e j i l e s in ORCLX-MAN000054 d hashes in are Jejined in terms 01 MD5 hash, since there are 1 8 , 8 3 5 unique MD5 ORCLX-MAN000054.
Bingham M e C u l e h e n l l P bingham.eom
J o s h u a L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page3
20.3 A p p e n d i x K , S e c t i o n 3, p a g e s 7 0 - 7 4 . S t e p s 5 a n d 6 Because M a n d i a did not p r o v i d e all o f h i s w o r k p r o d u c t for the steps in his First Oeliverable analysis, O e f e n d a n t s c a n n o t ascertain w i t h a n y d e g r e e o f c e r t a i n t y h o w M a n d i a created O R C L X - M A N 0 0 0 0 5 5 , which the m e a s u r e s in A p p e n d i x K, section 4, rely o n e x t e n s i v e l y . S p e c i f i c a l l y , O e f e n d a n t s d o n o t k n o w h o w M a n d i a a s s i g n e d a date to files from üRCLX-MANOOOO58 and üRCLX-MANOOOO54 o r w h a t s o u r c e he used to assign such dates. Defendants need s u p p o r t i n g d o c u m e n t a t i o n for all o f the a b o y e described steps in o r d e r to evaluate the a c c u r a c y o f M a n d i a ' s m e t h o d o l o g y . S t e p 6 states that M a n d i a sorted the table in a s c e n d i n g o r d e r by Fix 1 0 delivery date. By not providing the exact table, Oefendants are unable to sort the d a t a in the m a n n e r M a n d i a d e s c r i b e s a n d e v a l u a t e his m e t h o d o l o g y a n d c o n c l u s i o n s .
Figure 22 includes "JOIN R e s u l t Table, " a reference table s t r u c t u r e f o r output o f t h e union o f ORCLX-MAN000058 a n d ORCLXMAN000054. J O I N Result Table dejines client bundle delivery date as equal to .zip j i l e date. Step 6 likewise sta tes Mandiant 's assumption that the last written timestamp f o r the .zip j i l e containing each object was an approximate date o fdelivery f o r that .zip j i l e to the client whose client code appeared in the n a m e o fthe .zip jile. Defendants could reproduce this data b y creating a directory listing o f al! .zip j i l e s contained in Delivered Updates a n d Fixes as discussed in the response to Question 23, below. For objects n o t f o u n d inside a .zip file, o r where the . z i p f i l e d i d n o t in d u d e a client code, the client code was d e t e r m i n e d f r o m t h e f i l e path. For objects n o t f o u n d inside a .zip jile, the date o fdelivery a n d the last written dale were trealed as i f Ihey were earlier Ihan Ihe lasl written date o fa n y other .zip jile. Steps 5 a n d 6 were p e i f o r m e d as a single operation; s o r t e d resulls were p l a c e d into a temporary tableo
2 0 . 4 Appendix K, S e c t i o n 3 , pages 70-74 Oefendants understand t h a t the resulting " F i r s t O e l i v e r a b l e T a b l e " described in Figure 22, page 73 (now page 94) is üRCLX-MANOOOO55. PIcase c o n f i r m that understanding is correcto Oefendants also need further clarification o n w h a t is m e a n t by "AIl D U F Files" and " F i x ID Search R e s u l t s " in step 3 o f Figure 22.
Appendix K, Section 3, Step 7 a t page 93 identifies ORCLX-MAN000055 as a First Deliverables tableo Appendix K, Section 3, Slep 7 also states that D A T a n d D M S First Deliverables were contained in ORCLX-MANOOOO71. "All D U F Files" refers to Delivered Updates a n d Fixes a s dejined in Appendix B, Seclion 5.b, a n d listed in ORCLX-MAN-000058. "Fix ID Search R e s u l t s " are the results o f t h e search described in Appendix K, Section 3, Steps 2 a n d 3, a t p a g e 92, a n d are listed in ORCLX-MAN-D00054.
