Posts Tagged ‘edd’


Email Discovery as Electronic Evidence

Tuesday, July 22nd, 2008

In today’s legal discovery world, electronically stored information requires special attention in litigation. The recent emphasis on producing electronically stored information requires an e-discovery team to apply legal principles to information technology. But electronically stored information in some cases drive them out of business, especially in companies as they are unaware to find electronically stored information, especially Email and associated attachments. Most email discovery efforts relate to the collection and review of Email as they remain one of the highest risk areas.

Email is most popularly used by all the people for communication of personal or business related matters. Currently more than 1000 million Email accounts are in use Worldwide, with an average of more than 4 Email accounts per person. With the Email accounts, all your incoming, saved, and sent mail is stored on a mail server with in IMAP folders. As we know we all rely on Email to operate our businesses in our personal lives, it is important to take preventive measures to avoid the ultimate disaster of unrecoverable Email.

The message index in the Email s lists the messages and is stored as entries in a database associated with the file structure. When you delete mail messages the attachments of the deleted file are also deleted as well. How ever you can restore them as they are only moved to a special deleted message folder called Trash folder, like the files in Recycle bin. These deleted Email s still remain on a computer hard drive, servers or retained on back-up tapes.

After deleting the Email from the folder, it reduces the size of the database file by eliminating this vacant space. Once they get deleted they restore it in the trash folder, which can be easily retrieved. These files are not removed from an index of the files, they just move to the trash directory and the space is considered to be available for writing new data.

But if an Email in the trash folder is deleted again then it is no longer indexed and no longer readily accessible. But these files are not truly deleted; they still exist on your hard drive. These deleted files have not been erased, but in most of the cases they can be easily retrieved. To retrieve the data from the trash files, forensic examination is required to locate and retrieve them. In some circumstances, these mails may be impossible to retrieve from the server, hard drive or pc because they have been overwritten by other files.

Even if your Email is completely lost, then these mail recovery tools are used to scan the entire hard disk, locate and recovers the deleted Email and also repairs the database if it is corrupted.

Imagine your Email database deleted or the file system corrupted. If that happens, you would need an undelete tool to get the files back. Though the database becomes corrupted, the data content may still exist, but the structure of the file may be wrong such that the mail cannot list the messages. Then you need to use email discovery tools typically to scan your hard disk and list a whole bunch of files with damaged, crippled file names.

As different mail programs store data in different formats like word, Excel, csv, pdfs etc, you must use a data recovery tool that supports the mail software you are using. For Outlook Express or Windows Mail, Mail Recovery is effective and easy to use, For Microsoft outlook files to recover, you need Outlook recovery, and for Mozilla thunderbird mail folders you can recover by using a text editor as they are plain text files.

To avoid severe legal sanctions, you need an easy way to search for relevant Email in order to quickly meet legal discovery requests. In fact, an effective Email discovery solution can help mitigate these legal risks. www.Datatriage.com is one of the leading experts in the field of email discovery, which restores electronically stored information in Email and associated attachments.

Technical Considerations in Review Process of E-Discovery

Wednesday, June 25th, 2008

Decision-making, backing up your data and managing a review database to acquire digital data in your company is no longer a solvency for your problem in E-discovery, though you decide to go with the legal attorney for review process in E-Discovery. Data collection plays a key role in review process. There are some technical issues that need to be considered, which will help the legal team in identifying potential problems as well as successful review in E-Discovery.

Following are checklist of technical issues that can aid in this review process of E-discovery:

ISP (Internet service provider) will look simple but in most cases they are overlooked. Reliability, network speed and throughput can have a tremendous impact supplied by the ISP. Consult your network engineer and find who you’re ISP (Internet service provider) is and how reliable are they. So that Ip addresses at the main location can be rerouted. For eg: When you access your personal E-mail from your own Internet service provider, chances are your E-mail comes to you from your ISP’s E-mail servers in one of three ways POP (Post office protocol), IMAP (Internet mail access protocol), MAPI (Messaging Application Programming Interface) or HTTP (Hyper text transfer protocol),which helps in finding out the e-mail.

Bandwidth: Routers, hubs, firewalls, cables, and modems all these will effect the actual bandwidth. The bandwidth fluctuates time to time. An average sampling of this bandwidth should be taken every day. This is very important because the reviewers are going to access the data online and check whether they have the actual bandwidth speed. Use the online support tools to measure the speed of bandwidth that provide upload and download speed.

Map out the number of hops associated with each computer and review location Tracert is a network command tool used to show the route taken by the packets across an IP network i.e. the information from your computer to one you specify. This tracert command lists all the routers it passes through, until it reaches its destination and will also tell you how long each ‘hop’ from the router to router takes. This will provide lots of relevant information to the networker.

