Forensically Sound Data: What Does IT Need to Do?

By Guest Author Print this article Print
Forensically Sound Data

Learn about the admissibility of electronically stored information and what IT can do to reduce rising costs associated with ESI collection, storage and review.

If the custodian attempts to delete any of it, the file is instead copied onto a dedicated server for the duration of the matter. The benefit of in-place preservation is that it consumes the minimum space needed, yet faithfully preserves the ESI in question.

Collection: Enterprise collection tools offer the ability to collect data over the network, obviating the need to connect directly to employee laptops or desktops—or even pull out hard drives. Moreover, these tools can also copy ESI from mobile devices, such as smartphones and tablets.

The state of the art, however, is in tools that create an index of custodian ESI rather than collecting it. After creating an index, legal professionals can test keyword or Boolean searches against it—or can apply other types of analytics, such as traffic analysis—and narrow the reviewable document set down to only those documents that are likely to be used in the matter. Those are then collected.

Post-collection: Above all else, defensibility in the discovery process boils down to: Can the proponent produce enough evidence to support the fact that the item is what it’s claimed to be? To do so, counsel must be able to rely on specific documentation of processes and a robust chain-of-custody showing where evidence originated, how it was handled and what types of post-collection processing were done through to production.

Having a standard, documented workflow (i.e., an automated set of steps) to support evidence preservation and collection will allow examiners to attest to the validity of the evidence, satisfying courts and regulators.

Where Are We Now?

The combination of dramatic increases in enterprise electronically stored information volume and the tendency to over collect in an attempt to meet a “forensically sound” standard has led to exploding document review costs. In the past, confusing a collection methodology—bit stream—with an evidentiary ruling made at the time of trial was understandable in criminal contexts. Today, however, the demands of civil discovery and regulatory inquiries provide the potential for reviewing millions of documents—something for which traditional computer forensics was not designed.

IT professionals have the ability to assist their legal counterparts by obtaining consensus on the class of matter (civil, regulatory or criminal); strategically minimizing the amount of ESI that is subject to collection; applying the appropriate collection methods; and thoroughly documenting the process. Doing so will sharply reduce e-discovery costs, instill solid defensibility and dramatically alter your organization’s e-discovery landscape.

Ed Lee is a managing director with Alvarez & Marsal Global Forensic and Dispute Services, specializing in electronic discovery and computer forensics in support of complex litigation and regulatory investigations. With more than 17 years of legal, technical and business experience, Lee has worked with clients across industries that include energy and resources, medical device manufacturing, financial services and technology.

Scott Giordano is the corporate technology counsel at Exterro and an experienced attorney with more than 16 years of legal, technology and risk management consulting experience. He holds certifications in Information Security Systems Professional (CISSP) and Certified Information Privacy Professional (CIPP), dealing with the intersection of law and technology as it applies to e-discovery, information governance, compliance and risk management issues.

This article was originally published on 2014-10-07
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.