10 Critical Decisions for Effective E-discovery Part 1

The Information Management Journal/September/ October 2007- Today's surge of electronic data, paired with the December 2006 changes to the Federal Rules of Civil Procedure (FRCP) concerning electronically saved information (ESI), requires details and lawyers to broaden their knowledge about dealing with electronic discovery. The recent modifications to the FRCP consist of:


* Definitions and safe harbor arrangements for the regular changes of electronic files during regular operations such as back ups [Amended Rule 37( f)]
* Information about how to handle data that is not reasonably available [Amended Rule 26( b)( 2 )( B)]
* How to handle accidentally produced privileged material [Amended Rule 26( b)( 5)]
* ESI preservation obligations and the pre-trial conference. [Amended Rule 26( f)]
* Electronic file production requests [Changed Rules 33( d), 34, 26( f)( 3 ), 34( b)( iii)]
There are lots of viewpoints about how ESI must be prepared for, handled, organized, kept, and recovered. Some of the readily available alternatives are extremely costly in regards to their required financial and time commitments. Continuously changing innovations just contribute to the confusion. One area of confusion is the difference between computer system forensics and electronic discovery; there is a considerable difference. discovery toy kit are explained in the sidebar Computer Forensics vs. Electronic Discovery.

Making the Right Choices

Successfully reacting to e-discovery within the restrictions of the amended FRCP requires organizations to make many vital decisions that will affect the collection and processing of ESI.

Collection Decisions

The following questions require instant answers:

1. Are e-mail files part of this project? If so, do any essential individuals keep an Internet e-mail account, in addition to their business accounts?

The sheer volume of transactions for big e-mail providers forbids the storage of huge amounts of mail files. Numerous Internet email account companies, such as AOL, BellSouth, and Comcast, maintain their e-mail logs no longer than 30 days. If a case could possibly need the expedition of e-mail from Internet accounts, the discovery group need to expeditiously ask for the records, or they might be gone permanently. This typically requires a subpoena. In rare cases, fragments of Internet email might be recovered forensically from an individual's disk drive.

2. Is there any chance prohibited activity may be found?

Many cases involving electronic data uncover misdeeds. These scenarios may include a member of the technology department or a highly technical staff member. In these cases, a company's first inclination might be to terminate the employee( s) included and determine the degree of any damage prior to informing law enforcement agencies.

If the wrongdoing is by a technical individual, there is a possibility that he or she is the only individual who knows how to access the files, find the problem, or fix it. The technical worker normally has the capability to work and gain access to business files remotely.

A much better solution is to restrict the worker's total access opportunities, both remote and regional. The worker is then alerted of management's understanding of the situation and given a chance to work together to decrease the damage. If the situation includes criminal matters, specifically if financial or medical records have actually been jeopardized, a great choice is to involve law enforcement as early as possible. Electronic lawbreakers often damage all evidence and vanish of their activities.

3. Is it possible that erased or concealed files may play an important function in this case?

There are 3 ways to gather electronic apply for discovery:

* Forensically ะ ะ as explained in the sidebar

* Semi-forensically ะ ะ using non-validated techniques and applications to capture files

* Non-forensically utilizing basic cut and- paste copy approaches to move copies of files from one location to another. These approaches do not include hashing files to guarantee the files have actually not altered, which includes using a hash algorithm to produce a mathematical finger print of several files that will change if any modification is made to the collection.

For some matters, the content of electronic files is all that matters. The context of the files ะ ะ who created them, how they are kept, how they have actually been accessed, if they have been altered or deleted ะ ะ is not as crucial.

For other cases, contextual info, consisting of finding deleted files, is crucial and needs a forensic collection. This consists of

* Ensuring legal search authority of the information

* Documenting chain of custody

* Creating a forensic copy using validated forensic tools that produce hash records

* Using repeatable processes to take a look at and analyze the data

* Creating a clinical report of any findings

Identifying the worth of electronic forensic file collection need to be done prior to any information being captured. When semi- or non-forensic techniques have actually been utilized, it is impossible to return records to their original states.

4. Are backup tapes part of an active collection?

Some cases involve historical problems, making the approach of handling computer system backups important to deal with instantly.

The majority of services utilize a schedule of rotating their backup media. In a four-week rotation, day-to-day backups are done for a week and then those tapes (or drives) are taken offsite for storage. A new set of media is utilized for the 2nd, third, and 4th weeks, and then those 3 tapes are saved offsite. On the fifth week, the tapes/drives from the very first week are reused. This procedure is done for monetary reasons, as it is very cost-efficient.

Backup tapes may enter into the active details required to be kept under a litigation hold. This needs cessation of any rotation schedule, and the 2006 modifications to the FRCP make it vital for the legal group to communicate that details to the technology workers responsible for company connection processes.

* ESI conservation responsibilities and the pre-trial conference. Are e-mail files part of this project? The large volume of deals for large e-mail suppliers restricts the storage of enormous quantities of mail files. If the misdeed is by a technical individual, there is a chance that he or she is the only person who knows how to access the files, find the problem, or repair it. The technical employee typically has the ability to work and access business files from another location.