Julie Lewis, President, CEO and Founder of Digital Mountain, has over 20 years of experience working in the high technology industry and is a frequent speaker on electronic discovery, computer forensics and cybersecurity. After working on over 1,000 computer forensics and e-discovery cases for over a decade, Julie has provided us with some simple tips for successful eDiscovery planning:
- Meet and Confer. For litigation, it’s important for the Plaintiff and Defense to be on the same page on search criteria and production output. This should always be in writing and helps prevent costly issues downstream.
- Be Transparent on Your IT Environment. If there are limitations or hurdles caused by what is being requested, be transparent on what issues exist and try to communicate back in terms of concrete cost estimates or delays based on what is being requested. Counteracting a request with generic terms such as the request is “unduly broad” doesn’t mean much to the opposing side, arbitrator or judge. Some data issues are complex and it’s more optimal to communicate an analogy, so the opposing side, arbitrator, judge or jury can more quickly understand the issues at hand.
- Keyword Hit Report Sharing. If using keywords, have a hit report performed before exporting results from the data population. If a keyword hit results in a voluminous number of documents, consider having open communications why a mutually agreed upon keyword may not have produced the intended resulted or yielded false positives no one anticipated. Have an out for adjustments if needed. The receiving side of a production does not want to be data dumped.
- Compressed, Compounded and Database Files. Not all compressed and compounded files are caught by search technologies. Make sure the processing techniques the e-Discovery provider is using is catching all the data in the search.
- Exception Reports. If documents are not being indexed, ensure the exception report is reviewed. For example, encrypted files with the main smoking guns may have been missed by the search and you will never know if you don’t request and review the exception reports.
- User-created File Filtering. When dealing with laptops and desktops, it’s important to exclude the system, program and junk files. The De-NIST process which is based on known hash values of program and system files, can result in increased processing costs and yield more non-relevant files. It’s much more optimal to have a computer forensics expert who knows the operating system spend ½ hour-2 hours analyzing the computer for where relevant data is stored and have the export done from there. However, in the absence of not performing any filtering, De-NIST is better than doing nothing.
- Pictures and Video Files. If pictures or videos are relevant, make sure there is an exclusionary clause for this type of data since keywords won’t hit multimedia files. Pictures may be better viewed in gallery view programs and videos in native video players. There may be ability to cull the data down by metadata criteria.
- Smartphone Data. The smartphone analysis tools will only show what data the software can parse or make presentable for review because the software developer invested in creating technology to display the data. There may be messaging applications that the tool did not parse and additional relevant data may exist. It’s important to review what applications are on the phone. Many of the social media communications are only on the cloud and the smartphone is just connecting to the cloud, but it depends on how the App is designed. Also, the computer forensics tools utilized for smartphone communication parsing do not process data for review tools and companies such as Digital Mountain have developed specialized technology for this industry need.
- Search Criteria Should Include Analysis for Wiping Software and Deletion Activity if Computer Forensics is Involved. Make sure if the case involves computer forensics to build into the protocol a search for wiping software and deletion activity. Many attorneys consider the filtering criteria (keywords, file names and/or date range criteria), but forget this important last step. If you bring in a neutral computer forensics examiner, only the mutually agreed upon search parameters are allowed and their hands will be tied to report anything else unless this is built-in to the protocol.
- Application and Cloud Experience. With the proliferation of thin client computing, much of the data may be stored on the cloud. As a result, the producing organization may be subject to the limitations the cloud service provider has implemented. For example, litigation hold capabilities may not be an available feature. Having an eDiscovery provider such as Digital Mountain that has application-specific expertise and a strong history preserving data within cloud environments such as G Suite, Office 365, Slack, Box, Dropbox, Salesforce.com, etc. can be helpful in navigating options that may be available and best practices.
May these top ten tips help in navigating discovery so that your focus can be on the merits of the case versus technical issues.