10 Vital Decisions for Successful E-discovery Part 1

The Information Management Journal/September/ October 2007- Today’s explosion of electronic information, paired with the December 2006 modifications to the Federal Rules of Civil Procedure (FRCP) concerning electronically stored details (ESI), needs details and lawyers to broaden their understanding about managing electronic discovery. The current changes to the FRCP include:

* Definitions and safe harbor provisions for the regular alterations of electronic files throughout regular operations such as back ups [Amended Rule 37( f)]
* Information about how to handle information that is not reasonably accessible [Amended Rule 26( b)( 2 )( B)]
* How to handle inadvertently produced privileged material [Amended Rule 26( b)( 5)]
* ESI conservation obligations and the pre-trial conference. [Amended Rule 26( f)]
* Electronic file production demands [Amended Rules 33( d), 34, 26( f)( 3 ), 34( b)( iii)]
There are lots of viewpoints about how ESI ought to be prepared for, managed, organized, saved, and retrieved. A few of the offered alternatives are exceptionally expensive in terms of their needed monetary and time dedications. Continuously changing technologies just add to the confusion. One location of confusion is the difference in between computer system forensics and electronic discovery; there is a substantial distinction. These are described in the sidebar Computer Forensics vs. Electronic Discovery.

Making the Right Choices

Successfully responding to e-discovery within the restraints of the amended FRCP requires organizations to make numerous important decisions that will impact the collection and processing of ESI.

Collection Decisions

The following concerns need instant answers:

1. Are e-mail files part of this job? If so, do any crucial individuals maintain an Internet e-mail account, in addition to their business accounts?


The sheer volume of transactions for big e-mail providers restricts the storage of huge amounts of mail files. Many Internet email account service providers, such as AOL, BellSouth, and Comcast, keep their e-mail logs no longer than 30 days. If a case could possibly require the exploration of email from Internet accounts, the discovery team need to expeditiously ask for the records, or they may be gone forever. This generally needs a subpoena. In unusual cases, fragments of Internet e-mail might be recuperated forensically from an individual’s hard disk.

2. Exists any opportunity unlawful activity may be found?

Lots of cases including electronic information reveal wrongdoings. These situations may include a member of the innovation department or an extremely technical worker. In these cases, an organization’s first inclination may be to end the worker( s) included and figure out the extent of any damage prior to informing law enforcement agencies.

If the misdeed is by a technical individual, there is a chance that he or she is the only person who understands how to access the files, discover the issue, or fix it. The technical employee generally has the ability to work and gain access to company submits from another location.

If the circumstance involves criminal matters, specifically if monetary or medical records have been jeopardized, a good decision is to include law enforcement as early as possible. Electronic wrongdoers regularly vanish and destroy all proof of their activities.

3. Is it possible that erased or concealed files may play an important role in this case?

There are 3 ways to gather electronic files for discovery:

* Forensically ? ? as explained in the sidebar

* Semi-forensically ? ? using non-validated methods and applications to catch files

* Non-forensically using simple cut and- paste copy methods to move copies of files from one location to another. These methods do not consist of hashing files to ensure the files have actually not changed, which includes utilizing a hash algorithm to develop a mathematical fingerprint of one or more files that will change if any change is made to the collection.

For some matters, the material of electronic files is all that matters. The context of the files ? ? who developed them, how they are kept, how they have been accessed, if they have been altered or deleted ? ? is not as crucial.

For other cases, contextual information, consisting of finding erased files, is vital and requires a forensic collection. This consists of

* Ensuring legal search authority of the data

* Documenting chain of custody

* Creating a forensic copy utilizing verified forensic tools that create hash records

* Using repeatable procedures to analyze and examine the information

* Creating a clinical report of any findings

Figuring out the value of electronic forensic file collection need to be done prior to any data being caught. Once semi- or non-forensic approaches have been used, it is impossible to return records to their initial states.

4. Are backup tapes part of an active collection?

Some cases involve historical issues, making the method of handling computer backups crucial to resolve immediately.

Many services use a schedule of turning their backup media. A new set of media is used for the second, third, and fourth weeks, and then those three tapes are stored offsite.

Backup tapes may become part of the active information needed to be kept under a litigation hold. This requires cessation of any rotation schedule, and the 2006 amendments to the FRCP make it crucial for the legal group to convey that info to the technology employees accountable for company continuity processes.

* ESI conservation obligations and the pre-trial conference. Are e-mail files part of this project? The large volume of deals for big e-mail companies prohibits the storage of enormous amounts of mail files. If the misdeed is by a technical person, there is a possibility that he or she is the only person who knows how to access the files, find the problem, or fix it. The technical employee typically has the capability to work and access business submits from another location.