* 07/16/96 The production of ESI continues to present challenges in the discovery process even though specific rules have been drafted, commented on, redrafted.

Slides:



Advertisements
Similar presentations
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
Advertisements

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.
COEN 252 Computer Forensics
Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
5 Vital Components of Every Custodian Interview David Meadows, PMP, Managing Director – Discovery Consulting, Kroll Ontrack Dave Canfield, EJD, Managing.
E-Discovery for System Administrators Russell M. Shumway.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.
Evidence Collection & Admissibility Computer Forensics BACS 371.
W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY
1 Best Practices in Legal Holds Effectively Managing the e-Discovery Process and Associated Costs.
Defensible Client File Collections 6 Common Roadblocks and Obstacles.
Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Developing a Records & Information Retention & Disposition Program:
Forensic and Investigative Accounting
1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
EDiscovery and Records Management. Corporate Records Management Historically- Paper was the “Corporate memory”- a visible, physical entity. Original.
Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods.
By Drudeisha Madhub Data Protection Commissioner Date:
Electronic Record Retention and eDiscovery Peter Pepiton eDiscovery Product Manager CA Information Governance.
Information Technology & Computer Science E-Discovery Lab Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information.
Get Off of My I-Cloud: Role of Technology in Construction Practice Sanjay Kurian, Esq. Trent Walton, CTO U.S. Legal Support.
Guide to Computer Forensics and Investigations, Second Edition
Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove,
The Sedona Principles 1-7
Computer Forensics Iram Qureshi, Prajakta Lokhande.
Visual Evidence / E-Discovery LLC Visual Evidence / E-Discovery LLC 60th Annual Meeting of the Ohio Regional Association of Law Libraries E-Discovery &
Managing the Retention of Electronic Records Ann Marie Przybyla Electronic Records Symposium Region 9, November 2007.
Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.
Marco Nasca Senior Director, Client Solutions TRANSFORMING DISCOVERY THROUGH DATA MANAGEMENT.
Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.
EDiscovery, Records Management and Records Retention.
Nathan Walker building an ediscovery framework. armasv.org Objective Present an IT-centric perspective to consider when building an eDiscovery framework.
Rewriting the Law in the Digital Age
Computer Forensics Principles and Practices
2009 CHANGES IN CALIFORNIA DISCOVERY RULES The California Electronic Discovery Act Batya Swenson E-discovery Task Force
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Meet and Confer Rule 26(f) of the Federal Rules of Civil Procedure states that “parties must confer as soon as practicable - and in any event at least.
Guide to Computer Forensics and Investigations Fourth Edition
We Must Produce! Presented by: Terrence Coan, CRM – Director, RM Solution Line Lead Baker Robbins & Company Charlene Wacenske – Firmwide Records Manager.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
P RINCIPLES 1-7 FOR E LECTRONIC D OCUMENT P RODUCTION Maryanne Post.
The Challenge of Rule 26(f) Magistrate Judge Craig B. Shaffer July 15, 2011.
EDiscovery Preservation, Spoliation, Litigation Holds, Adverse Inferences. September 15, 2008.
Surviving eDiscovery: Technology Firm Perspective  Robert A. Cruz Sr. Director, eDiscovery Solutions, Proofpoint, Inc.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
RIM in the Age of E-Discovery RIM in the Age of E-Discovery FIRM Summer Program June 23, 2009 Christina Ayiotis, Esq., CRM Group Counsel– E-Discovery &
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Digital Government Summit
Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure Information.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
The Sedona Principles November 16, Background- What is The Sedona Conference The Sedona Conference is an educational institute, established in 1997,
E-Discovery And why it matters to a SSA. What is E-Discovery? E-Discovery is the process during litigation of discovering information relevant to litigation.
Electronic Discovery Guidelines Meet and Confer - General definition. a requirement of courts that before certain types of motions and/or petitions will.
EDiscovery Also known as “ESI” Discovery of “Electronically Stored Information” Same discovery, new form of storage.
Title of Presentation Technology and the Attorney-Client Relationship: Risks and Opportunities Jay Glunt, Ogletree DeakinsJohn Unice, Covestro LLC Jennifer.
@ulccwww.ulcc.ac.uk IRMS Cymru October 2015 From EDRMS to digital archive: a wish-list for ways to preserve digital records.
Electronic Discovery Guidelines FRCP 26(f) mandates that parties “meaningfully meet and confer” to consider the nature of their respective claims and defenses.
Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.
Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
When the law firm is the client Handling legal holds, document collections and productions of your own firm’s documents.
Leveraging the Data Map – A Case Study November 15, 2016
Guide to Computer Forensics and Investigations Fifth Edition
Presentation transcript:

* 07/16/96 The production of ESI continues to present challenges in the discovery process even though specific rules have been drafted, commented on, redrafted and approved to address the issues. The new rules, the complex nature of ESI and its impact on litigation has created a greater emphasis on planning and preparation for the ediscovery process. We have talked about Prservation and the importance of litigation holds to insure that spoliation of potential evidence does not occur. Today we will discuss Data Collection, its required attention to detail, and its need for a very exact approach to ensure thoroughness and defensibility. * 1 1

Information Management * 07/16/96 Information Management Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure * 2 2

* 07/16/96 Identification Process of learning where everything relevant may be located and who has access to where and what. * 3 3

When does duty arise through litigation hold * 07/16/96 Preservation When does duty arise through litigation hold Clearly defined, monitored, published process Must allow business to continue to operate, but avoid the spoliation and potential sanctions related to destruction * 4 4

Close attention to metadata and chain of custody. * 07/16/96 Data Collection Must be comprehensive, maintaining integrity of data content and preserving its format. Close attention to metadata and chain of custody. The emphasis over the past few years in ediscovery has been focused on the processing, review and Analysis phases. Recently more emphasis has been placed on the data collection phase, as it not only drives the cost of the latter phases, it needs to be done in a defensible manner. * 5 5

Data Collection- Complexity * 07/16/96 Data Collection- Complexity .Where does ESI exist? Class discussion: Who has: cell phone Blackberry or iphone Laptop Personal home computer Work computer Voicemail account More than one voicmail account One email account More than one email account Thumb drives * 6 6 ##

Data Collection- Complexity * 07/16/96 Data Collection- Complexity .Where does ESI exist? Cell phones Business computers Digital cameras Networks Laptops Email accounts Desktops Voicemail Class discussion: Who has: cell phone Blackberry or iphone Laptop Personal home computer Work computer Voicemail account More than one voicmail account One email account More than one email account Thumb drives * 7 7 ##

* 07/16/96 Data Collection- The FRCP have created a need for a responsible and defensible process. Must move quickly when a new matter arises to collect and preserve data. Must follow a thorough and defensible process. An understanding of the unique nature of data in question will assist in determining the appropriate tools and methods to collect the data. . * 8 8 ##

What is a Defensible Data Collection Process? * 07/16/96 What is a Defensible Data Collection Process? . Definition- use of defensible, court-validated tools, defensible protocols and defensible people to perform the collection. Protocols- iterative, flexible process that considers who, what ,where, when and how and adapts as necessary to the ediscovery process. Tools- the right tools are used based on the type of data being collected. People- trained, certified and trustworthy collection consultants. Third parties are utilized when it is perceived as necessary. The emphasis over the past few years in ediscovery has been focused on the processing, review and Analysis phases. Recently more emphasis has been placed on the data collection phase, as it not only drives the cost of the latter phases, it needs to be done in a defensible manner. * 9 9 ##

What is a Defensible Data Collection Process? * 07/16/96 What is a Defensible Data Collection Process? Meets a Daubert Challenge The collection process is well documented. The collection process methodology is generally accepted by our peers. The collection methodology has been tested and results documented in similar matters. Data cannot be altered as a result of the collection process. The people that performed the collection can testify about the process. The emphasis over the past few years in ediscovery has been focused on the processing, review and Analysis phases. Recently more emphasis has been placed on the data collection phase, as it not only drives the cost of the latter phases, it needs to be done in a defensible manner. * 10 10 ##

Collection- Meet and Confer * 07/16/96 Collection- Meet and Confer Meet and Confer agreements are required to address how ESI will be handled. Among the key effects of the 2006 amendments is the requirement that the parties communicate openly with one another early in the case. Rule 16 establishes a process for discussions related to disclosure and discovery of ESI and Rule 26 obligates the parties to reach agreements related to issues thru formal planning conferences. . * 11 11

Data Collection Process * 07/16/96 Data Collection Process Early Case Assessment- a consultation between the organization, its outside counsel and external resources to determine the goals for the data collection process as well as any issues that might effect preservation or accessibility of the data. Data Mapping and Analysis- a survey or interview process of the key system areas containing relevant data. Goal is to creatae a description of the information systems, record management procedures and an inventory of existing data. . * 12 12 ##

Data Collection Process * 07/16/96 Data Collection Process Preservation- an effective data preservation plan protects all potentially relevant information from risk of destruction and spoliation. Goal is to take custody of data and protect the data in a format that does not alter it and allows it to be extracted for review and production. Collection- the important goal is to collect data in a forensically sound manner, ensuring it is not altered and to create a complete defensible chain of custody to protect the admissibility of the data. . * 13 13 ##

