On January 12, 2021, Judge Boasberg (D.D.C.) ruled that a forensic report prepared for outside counsel following a cyber incident investigation was not protected under either attorney-client privilege or the work product doctrine. The investigation in question was run by outside counsel and the security firm had been retained by outside counsel. This decision is the latest in a line of cases finding that cybersecurity forensic reports may not receive work product protection, but it goes further than other cases by finding the report was not protected as a matter of law by the attorney-client privilege. The opinion in Wengui v Clark Hill (Case No. 19-3195) may be found here.