Use web analytic software to view the reviewers and location This will impact adversely if 100 reviewers are trying to access the same information, resources or website from the same physical location at the same time, verses only 10 reviewers doing the same. By making a list of total number of reviewers and their physical access location, we can estimate how long a review will take and from which place.

Software Configuration In order to ensure that Web usage is consistent it is necessary to ensure that software’s are configured in a consistent manner. You should ensure that the Web server is configured so that appropriate information is recorded and that changes to relevant server options or data processing are documented.

Not all the time the web usage data might give true indication of usage of data. This is due several factors such as effects of caches, cookies, browser types, auditing tools, etc. Despite these reservations collecting and analyzing usage data can provide valuable information.

Fire wall operation The loss of files, e-mails, financial records can be avoided in conjunction with the other security issues, with the help of Firewall. Firewall is necessary for almost every review process, because they it plays a vital role in overall performance of network. Check whether your firewall is blocking your ports or whether it is accessing the internet through identified specific ports? Most of the firewall has the devices such as NAT(Network address translation) which protects you by hiding the internal ip address to outsiders from reaching your internal network and also inspects the incoming visitors, and also has additional features by terminating the VPN (Virtual private network) which allows the users to securely communicate using encrypted traffic.

Data collection always plays a key role in review process of E-Discovery. After gathering the information based on the checklist of technical issues make a decision by sharing with your technical support team, whether these are with in normal parameters. This will enable the legal team to address for developing the solutions to potential issues and will set up a successful E-Discovery review. www.datatriage.com is the best practice for the corporate firms, who possess both the technical and legal knowledge to set up a successful claim.

 

Electronic Data Discovery: Approach and Process

Thursday, May 15th, 2008

From the initial collection of electronic data to the final making of relevant and responsive documents, one of the biggest challenges faced by lawsuit attorneys is managing the large volume of digital documents produced during the discovery process. Electronic data discovery is a main stream in general discovery of evidence in legal proceedings. Today 90% of the business communication takes place in an electronic environment, so it is critical to carefully manage this electronic data for legal purposes by companies.

Electronic data discovery approach involves the following steps:

Step1: Collection
Formulate plans to identify the data across the networks for legal and IT department. Handling evidence to court requires a documented chain of custody. In this data collection strategy, it is necessary to include any data that is necessary for authenticating a relevant piece of electronic evidence. The collection includes deleted files, Web E-mails, Internet history etc like collecting Meta-data, information about the E-mails, address, date, and time are gathered as an inventory of discovery. This documented chain of custody is helpful in minimizing the mishandling, misconduct or tampering of critical data.

Step2: Preservation
Maintaining the proper integrity of data is the key to preservation. After identification of data; it is protected avoiding spoliation for the validity of the data in order to preserve legacy data. The original data should be stored in a proper location, because the relevant meta-data may exist at the time an electronic document is located, but may be altered. In order to avoid this, affordable techniques exist to make forensic copies or mirror images that are specifically designed to preserve the integrity of the meta-data to capture the relevant meta-data from the original source before they are copied.

Step3: Processing
Make the collected data readable and usable for legal review by eliminating duplicate files. The processing includes deduplication of data by hash value, near duplication, concept clustering, format conversions, native file review, file recovery, meta data extraction, export for any review system.

Step4: Review
Review of electronic documents is essential to separate relevant material from the irrelevant material. Filter the data to achieve a relevant, manageable collection of information. Once the files are collected in readable form, they are converted to digital form in large volumes, particularly with respect to many common forms of electronic documents such as E-mail.

Step5: Production
The final stage is to prepare the data set and make the information available in TIFF, PDF or HTML format as part of a database accessible from a Web-based repository. Delivering electronically stored information (ESI) to various law firms or corporates for further use, production needs vary, therefore the output is flexible.

The law firms and companies that do electronic data discovery have well established clear processes to standardize the way discovery works for all matters. This yields faster results, better control over sensitive data and tremendous cost savings and increased litigation risks, whilst the cost and risks of electronic data discovery is reduced through the hard work of analysis work process. For more information about electronic data discovery visit www.datatriage.com; a leading electronic data discovery firm to process vast amounts of data quickly and accurately.

