10 Critical Decisions for Successful E-discovery Part 1
An explosion of electronic data today, and in December 2006, amendments to the Federal Rules of Civil Procedure (FRCP) concerning electronically stored information (ESI) is required information and legal professionals to deepen their knowledge of the management of electronic evidence. Recent changes to the FRCP include:
* Definitions and refuge for changes in routine electronic files during routine operations such as backups [Amended Rule 37 (f)]
* Information on how to deal with data that is not reasonably accessible [Amended section 26 (b) (2) (B)]
* How to deal with inadvertently produced privileged materials [Amended Rule 26 (b) (5)]
* Functions ESI preservation and pre-trial conference. [Amended section 26 (f)]
* Electronic filing of an application for the production of [amended section 33 (d), 34, 26 (f) (3), 34 (b) (iii)]
There are many opinions on how ESI should be planned, managed, organized, stored and retrieved. Some options are very costly in terms of time and financial commitments. evolving technologies only add to the confusion. One area of confusion is the distinction between computer forensics and electronic evidence, there is a significant difference. They are described in the sidebar for eDiscovery Computer Forensics.
Make the right decisions
Successfully respond to e-discovery within the amended FRCP requires organizations many important decisions that the collection and processing of ESI affect them.
Stock decisions
The following questions need immediate answers:
1. Your e-mail files that are part of this project? If yes, press any key people holding an Internet mail account, in addition to their corporate accounts?
The trading volume of large email providers prohibiting the storage of large amounts of archived e-mails. Many ISP's email account such as AOL, BellSouth, and Comcast will retain your records e-mail no later than 30 days. If a case can require the examination of e-mail from Internet accounts, demand for the Discovery team with due diligence files, or perhaps gone forever. This generally requires a court order. In rare cases, fragments of forensic Internet e-mail retrieved from the hard drive of an individual.
2. Is there a possibility of illegal activity can be detected?
many cases, crime files electronically. These situations can lead to a member of the technology department or a highly technical staff. In these cases, a first inclination that the trade union (s) involved to cease and extent of the damage before contacting law enforcement agencies to determine.
This is exactly the right thing to do. If the offense is a technical person, it is possible that he or she is the only person who can open files, find the problem or repair. It is often the person who knows the passwords to business critical applications. The staff generally and the ability to work remotely to corporate file. Unless such entry is prior to the termination removed, you can be dismissed or disgruntled employee can access the network and major damage.
A better solution is to reduce the access privileges of employees, both locally and remotely. The employee receives information management knowledge of the situation and the possibility of working together to minimize the damage. If the situation is criminal, especially if financial or medical data concerned, a good decision to involve the police as soon as possible. Electronic criminals usually disappear and destroy all traces of your activities.
3. Is it possible to delete hidden files or can play an important role in this case?
There are three forms of collection of electronic files for detection:
* Forensic ะ as described in the sidebar
* ะ semi-legal in using non-validated applications and capture files
* No legal copy and paste simple methods to copy files from one place to another. These methods do not contain file hash to ensure that the files have not changed, a hash algorithm that includes using a mathematical fingerprint of one or more files that change if a change is made to create the collection.
In some cases, the contents of electronic documents is all that matters. The context file ะ they did, how they are, how they work, they have been changed or deleted ะ is not as important.
In other cases, contextual information, including the search for deleted files is essential and requires a scientific collection. This includes
* Ensure the legal authority to search data
* Documentation of the chain of custody
* Create a legal copy validated using the legal tools to hash files
* The use of repeatable processes to review and analyze data
* Create a scientific report results
Determine the value of the electronic collection of forensic files must first be made to all data recorded. Once the methods of semi-or non-judicial used, it is impossible to record back to their original state.
4. Backup tapes are part of a collection of assets?
Some cases may also historical, as the method of management of emergency equipment important to be treated immediately.
Most companies use a system of rotation of backup media. For example, a rotation of four weeks, daily backups are performed for a week and then tapes (or disks) are taken offsite for storage. A new set of media used for the second week, third and fourth, the three tapes are stored off site. In the fifth week, the tapes / discs of the first week of being reused. This process is done for financial reasons, because it is very profitable.