21. Measurements for H R M S Fix Analysis from Appendix K. section 4, pages 74-96 (now r a g e s 95-118): Results andJor d o c u m e n t a t i o n to s u p p o r t many o f the measures
Bingham M c C u t c h e n l l P blngham.com
Joshua L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page4 ntiffs' described in Appendix K are missing from M a n d i a ' s Report and Plai production. Response:
ures in Plaintijfs disagree that results o r documentation supporting the meas the information p r o d u c e d to Defendants. With respect A p p e n d i x K are m i s s i n g f r o m N-000059 to results, as stated in Appendix K, Section 4, a t page 95, ORCLX-MA can r e s u l t s f o r a l l H R M S F i x A n a l y s i s measures. A I l m e a s u r e d e f i n i t i o n s contains a i l also b e f o u n d in ORCLX-MAN-000205. tions, With respect to supporting documentation, m a n y o f Defendants ' ques l e p a t h s , o r " s p e c i f i c " o b j e c t s o r files, a p p e a r particularly concerning hash values. fi on Disc 9, Disc to assume that Mandiant m a p p e d every measure back to specific files 1 8 6 o r Hard Drive 78. .b, a t p a g e 13, This assumption is afien incorrecto A s s t a t e d in Appendix B, Section 5 l l 5 2 , 6 5 1 f i l e s o f the ORCLX-MAN-000058 p r o vides the metadata a n d filenames f o r a ssembled, Delivered Updates a n d Fixes files. Once ORCLX-MAN-000058 was a nor counting the number o f n e i t h e r c o u n t i n g the n u m b e r o f u n i q u e M D 5 h a s h e s tracked. duplicates o fhashes requires that the specific locations o feach file be o f ORCLXIn general, however, such a mapping can be created b y manipulation LX-MAN-000059. Using Measure 105 as an example, each M A N - 0 0 0 0 5 8 a n d ORC y one row in f i x in the retrofit o r critieal support population corresponds to exactl a c h f i x . Measure 105 ORCLX-MAN-000059. L o o k i n g a t O R C L X - M A N - 0 0 0 0 5 9 , j o r e s t h a t are F i r s t c o u n t s t h e n u m b e r o f u n i q u e MD5 h a s h e s f o r t h o s e D A T a n d D M S f i l e Measure 105A lists the M i q u e Deliverables f o r p a r t i c u l a r customers f o r that fix. ll o f the First MD5 hash values. Measure l 1 8 B lists the .zip file names containing a c e i v e d a p a r t i c u l a r fix. Deliverables f o r all o f the clients that re nts can Continuing with Measure 105 as an example, f o r a g i v e n f i x , Defenda ific D A T a n d D M S j i l e s on Dise 9, Dise 1 8 6 o r Hard Drive 78 that determine the spec so, Defendants were First Deliverables f o r any customers that received the fix. To do D 5 h a s h (labeled c a n f i n d every row on ORCLX-MAN-000058 where both the M a n d l18B, "Hash Value ") a n d the .zip file n a m e (labeled "ZipFile ") are in 1OSA -000059. The combination o f r e s p e c t i v e l y , f o r the selected row ofORCLX-MAN Path ") should evidence file name (labeled "Evidence '') a n d file path (labeled "Full t. Moslofien, an objeet wil/ be uniquely identified identify each f i r s t deliverable objec with the e x a c t a s a result o fthis join. Where it is not, i t means that identical objects e name b u t same MD5 hash are present in multiple different .zip files with the sam a n y o f the .zip different f i l e paths; the object in question can thus be retrieved f r o m files resu/ting from the join. Deftndants to In addition to the specific responses below, Mandiant genera//y refers se. p r o d u c e d as ORCLX-MANthose queries in the l I R M S Fix Analysis Databa re b e i n g 000316, where the name o f t h e query contains the name o f t h e Measu ca/culated.
Blngham M e ( u l e h e n l l P bingham.eom
Joshua L. Fuchs, Esq. Mareh 1 2 , 2 0 1 0 Page 5
a. Measure 102A. Mandia did not pro vide a citation to the resulting document for Measure 102A. Please provide the results o f M a n d i a ' s analysis in Measure 102A. Response:
The requested information can b e j o u n d both in ORCLX-MAN-000059 a n d in ORCLX-MAN-000069.
b. Measure 103. In Measure 103 Mandia recorded the status o f each fix according to data contained within the SAS database. However, he did n o t pro vide a citation to the results o f h i s analysis. Please provide the results o f M a n d i a ' s analysis in Measure 103. Response:
The requested information can be f o u n d both in ORCLX-MAN-000059 a n d in the individual Master Fix Records in SAS, produced b y Defendants in this case.
c. Measure 104. Measure 104 cites to ORCLX-MAN000070 as the results o f M a n d i a ' s r e c o r d í n g o f t h e n u m b e r o f u n i q u e F i l e - b a s e d o b j e c t s a s s o c i a t e d wíth t h e First Deliverable o f any Fix ID. However, ORCLX-MANOOOO70 does not provide full information about this measure. ORCLX-MAN000070 merely provides Fix IDs a n d t h e a s s o c i a t e d hash values, b u t d o e s n o t p r o v i d e i n f o r m a t i o n a b o u t w h i c h s p e c i f i c objects relate to the hash values Iisted. Please ídentiry which objects received the hash values related t o the Fix IDs Iisted so Defendants can evaluate M a n d i a ' s analysis. Response:
This information can be determined through manipulation o f O R C L X - M A N - 0 0 0 0 5 8 a n d o fMeasures 104A a n d 11 8R in ORCLX-MAN-000059, as discussed abo ve.
