EDiscovery:A New Kind of Forensics
Information technology has advanced more in the last five decades than it has in the entire history of man. As technology has advanced, so has the amount of information being created, transferred and stored. This is especially true in companies where paperless or email communications have almost completely replaced paper-based communications.
Electronic information is considered unalike from paper information because of its insubstantial form, volume, transience and persistence. Electronic information is generally accompanied by metadata that is not found in paper documents and that can play an important part as proof (for example: the date and time a document was written could be useful in a copyright case). Data is acknowledged as relevant by attorneys and placed on legal hold. Evidence is then removed andinspected using digital forensic procedures, and is typically converted into PDF or TIFF form for use in court.
Examples of the kinds of documents included in e-discovery are e-mail, instant messaging chats, documents, accounting databases, CAD/CAM files, Web sites, and any other electronically stored information that might be pertinent evidence in a law suit. Also included in e-discovery is “raw data”, which Forensic Investigators can review for hidden evidence.
In thedevelopment of electronic discovery, data of all sorts can function as evidence. This can include text, images, calendar files, databases, spreadsheets, audio files, animation, Web sites and computer programs. Even malware such as viruses, trojans and spyware can be protected and examined. Email can be an especially valuable method of evidence in civil or criminal lawsuit, because people are frequently less careful in these exchanges than in hard copy correspondence such as written memos and postal letters.
Computer forensics, also called cyberforensics, is a particular type of e-discovery in which an investigation is carried out on the insides of the hard drive of a specific computer. After physically isolating the computer, investigators produce a digital copy of the hard drive. Then the original computer is locked in a secure facility to uphold its pristine condition. All investigation is done on the digital copy.
The key to addressing eDiscovery is to be proactive in the management of information and accounts with control over the handling of potential e-discovery requests. Records management professionals must work with the legal staff and IT to develop a records management database that will support eDiscovery work. Records management policies and procedures must be developed, founding a steady records management discipline among employees in managing their information and records.
A number of different people may be involved in an eDiscovery; lawyers for both parties, forensic specialist and IT managers to name a few. Forensic examination often uses uncommon vocabulary and acronyms (for example “image” refers to the acquisition of digital media) whichcan lead to misperception.
While attorneys involved in case litigation try their best to realize the businesses and organization they represent, they may fail to understand the policies and practices that are in place in the company’s IT department. As a result, some data may be ruined after a legal hold has been distributed by unknowing technicians carrying out their regular duties.
Given the difficulties of modern litigation and the extensive selection of information systems on the market, electronic discovery frequently involves IT professionals from both the attorney’s office and the parties to the litigation to connect directly to state technology inconsistencies and agree on production formats. Failure to get professional advice from knowledgeable personnel often leads to additional time and unexpected costs in obtaining new technology or adapting existing technologies to accommodate the collected data.
ediscovery
Processing your request, Please wait....
