Original Post Date: June 26, 2014
eDiscovery: Digital
Forensic's simpler cousin
As a Digital Forensic
Consulting firm, one of the main services we provide is electronic discovery or
eDiscovery. What is eDiscovery? Simply put, in civil litigation
cases one or more parties may ask for documents such as emails, memos, or other
electronic correspondence to help bring the facts out in the case to paint a
clearer picture of what may have been going on leading up to the suit.
For instance, if GM knew about a potential safety hazard in their
vehicles which caused death or serious injury and there was any sort of
electronic correspondence between executives at GM about the safety hazard and
a suit is filed against GM alleging that they knew about the safety hazard and
took no proactive action to correct it, these electronic correspondences may be
recovered through the eDiscovery process and presented as part of the case to
help prove wrongdoing by GM... by the way, that's just an example for
illustrative purposes. If anyone from GM reads this, don't file suit on
us please.
So how does eDiscovery
factor into the world of digital forensics? To illustrate the different
levels of digital forensics, we'll "borrow" an analogy from a fellow
examiner which we use often when describing the different levels of services we
offer. Think of a computer, tablet, smart phone, etc. as a desk top in
your office. eDiscovery would be the forensic equivalent of locating all
the important papers on top of your desk which have not been destroyed or
altered in any way. Digital Forensics delves a little deeper into the
environment and we use quite a bit more training and expertise to locate what
may be of interest in the trash can. If you think there's relevant or
important information in the shredder, we can work to recover that too and
piece the bits together to present a (mostly) clear picture... but of course,
that's pretty time and labor-intensive and costs more. Using this
analogy, eDiscovery is the top layer of information that a legal team may need
when putting a case together. It is generally easier to recover and not
overly time-consuming, (depending on how much is requested.)
The important fact that
some practitioners may overlook is that adhering to the forensic methodology is
vital across the board. Bear in mind that eDiscovery items all have
evidentiary value whether they are to be used in mediation, deposition or
court. Therefore, the means by which they are acquired and presented must
be in line with all other digital evidence. Whether the lawsuit is for
millions of dollars in damages or the case is criminal in nature with a
person's freedom at stake, the cost of cutting corners can be great.
Further (and as stated in previous articles), if the forensic methodolgy
when recovering the eDiscovery items isn't maintained, the credibility of the
examiner presenting the information may come into question. That is fatal
in our line of work.
So hopefully you now
have some idea of what eDiscovery is and its purpose. It's been said that
every time we learn something new, another wrinkle gets put in our brain...
hopefully you got another wrinkle or two!
Patrick J. Siewert
Owner, Lead Forensic Examiner
Pro Digital Forensic Consulting
www.ProDigital4n6.com