d. Measure 105. Measure 105 attempts to ascertain thc number o f u n i q u e .dat and .dms files associated with the First Deliverable o f a n y Fix ID. Step 5 states that Mandia utilized SQL queries to perform this analysis, however the Report does n o t identiry the specific queries used in this measure. Further, like the resulting document in Measure 104, the document cited in Measure 105, ORCLX-MAN000071, merely provides Fix IDs and hash values and does not provide information about which objects relate to t h e hash values Iisted. Defendants need such information to evaluate M a n d i a ' s analysis. Please identiry which objects received the hash valucs related to the Fix IDs listed so Defendants can evaluate M a n d i a ' s analysis. Response:
This information can be determined through manipu/ation o f O R C L X - M A N - 0 0 0 0 5 8 a n d o fMeasures 105A and 11 8R in ORCLX-MAN-000059, as discussed above. Furthermore, M e a s u r e 1 0 5 MAN-000205.
= Measure 142 + Measure 143, as stated in ORCLX-
Bingham M e C u t e h e n l l P bingham.eom
J o s h u a L. Fuchs, Esq. March 12,2010 Page6 r o f unique e. M e a s u r e 106. M e a s u r e 106 c1aims to r e p r e s e n t t h e total n u m b e ith a First " . S Q R " , " . S Q C " , " . C B L " , " . D A T " , a n d " . D M S " files a s s o c i a t e d w a d o c u m e n t to s h o w t h e D e l i v e r a b l e o f a Fix ID. H o w e v e r , M a n d i a d o e s not p r o v i d e i a ' s a n a l y s i s in r e s u l t s o r t o t a l for t h i s m e a s u r e . P l e a s e p r o v i d e t h e r e s u l t s o f M a n d M e a s u r e 106. Response:
Measure 106 = Measure 104 + Measure lO5. ORCLX-MAN-000059 contains both the addends and the sumo
copies o f First f. M e a s u r e 110. M e a s u r e 110 a t t e m p t s to c o u n t the total n u m b e r o f n t a i n e d in T o m o r r o w N o w ' s D a t a Warehouse. D e l i v e r a b l e f i l e s f r o m M e a s u r e 107 c o e file p a t h locations T h e r e s u l t i n g s p r e a d s h e e t , ORCLX-MANOO0077, d o e s n o t p r o v i d fore Defendants c a n n o t evaluate t h e accuracy o f for e a c h file listed, a n d there M a n d i a ' s counts. P l e a s e p r o v i d e t h e file p a t h i n f o n n a t i o n . Response:
within ORCLXThis data was p r o v i d e d in database table "tbIPrB1_Copies_in_DW" Database. MAN-000316, the H R M S Fix Analysis
i e s o f first g. M e a s u r e 111. In M e a s u r e 111, M a n d i a attempts to i d e n t i f y c o p dia s t o r e d in c o m p r e s s e d .zip files in D a t a W a r e h o u s e . H o w e v e r , M a n d e l i v e r a b l e files W a r e h o u s e with d o e s n o t p r o v i d e t h e r e s u l t s f r o m S t e p 2 ( t h e . z i p files f r o m D a t a refore Defendants m a t c h i n g M D 5 h a s h v a l u e s t o . z i p files o n H a r d D r i v e 7 8 ) , a n d t h e and c o u n t e d in this measure. c a n n o t d e t e n n i n e w h i c h o b j e c t s M a n d i a identified h e r e t h e files l i s t e d D e f e n d a n t s n e e d a c t u a l file n a m e s a n d t h e n a m e s o f t h e . z i p f i l e s w in O R C L X - M A N 0 0 0 0 7 8 w e r e located. Response:
W_Copies" This data was p r o v i d e d in database table " t b l Z i p s J r o m T N 7 8 _ D U _ D within ORCLX-MAN-000316, the HRMS F i x A n a l y s i s Database.