Collection- Data Acquisition * 07/16/96 Collection- Data Acquisition Traditional method- Acquiring of “all” potentially relevant data and processing it for review. $$$ Interim method- Improved processing tools to dedup and neardup data= a smaller review pool of data. $$ Targeted methods- Collecting only relevant items, using keywords, Boolean and other filtering methods. $ * 14 14

Collection- Targeted Methods * 07/16/96 Collection- Targeted Methods Data Mapping – where is relevant data stored? Active records Offline data Third-party hosted storage Archived Backups * 15 15

Collection- Targeted Methods * 07/16/96 Collection- Targeted Methods Searching Techniques Custodian Date and Time Keyword Conceptual Privilege Expertise required. * 16 16

Collection- Targeted Methods- $$ Savings * 07/16/96 Collection- Targeted Methods- $$ Savings Reduced EDD Processing costs. Reduced hosting cost, typically charged by the GB. Reduced attorney review hours. Less (or no) down-time during data acquisition. * 17 17

Collection- Other Considerations * 07/16/96 Collection- Other Considerations Scalability- the ability to expand or contract a search without significant financial or business impact. * 18 18

Collection- Pitfalls- Keyword Searching weakness * 07/16/96 Collection- Pitfalls- Keyword Searching weakness Under-inclusive- focus is on exactness e.g “car” vs. “Mercedes”, Specialized vocabulary or acronyms are excluded. Spell-checking, texting shortcuts. Over-inclusive- many irrelevant documents may be collected e.g. “car” might bring up car seats, car pools, etc. Caselaw: In Re: Fannie Mae. 400 keywords. TREC project and Verizon tests are demonstrating clear weaknesses in existing search methodologies. * 19 19

Collection- Chain of Custody and Authentication * 07/16/96 Collection- Chain of Custody and Authentication Familiar concept in criminal law, but historically rarely an issue in civil litigation. As a result of the ability to change ESI, the requirement to maintain a defensible chain of custody now applies to every stage of the eDiscovery process. This involves: Documenting the acquisition process. Documenting the chain of custody thru the entire process. * 20 20

Chain of Custody – Hash Values * 07/16/96 Chain of Custody – Hash Values An electronic fingerprint. Can be applied to a file, a section of a hard drive, or an entire drive. If any item, even a single character is changed, the hash value will change. * 21 21

Chain of Custody – Admissibility * 07/16/96 Chain of Custody – Admissibility If opposing party objects to any ESI in a matter, it may be necessary to present a complete foundation for it. If the ESI was collected by someone lacking qualifications or someone who is party to the litigation and potentially biased, it may not satisfy the court and the evidence may be excluded. * 22 22

* 07/16/96 Chain of Custody – Log Regardless of whether a forensic or non-forensic collection is made you need to properly maintain the chain of custody, including: A description of devices from which data was copied. A list of folders that were copied. Your process for making the copies. Documentation of any hand-offs e.g. back to a law firm or to a processing company. * 23 23

Computer Forensics vs eDiscovery- definitions * 07/16/96 Computer Forensics vs eDiscovery- definitions Computer Forensics- computer investigation and analysis techniques that involve the identification, preservation, extraction, documentation, and interpretation of computer data to determine potential legal evidence. eDiscovery- The process whereby electronic documents are collected, prepared , reviewed and distributed in association with legal and government proceedings. * 24 24

Collection –Forensic vs. Non-Forensic * 07/16/96 Collection –Forensic vs. Non-Forensic Forensic acquisitions- an exact image that includes everything on the hard drive such as slack space and deleted files not yet overwritten. Forensics tools utilized do not alter any data during the copying process (a bit by bit mirror image is created). Non-forensic acquisitions- Civil litigation requires preservation of data relevant to a litigation. A chain of custody will assist in the admission of evidence and s.b. maintained, but a bit image is not always necessary. * 25 25

Collection –When is a Forensic Investigation Needed? * 07/16/96 Collection –When is a Forensic Investigation Needed? Forensic investigations – typically recover and analyze areas of a suspect media that is unavailable thru eDiscovery software. Some case categories Typical Tasks Employment disputes . Recovering deleted files and emails Contract disputes . Internet activity analysis Embezzlement . Cell phone analysis IP theft . Metadata analysis Insurance Fraud * 26 26

Collection –Forensic Images * 07/16/96 Collection –Forensic Images Forensic image- preserves everything, including metadata, whereas copying the drive or simply opening a file to copy it, can alter important metadata and change the evidence. If that data is important to a claim (date of memo, who last accessed it, where it was stored, etc) critical evidence may be lost. Additionally a forensic image captures deleted files, file fragments, and other data, including attempts to destroy evidence. * 27 27

* 07/16/96 Forensics * 29 29 ##

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.