[PROPOSED] CORRECTED ORDER REGARDING FORTINET'S REQUESTS FOR INSPECTION

DONNA M. RYU, District Judge.

PURSUANT TO STIPULATION, the Court hereby orders that:

1) Sophos will provide by end of businesses (5:00 PM Pacific) on June 29, 2015 to Fortinet's vendor Stroz Friedberg's San Francisco office, all forensic images in its possession from the Former Fortinet Employees1 responsive to Fortinet's Requests for Inspection ("Requests"), including but not limited to "personal laptops," "Sophos laptops," smartphones and USB data transfer devices;

2) Fortinet will attempt to identify by manufacturer or name all USB devices it asserts were connected to the Former Fortinet Employees' personal laptops. Sophos will locate any such USB device that is still in the Former Fortinet Employees' possession and will provide images of those devices if located.

3) Sophos will provide by end of businesses (5:00 PM Pacific) on July 3, 2015 to one of Fortinet's vendor Stroz Friedberg's regional offices2 all devices responsive to the Requests and not previously imaged by Sophos within the last six months. Stroz Friedberg will endeavor to image those devices as soon as possible and return them.

4) All transfers of device images between Sophos's discovery vendor and Fortinet's vendor will be accompanied by appropriate chain-of-custody forms, and Sophos's vendor will retain duplicates of all such images;

5) Sophos (through its counsel) will provide an accounting of all devices in its possession responsive to the Requests, including all devices currently in Sophos or the Former Fortinet Employees' possession, any devices that are responsive to the Requests but that no longer exist and/or are now unavailable (including the circumstances why they are unavailable) and identifying any employee for which Sophos contends does not have a device responsive to the Requests. Sophos will provide this accounting by end of businesses (5:00 PM Pacific) on June 29, 2015;

6) Once in Stroz Friedberg's possession, Fortinet counsel will not review or have access to the imaged devices from Sophos directly. Instead, Stroz Friedberg will run searches and other analyses of these devices, identifying relevant information. Fortinet counsel will be able to evaluate the results of these searches/analyses by file name and meta-data (but not the contents). Upon identification of files to Sophos's counsel, Sophos's counsel will have 10 days from receipt to either claim privilege on the material or object on personal privacy grounds. Sophos will thereafter produce the requested files to Fortinet, where they will be able to be viewed entirely by Fortinet's counsel (subject to any designations by the Protective Order). Any claims of privilege are subject to the Federal Rules of Civil Procedure. Because of attorney-client privilege concerns, for the "Sophos laptops" only, Fortinet will provide the search terms for which it uses to collect data from the devices prior to running any searches on the images of those devices. Sophos will have 48 hours to provide any objections to Fortinet's proposed search terms. The devices/images will be kept securely within Stroz Friedberg's offices until they are returned to Sophos's vendor.

7) The parties will file a joint status report to update the Court on the progress of these inspections on July 16, 2015.

8) This order replaces the Court's previous order at Dkt. No. 168.