c o u n t First h. M e a s u r e 112. In M e a s u r e 112, M a n d i a attempts to i d e n t i f y a n d t backups from Data Warehouse. M a n d i a D e l i v e r a b l e files s t o r e d w i t h i n e n v i r o n m e n e compressed d o e s n o t p r o v i d e t h e M D 5 h a s h v a l u e s for t h e files s t o r e d w i t h i n t h rs to in Step 2. Further, the final results o f t h i s measure, e n v i r o n m e n t b a c k u p s he r e f e S t e p 2 n o r the O R C L X - M A N - 0 0 0 0 7 9 , do n o t s h o w al! o f t h e hash v a l u e s found in d fixes. D e f e n d a n t s file n a m e s o r l o c a t i o n s o f t h e files M a n d i a a s s o c i a t e d w i t h t h e I i s t e is. Please p r o v i d e need this i n f o n n a t i o n t o evaluate the accuracy o f M a n d i a ' s analys t h e r e q u e s t e d h a s h v a l u e a n d file n a m e a n d l o c a t i o n i n f o r m a t i o n . Response:
ontains a l l h a s h ORCLX-MAN-000319, the Uncompressed Backups Hash Database, c ibed in Step 2 01 Measure 112. A s d e s c r i b e d in values a n d f u l l f i l e p a t h s d e s c r
Bíngham M c C u l c h e n LLP bingham.com
Joshua L. Fuchs, Esq. March 12, 2010 Page 7
LX-MAN-OOOO71 A p p e n d í x K, Section n, Step 4, Mandiant associated the data in ORC hash value. with t h e f i l e s c o n t a i n e d in ORCLX-MAN-000319, j o in i n g by MD5 (he Environment M a n d i a n t p r o v i d e d the f u / l parh o f each environment backup u s e d in N-000329. B a c k u p H a s h D a t a b a s e in O R C L X - M A
u m b e r o f objects i. Measure 114. In Measure 114, Mandia attempts to calculate the n r Fix records in SAS by relying on ORCLX-MAN-000216, attached to Maste rports to count. however, h e does n o t pro vide the actual total number the measure pu Additionally, Please provide the results o f M a n d i a ' s analysis in Measure 114. 216 o r what Defendants cannot determine how Oraele created ORCLX-MAN-000 evaluate the accuracy o f any o f the e x a c t data sources were used, and therefore cannot e e x a c t sources m e a s u r e s t h a t r e l y o n t h i s d o c u m e n t . T h u s , p l e a s e p r o v i d e a list o f t h in S A S ) used to create ORCLX-MAN-00021 6 ( m e a n i n g e x a c t d o c u m e n t s o r views n recorded a n d p r o d u c e a n y i n t e r m e d i a t e r e c o r d s I notes and o t h e r d o c u m e n t a t i o cess o f O R C L X - M A N - 0 0 0 2 1 6 . during the creation pro Response:
9 contains a l l A s s t a t e d in A p p e n d í x K, Section 4, al p a g e 95, ORCLX-MAN-00005 ures, including "Ihe a c t u a l total n u m b e r " that r e s u l t s f o r a l l H R M S F i x A n a l y s i s meas Measure l l 4 counts, in the column with the h e a d i n g "114. " 6 contains d a t a A s s t a t e d in A p p e n d í x K, Section 4, a t p a g e 95, O R C L X - M A N - 0 0 0 2 1 diant drew t h a t M a n d i a n t r e c e i v e d f r o m O r a c l e ' s counsel, a n d f r o m w h i c h M a n t - c h e c k e d ORCLXr e l e v a n t data. A s s t a t e d in A p p e n d i x K, section 4.p, Mandiant s p o SQC. DAT, a n d M A N - 0 0 0 2 1 6 to confirm that it c o u n t e d the n u m b e r o f C o b o l . SQR, x Records in SAS. p r o d u c e d b y D M S f i l e s that w a s a t t a c h e d to individual Master Fi sedfiles (".EXE" D e f e n d a n t s in this case. This c o u n t included objeclS within c o m p r e s d f i l e s t h a t were d e s c r i b e d within the S A S a n d ". ZIP "J. b u t e x c l u d e d c o m p r e s s e d i x K, section records as h a v i n g been d o w n l o a d e d f r o m Oracle, as s t a t e d in A p p e n 4.p.
n relies o n j . Measures 119 and 119A. In Measure 119 and 119A, M a n d i a agai stomers recorded in SAS as ORCLX-MAN-000216 to count the alleged number o f cu (Measure 118). receiving a fix t h a t were not counted in Delivered Updates and Fixes o r supporting docurnentation for this M a n d i a d o e s n o t p r o v i d e any w o r k p r o d u c t ciated Fix lOs m e a s u r e , a n d D e f e n d a n t s c a n n o t d e t e r m i n e which c u s t o m e r s a n d a s s o Please provide the results and work product o f Mandia counted in this measure. M a n d i a ' s analysis in Measures 119 and 119A. Response:
9 contains a l l A s s t a l e d in A p p e n d i x K, Section 4, at p a g e 95, ORCLX-MAN-00005 n d i a n l also drew r e l e v a n t data f r o m results f o r a l l HR..\1S Fix Analysis measures. Ma ORCLX-MAN-000216. " F i x ID''). A s Each row o f O R C L X - M A N - 0 0 0 0 5 9 corresponds to a Fix ID (labeled tion 4.z, al p a g e l 0 8 , Measure 119A records the names o f s t a t e d in A p p e n d i x K, Sec duced by the customers r e p o r t e d b y individual Master Fix Records in SAS, p r o
Bingham M e C u t e h e n LLP bingham.eom
Joshua L. Fuchs, Esq. March 1 2 , 2 0 \ 0 Page 8
t spot-checked Defendants in this case, as having received particular fixes. Mandian rm that listed customer names m e t the specific criteria ORCLX-MAN-000216 to conji Usted in Appendix K, Seetion 4 z , a t p a g e 109. d the data in A s stated in Appendix K, Section 4.y, a t p a g e 108, Mandiant compare eustomers listed in 119A 119A to the data in l I B A a n d reported in 119 the number o f that were n o t listed in l I B A .