Electronic Data Discovery – Technology Along With Policy Review

Saturday, April 19th, 2008

Electronic discovery plays a vital role in the contest of litigation, audits, investigation and other formal proceedings. In fact, according to the courts, computers have become so commonplace that most court battles now involve discovery of some type of computer-stored information. Litigators often take advantage of this lack of preparation by making digital information. In some cases, litigants have been forced to search, copy and produce millions of E-mail messages at their own cost. In other cases, litigants have been required to create special computer programs to find and extract discoverable data and files believed to have been deleted. It is clear that organizations need to act now to prepare for the electronic data discovery challenge. The amount of time, money and resources expended on electronic data discovery can be amazing for those organizations that are unprepared, where the Data Triage Technologies is found to be the leading expert in the field of electronic data discovery process.

Certain forms of discoverable digital information may be more palpable to organizations, both in terms of the need to retain and manage them, and their inclusion in discovery requests. However, even the most obvious piece of evidence, such as a word processing document in electronic form, may present unique challenges. Such documents may in fact contain Meta data that reveals important information.

The scope of discoverable digital information does not end with electronic documents and other certain packages of bits. In fact, there is an entire realm of potentially discoverable evidence that many organizations may not even be aware of. Newer communications technologies and techniques may in fact offer unmanaged information to a litigant. E-mail, instant messages, wireless PDA data, and chat room or discussion database conversations are often not captured and properly managed by organizations, because they fail to apply information management and retention policies across the board. Also, such technologies may not easily lend themselves to management, as they are typically used in a casual, distributed and personalized manner. There have been many cases where E-mail or instant messages were admitted as evidence, and regulators require such information to be managed like any other record.

Increased belief on information technology and the increased targeting of electronic evidence by litigators, regulators, and investigators means that most organizations are likely to face the challenge of electronic data discovery. Therefore, an organization’s best interests can only be served by preparing for those challenges today. There are few alternatives to the development and enforcement of information management policies and practices that include an electronic data discovery plan. Further, aside from electronic data discovery, proper management of electronic information has clear benefits such as improved customer service and more efficient operations. In any case, such policies and practices should consider the following issues:

1. The organization should clearly define who is ultimately responsible for policy development, enforcement, training, notification and other duties for ensuring that electronic data discovery duties are observed.

2. In the event of a discovery request or anticipated litigation, everyone in your organization who may have control of potentially relevant information should be notified of the requirement to retain information to prevent chance of spoliation.

3. Every employee in your organizations should be aware of the duty to manage records and other information in accordance with written policies generally, and should also understand their duty in the face of audits, investigation and litigation. Employees should also be educated about adequate use and their conduct should be evaluated against these policies.

4. Organizations should ensure that they are spending their resources managing the information that has the most value. In addition, the ongoing elimination of duplicate E-mail, drafts, and so on, in accordance with a written policy can reduce the burden of electronic data discovery.

5. A key reason that electronic data discovery turns out to be burdensome for an organization is the lack of appropriate management technology and searching tools. For example, the ability to search E-mail messages by name, dates, subject lines, routing information, keywords, and other criteria can turn a long and expensive discovery process into a routine operation. Greater flexibility in indexing and retrieval tools can lead to significantly lower soft and hard costs for electronic data discovery.

6. Manage the electronic form because the courts may require information that was generated in electronic form, even if paper copies are available. Courts may look negatively upon litigants who attempt to thwart the discovery process by failing to provide evidence in its native format.

7. Remove records from active systems. Wide discovery instructions can result in an organization’s workstations, servers and networks being periodically unavailable for business operations while they are searched for relevant information. Regularly moving electronic records and other information off of active systems in and into records management, document management and archival systems can help organizations avoid this eventuality.

8. From implementing technology with information management in mind from the outset, to assisting in retrieval and production, to educating executives and attorneys and providing testimony, the IT department plays many roles in the electronic data discovery process.

Electronic data discovery has become a challenge that every organization is likely to face at some point. Further, electronic evidence has become a favorite target of litigators, regulators and investigators. Organizations need to be proactive in addressing this reality. Existing policies, practices, and technology approaches should be viewed that takes into account the millions of dollars, thousands of employee hours and other burdens that organizations have faced in the past for failing to get it right. Even organizations that are facing litigation today can benefit from improvements in technology and policies to streamline the discovery process.

 

Electronic Discovery Violations and Litigation Misconduct

Wednesday, March 12th, 2008

In its recent judgment, the court held Qualcomm guilty of withholding a large number of electronically stored documents. Qualcomm never searched the e-mails of certain key witnesses for responsive documents. It held back tens of thousands of e-mails that were decisive in the case, observed the court. The judge affirmed a sanction on Qualcomm’s counsels of over US $ 8.5 million. The judgment also held them guilty of gross litigation misconduct. The judge termed it a reckless disregard of their electronic discovery obligations. The State Bar of California is to take up further inquiry and possible disciplinary action against the attorneys.