Backup tapes can be a part of the active information, which will be held in a case should be. This requires the cessation of all programs of rotation, and 2006 amendments to the FRCP are crucial for the legal team that transmit information on personnel responsible for process technology business continuity.
* Definitions and refuge for changes in routine electronic files during routine operations such as backups [Amended Rule 37 (f)]
* Information on how to deal with data that is not reasonably accessible [Amended section 26 (b) (2) (B)]
* How to deal with inadvertently produced privileged materials [Amended Rule 26 (b) (5)]
* Functions ESI preservation and pre-trial conference. [Amended section 26 (f)]
* Electronic filing of an application for the production of [amended section 33 (d), 34, 26 (f) (3), 34 (b) (iii)]
There are many opinions on how ESI should be planned, managed, organized, stored and retrieved. Some options are very costly in terms of time and financial commitments. evolving technologies only add to the confusion. One area of confusion is the distinction between computer forensics and electronic evidence, there is a significant difference. They are described in the sidebar for eDiscovery Computer Forensics.
Make the right decisions
Successfully respond to e-discovery within the amended FRCP requires organizations many important decisions that the collection and processing of ESI affect them.
Stock decisions
The following questions need immediate answers:
1. Your e-mail files that are part of this project? If yes, press any key people holding an Internet mail account, in addition to their corporate accounts?
The trading volume of large email providers prohibiting the storage of large amounts of archived e-mails. Many ISP's email account such as AOL, BellSouth, and Comcast will retain your records e-mail no later than 30 days. If a case can require the examination of e-mail from Internet accounts, demand for the Discovery team with due diligence files, or perhaps gone forever. This generally requires a court order. In rare cases, fragments of forensic Internet e-mail retrieved from the hard drive of an individual.
2. Is there a possibility of illegal activity can be detected?
many cases, crime files electronically. These situations can lead to a member of the technology department or a highly technical staff. In these cases, a first inclination that the trade union (s) involved to cease and extent of the damage before contacting law enforcement agencies to determine.
This is exactly the right thing to do. If the offense is a technical person, it is possible that he or she is the only person who can open files, find the problem or repair. It is often the person who knows the passwords to business critical applications. The staff generally and the ability to work remotely to corporate file. Unless such entry is prior to the termination removed, you can be dismissed or disgruntled employee can access the network and major damage.
A better solution is to reduce the access privileges of employees, both locally and remotely. The employee receives information management knowledge of the situation and the possibility of working together to minimize the damage. If the situation is criminal, especially if financial or medical data concerned, a good decision to involve the police as soon as possible. Electronic criminals usually disappear and destroy all traces of your activities.
3. Is it possible to delete hidden files or can play an important role in this case?
There are three forms of collection of electronic files for detection:
* Forensic ะ as described in the sidebar
* ะ semi-legal in using non-validated applications and capture files
* No legal copy and paste simple methods to copy files from one place to another. These methods do not contain file hash to ensure that the files have not changed, a hash algorithm that includes using a mathematical fingerprint of one or more files that change if a change is made to create the collection.
In some cases, the contents of electronic documents is all that matters. The context file ะ they did, how they are, how they work, they have been changed or deleted ะ is not as important.
In other cases, contextual information, including the search for deleted files is essential and requires a scientific collection. This includes
* Ensure the legal authority to search data
* Documentation of the chain of custody
* Create a legal copy validated using the legal tools to hash files
* The use of repeatable processes to review and analyze data
* Create a scientific report results
Determine the value of the electronic collection of forensic files must first be made to all data recorded. Once the methods of semi-or non-judicial used, it is impossible to record back to their original state.
4. Backup tapes are part of a collection of assets?
Some cases may also historical, as the method of management of emergency equipment important to be treated immediately.
Most companies use a system of rotation of backup media. For example, a rotation of four weeks, daily backups are performed for a week and then tapes (or disks) are taken offsite for storage. A new set of media used for the second week, third and fourth, the three tapes are stored off site. In the fifth week, the tapes / discs of the first week of being reused. This process is done for financial reasons, because it is very profitable.
Backup tapes can be a part of the active information, which will be held in a case should be. This requires the cessation of all programs of rotation, and 2006 amendments to the FRCP are crucial for the legal team that transmit information on personnel responsible for process technology business continuity.
0 Response to "10 Critical Decisions for Successful E-discovery Part 1"
Post a Comment