otal n u m b e r o f k. Measure 120. In Measure 120, Mandia attempts to calculate the t Fix ID using Delivered Updates and Fixes, the SAS u n i q u e c u s t o m e r s receiving e a c h to this measure databas e, and Data Warehouse as sources. In Measure 120A, he adds ting a list o f unique environmen1 names. Mandia do es n o t provide suppor t a t i o n for e i t h e r m e a s u r e n o r d o e s h e p r o v i d e a t o t a l c o u n t o f u n i q u e documen product o f c u s t o m e r s o r e n v i r o n m e n t names. P l e a s e p r o v i d e the results a n d w o r k s o r environments names M a n d i a ' s analysis a n d t h e counts o f u n i q u e c u s t o m e r referenced in Measures 120 and 120A. Response:
contains al! A s stated in Appendix K, Seetion 4, a t p a g e 95, ORCLX-MAN-000059 M e a s u r e s 120 resu1ts f o r all HRMS Fix Analysis measures, including the results f o r 120A Usted a n d 120A. Appendix K, Section 4. bb, incorreetly states t h a t Measure asure 120A makes apparent, "envíronmellt names. " A s review o f the data in Me Measure 120A instead listed customer codeso Section 4.bb, a t To obtain Measure 1 2 0 A f o r e a c h f i x ID, as disclosed in Appendix K, e-letter p a g e 109, the three-letter codes Usted in 119A were a d d e d to the thre es listed in 118A a n d duplicates were eliminated. A s disclosed in c u s t o m e r cod er o fentríes in Appendix K, Section 4.aa, a t p a g e 109, Measure 1 2 0 eounts the numb Measure 120A.
ted by use o f a w h i c h c u s t o m e r s r e c e i v e d a First o r I d e n t i f i e d D e l i v e r a b l e c o n t a m i n a nment belonging to another customer or created g e n e r i c e n v i r o n m e n t o r an e n v í r o work product o r from the software o f another customer. Mandía does not provide any tion for this measure. Defendants c a n n o t ascertain what supporting documenta rovide the results analysis, i f any, Mandia actually performed in this measure. Please p and w o r k product o f M a n d i a ' s analysis in Measure 123. Response: instances in 1. Measure 123. Measure 123 attempts 10 determine the total number o f
5 9 contains a l l As s t a t e d in Appendix K, Section 4, a t p a g e 95, ORCLX-MAN-0000 nc/uding the results f o r Measure 123 in resu/ts f o r a l l H R M S Fix Ana/ysis measures, i 4 j J . Measure the co/umn with the heading "123. " A s stated in Appendix K, Section 123 is a eount o f t h e eustomers in Measure 1 2 3 A f o r e a c h f i x . CLX-MANWith respect to Measure 123A, Mandiant drew relevant data from OR e d a limUed 000216. As índicated in Appendix K, section 4.gg, Mandiant p e r f o r m A N - 0 0 0 5 9 to review o f M e a s u r e / 2 3 A against ORCLX-MAN-000216 a n d O R C I X - M
Bingham M c C u t c h e n l l P blngham.com
Joshua L . Fuchs, Esq. March 1 2 , 2 0 1 0 Page 9
d a t every stage confirm t h a t l i s t e d customers ' specific e n v i r o n m e n t s h a d n o t been u s e available. Environment data from in the development process f o r which data was ocs a n d ORCLX-MAN-000216 was c o l l e c t e d f r o m SAS a n d the "Consultant D Templates" directory, both o fwhich were p r o d u c e d by Defendants. eviewed, see. in F o r f u r t h e r i n f o r m a t i o n a b o u t how M e a s u r e 1 2 3 w a s c a l c u l a t e d a n d r 123 f o r critica1 supportfcx 646 the Report, ,~ 311-312 a n d 314, reviewing Measure f o r critical (CSS-TN-11 16067702); " 322-323 a n d 325, reviewing Measure 123 ~ 335-336. reviewing Measure 123 f o r s u p p o r t f i x 1099 ( C S S - T N - I l 0 6 0 7 8 2 4 3 ) ; ~ 3 f o r retrofitfix r e t r o f i t f i x 1 2 7 (0225046346); a n d ~~ 344-345, reviewing Measure 12 diant specifically reviewed this m e a s u r e f o r thesefixes. 201 (2005C-751G). Man
number o f m. Measure 124. In Measure 124, Mandia purports to calculate the t o m e r s who w e r e customers that were listed in data received for Measure l 2 4 A (cus nique part o f a source group) and were also listed in Measure 120A (Iist o f u Fix ID). M a n d i a does not provide e n v i r o n r n e n t n a m e s for c u s t o m e r s r e c e i v i n g e a c h c a n n o t ascertain r e s u l t s o f t h i s m e a s u r e o r s u p p o r t i n g d o c u r n e n t a t i o n , and D e f e n d a n t s represent o r evaluate its accuracy. Please provide the what this measure is intended t o results and w o r k product o f M a n d i a ' s analysis in Measure 124. Response:
ntains resu1ts A s stated in Appendix K. Section 4, p a g e 95. ORCLX-MAN-000059 co ing the resuIts f o r Measure 1 2 4 in the f o r all H R M S Fix Analysis measures, incIud column with the heading "124. " 0021 6. A s Mandiant drew relevant data f o r Measure 124A from ORCLX-MAN-0 K. section 4.gg, Mandiant performed a limited review o fMeasure s t a t e d in Appendix irm (hat listed 124A against ORCLX-MAN-000216 a n d ORCLX-MAN-00059 to conf b e r o f a source group o f customers were referred to in documentation as being a mem as c o l l e c t e d size greater than one. Source group data in ORCLX-MAN-000216 w es" directory, both o f which were f r o m S A S a n d the "Consultant Docs a n d Templat p r o d u c e d b y Defendants. eviewed, see. in F o r f u r t h e r i n f o r m a t i o n a b o u t h o w M e a s u r e 1 2 4 was c a l c u l a t e d a n d r u p p o r t f i x 646 the Report, " 311-312 a n d 315, reviewing Measure 1 2 4 f o r critical s f o r this fix. (CSS-TN-11 16067702). Mandiant specifically reviewed this measure
that allegedly n. Measure l26A. Measure 126A Mandia relies o n "received data" d fixes created through alleged crossrecorded the names o f the customers that receive i n e this d a t a was use o r additional-customer contamination to perform a QC to determ e QC process he used to verify the accuracy o f t h e accurate. He does not explain th r work product d a t a he received nor does he provide any supporting docurncntation o easure l 2 6 A for this measure. Please provide the results o f M a n d i a ' s ana1ysis in M and better describe the QC process undertaken by Mandia. Response:
Bingham M e C u t e h e n l l P bingham.com
Joshua L. Fuchs, Esq. March 1 2 , 2 0 ] 0 Page 10
contains a l l A s s t a t e d in Appendix K, Section 4, a t p a g e 95, ORCLX~MAN-000059 r Measure 126A results f a r all H R M S Fix Analysis measures, including the results f o tion 4.11, in the column with (he heading " 1 2 6 A . " A s stated in Appendix K, Sec easure 1 2 6 A l o r eachfIX, akin to Measure 1 2 6 is a count o f t h e customer names in M Measure 1 2 3 ' s count o f t h e customer names in Measure 123A. 00216. A s M a n d i a n t d r e w r e l e v a n t data f o r Measure 126A f r o m O R C L X - M A N - 0 , M a n d i a n t p e r f o r m e d a l i m i t e d review 0 1 indicated in Appendix K., section 4.gg 9 to confirm Measure 126A against ORCLX-MAN-000216 a n d ORCLX-MAN-0005 tomers were also Usted in Measure 123A o r that Usted either that Usted cus customers a s customers ' specific environments h a d been used to support additional A N - 0 0 0 2 1 6 was p a r t o fthe flX-delivery process. Environment data in ORCLX-M ry, both o f collected from S A S a n d the "Consultant Docs a n d Templates" directo which were p r o d u c e d b y Defendants. eviewed, see, in F o r f u r t h e r i n f o r m a t i o n a b o u t h o w M e a s u r e 1 2 6 was c a l c u l a t e d a n d r r e v i e w i n g Measure 1 2 6 1 0 r c r i t i c a l s u p p o r t f i x 1 0 9 9 the Report, ~, 322-323 a n d 326, retrofitfix 1 2 7 (CSS-TN-I106078243); ando " 335-336, reviewing Measure 1 2 6 f o r n d i a n t s p e c i f i c a l l y r e v i e w e d t h i s m e a s u r e l o r these f i x e s . (0225046346). Ma
otal p e r c e n t a g e o. Measures 130-132. In Measures 130-132, Mandia calculates the t ted by one o f the listed methods o f customers that received a file alleged1y contamina he resu1ts o f o f contamination Mandia defines in his Report. H e does not provide t r s u p p o r t i n g d o c u m e n t a t i o n . Please p r o v i d e t h e s e m e a s u r e s nor a n y w o r k p r o d u c t o 32. the resu1ts and work product o f M a n d i a ' s ana1ysis in Measures 130-1 Response: Measure 130 = Measure 127..;. Measure 118; Measure 131 = Measure 128 -;- Measure 120; Measure 132 = Measure 129..;. Measure 120.
ORCLX-MAN-000059 contains a l l divisors, dividends, a n d quotients.
tal number o f p. Measure 133. In Measure ] 33, Mandia attempts to calculate the to six different data sources. H e does not objects associated with first deliverables from n o r work provide an actual total in the measure o r any supporting documentatio s u p p o r t i n g d o c u m e n t a t i o n a n d work p r o d u c t o f pro<luct. Please provide the results, M a n d i a ' s analysis in Measure 133. Response:
ure 111 + Measure 133 = Measure 108 + Measure 109 + Measure 1 1 0 + Meas Measure 112 + Measure 113. ORCLX-MAN-000059 contains all o / t h e addends a n d the sumo
tal number o f q. Measure 134. In Measure 134, Mandia attempts te calculate the to d with first deliverables from seven different data sources. He does o b j e c t s associate tation o r work not provide an actual total in the measure o r any supporting documen
Bingham M c C u l c h e n LLP blngham.com
Joshua L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page 11
product. Please provide the results, supporting documentation and work product o f M a n d i a ' s analysis in Measure 134. Response:
Measure 134 = Measure 108 + Measure 109 + Measure 1 1 0 + Measure 111 + Measure 112 + Measure 113 + Measure 114. Equivalently, Measure 134 = Measure 133 + Measure 114. O R C V ( - M A N - 0 0 0 0 5 9 contains al! o f t h e addends a n d the sumo
r. Measure 135. Measure 135 attempts to c o u n t the total n u m b e r o f u n i q u e First Deliverable files delivered to more than one customer. Mandia does not provide his full work product for this measure and he does not provide the SQL query he uses in step 2. The Fix ID and hash values listed in üRCLX-MANOOOO94 are insufficient for Defendants to evaluate the accuracy o f M a n d i a ' s analysis and counts in this measure. Please update the results o f M a n d i a ' s analysis in Measure 135 accordingIy. Response:
The HRMS Fix Analysis Database, p r o d u c e d as ORCLX-MAN-000316, contains the requested SQL query, which is labelled "135_ q r y T a i n t J i x_Hash ". Though il is n o t d e a r what other information Defendants are seeking, additional information can be determined through manipulation o f ORCLX-MAN-000058 a n d o f Measures 135A and 11BB in ORCLX-MAN-000059, as discussed aboye.
s. Measure 136. In Measure 136, Mandia allegedly calculates the n u m b e r o f .dat files associated with a First Deliverable " t h a t were delivered to customers with a mismatched environment reference." However, he does not explain or describe the methodology he used to determine which customers were associated with each hash value. He also does not provide the Iist o f environment names referenced in " . D A T " files t h a t did not contain the three Ictter customer code o f the customer receiving the file he creates in Step 2. Without this information, Defendants c a n n o t determine the accuracy o f M a n d i a ' s results and methodology in this measure. Please provide the r e q u e s t e d i n f o r m a t i o n r e l a t e d t o t h e m e t h o d o l o g y used t o d e t e r m i n e w h i c h c u s t o m e r s relate t o each hash value, and please also provide the results for step 2 in this measure. Response:
ORCLX-MAN-000058 provides the meladata a n d f i l e n a m e s f o r a l l 5 2 , 6 5 1 f i l e s o f t h e Delivered Updates a n d Fixesfiles, including data as to what customer (lobeled "Client ") received each hash value (lobeled "Hash Value "). A s stated in Appendix K, footnote 35 on page 10B, hashes were assumed n o t to hove been delivered where Client was equa/ to " C S S " o r " A C L " A list o fenvironment names can be f o u n d in ORCLX-MAN-000095, on o per-fix, p e r MD5 hosh, per-client basis.
8ingham M e ( u l c h e n L l P bingham.com
Joshua L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page 12
, includes the The HRMS Fix Analysis Database, p r o d u c e d as ORCLX-MAN-000316 : following queries used to calculate Measure 136 · · · 1363ryDMS_DATLinkJ_B1_DAT_BADEnv_HASH H 1363ryDMS_DATLinlrjI_B1_DMS_Fixlnside_DAT_BADEnv_HAS ADEnv_HASH 1363ryDMS_DATLinkj1I_DMS_NoFixjnside_B
ltsfrom ORCLX-MAN-000096 contains the de-duplicated set o f d a t a that r e s u e queries. Mandiant used Microsoft & c e l ' s built-in combining the results o f t h e s e thre binations. "remove duplicares" function to de-duplicate on f i x ID/hash value com additional Though it is n o t e/ear what other information Defendants are seeking, LX-MAN-000058 a n d 01 information can be determined through manipula/ion 0IORC e. MeasW"es 136A a n d 118B in ORCLX-MAN-000059, as discussed aboy
s to calculate 1. Measures 138 and 144. In Measures 138 and 144, M a n d i a a t t e m p t erable file-based objects and .dat files that were percentages o f u n i q u e First D e l i v ercentages o r contaminated in sorne manner, but he does not provide the resulting p 1. Please provide the results and work product from Measures supporting work produc 138 and 144. Response:
Measure 138 = Measure 137-;- (Measure 104 + Measure 142). MeasW"e 144 = Measure 136 -;- Measure 142. uotients. ORCLX-MAN-000059 contains all addends, divisors, dividends, a n d q e e/ear from Appendix K, Section 4.eee contains a typographical error; as should b sure 10 6 " should be replaced by the preceding paragraph 01 thal Seclion, "Mea slates the "Measure 104 + Measure 142. " S e e also ORCLX-MAN-000205, which equations listed aboye.
ifferent objects u. Measures 139-143. Measures 139-143 provide alleged counts o f d e a s u r e s neglects and file types from ü R C L X - M A N 0 0 0 2 1 6 . However, each o f t h e s e m i a ' s c o u n t s . Please to provide the resulting numbers o r work product to support M a n d u r e 139-143. provide the results and work product from M a n d i a ' s analysis in Meas Response:
o m ORCLXWith respect lo Measures 139 a n d 140, Mandiant drew relevant data fr e/osed in 1 334 o f t h e Mandia report, "Identified Deliverable" MAN-000216. A s dis is a lerm used to describe f i x deliverables described by SAS. sfound Measure 139 counts the number o l u n i q u e SQR, SQC a n d C O B O L f i l e c o m p r e s s e d f i l e s identified attached to S A S Master Fix Records. exe/udingfiles within , Appendix K. as having been downloadedfrom Orae/e. Due to a transcription error
Bingham M c C u t c h e n LLP bingham.com
J o s h u a L. Fuchs, Esq. March 1 2 , 2 0 1 0 Page 13
O L files. Seetion 4 . f f f f a i l e d tO'specify that i t was limited to SQR, S Q C a n d COB n is properly described in ORCLX-MAN-000205. However, the limitafio a t t a c h e d to S A S Measure 1 4 0 counts the number o f unique D A T a n d D M S files f o u n d f i l e s identified as having been Master Fix Records, excludingfiles within c o m p r e s s e d down/oaded f r o m O r a d e . Measure 141 = Measure 139 + Measure 140. Measure 105 = Measure / 4 2 + Measure 143. r files. M e a s u r e Measure 142 is the subset o fMeasure 105 corresponding only to D A ue to a 143 is the subset o fMeasure 105 corresponding only to D M S files. D ¡nto a single equafion transcription error, the two equations abo ve were collapsed is incorrecto stating that Measure 1 4 / was the sum o fMeasures 142 + 143, which -000205. Both equations are properly stated in ORCLX-MAN
page 81 (now 23. Statistics P r o v i d e d in paragraph 328 (now ~ 370) in Section IX, t provide supporting d o c u m e n t a t i o n for the n u m b e r o f t o t a l page 9 7 ) : M a n d i a d o e s n o o w systems a f t e r zip files o r total n u m b e r o f b u n d l e s last recorded on t h e T o m o r r o w N mmary M a r c h 22, 2 0 0 7 . D e f e n d a n t s c a n n o t e v a l u a t e t h e a c c u r a c y o f t h i s s u g t h e s p e c i f i c results c o n c l u s i o n w i t h o u t knowing the m e t h o d o l o g y , s o u r c e and s e e i n ' s conc!usions in M a n d i a u s e d for t h e s e n u m b e r s . P l e a s e p r o v i d e s u p p o r t f o r M a n d i a Section IX. Response:
contained on Mandiant identified the file name a n d last written date f o r all .zip files -DR04497673 TN-OR00009557 (Disc 9), TN-OR04497668 (Hard Drive 78), a n d TN date, a n d (Dise 186). The results were sorted b y .zip file name a n d last written mber o f 4 , 6 0 7 .zip f i l e s duplicate .zip names were eliminated to arrive a t a total nu tesy to a n d associated last written dates. A s discussed abo ve, a n d as a cour d is p r o d u c i n g ORCLX-MAN-000387, D e f e n d a n t s , M a n d i a n t has c o n s t r u c t e d a n dates. which contains a list o f t h e 4 , 6 0 7 . z i p f i l e s a n d a s s o c i a t e d l a s t written the "Last Written" date o feach .zip f i l e was befare o r Mandiant determined whether after March 2 2 , 2 0 0 7 .
Sincerely yours,
ce:
V i a E-mail S c o t t C o w a n , J o n e s Day, s w c o w a n @ j o n e s d a y . c o m J a s o n M c D o n e l l , J o n e s Day, j m c d o n e l l @ j o n e s d a y . c o m V i a E-mail am.com GeofTrey Howard, Bingham M c C u t c h e n LLP, g e o f f . h o w a r d @ b i n g h ingham.com Z a c h a r y Alinder, Bingham M c C u t c h e n LLP, z a c h a r y . a l i n d e r @ b
Bingham M c C u t c h e n l L P bingham.com
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
