Showing posts with label Data Collection. Show all posts
Showing posts with label Data Collection. Show all posts

Announcing an Industry-first Integration between EnCase eDiscovery and Box for Defensible Cloud Collection

Box is the enterprise cloud content management platform of choice   


All of us on the EnCase eDiscovery team are excited to announce a new integration between EnCase® eDiscovery and Box, the enterprise cloud content management platform used by 97% of the Fortune 500. Enterprise IT teams have come to rely on Box for cloud storage capabilities that map to their information governance policies and processes. This makes Box the perfect choice for this industry-first integration with our complete e-discovery product, an integration that will let legal teams securely search, collect, and preserve electronically stored information (ESI) located on Box from within EnCase eDiscovery just as easily as with on-premise data.

Now Collect and Preserve Information Managed in Box as Readily as On-Premises Data

Whitney Bouck, the senior vice president and general manager of enterprise at Box, has said that many of their enterprise customers reside within highly regulated industries, so they need a way to meet e-discovery and compliance requirements in a way that does not compromise efficiency and user experience. This makes Box and EnCase eDiscovery ideally suited to offer IT and legal teams a scalable, reliable, and secure way to gain visibility of content stored in Box, to manage access to that content, and to control retention and dispensation.

Data Privacy, Cross-Border E-Discovery, and the Hybrid Solution

Chris Kruse

You could call the United States the epicenter of litigation. It’s an unfortunate, but inescapable, reality that our markets and business cultures drive a preponderance of international business litigation, so much so that we’re the world leader by a mile. The challenge for European and Asian corporations lies in the fact that many have U.S. headquarters or do business with companies here, which is when e-discovery becomes complex due to their national, local, or other pertinent data-privacy laws.

There are dramatic variations in data-privacy laws and requirements across countries, domains, and jurisdictions. For example, in Germany the requirements for collecting employee e-mail and electronic documents within one company may be completely different than those for the company next door, as those requirements are determined by each corporation’s works council.

Digital DNA Strikes Again in Civil Discovery

John Blumenschein

A recent article written by attorney Mark A. Berman in Law Technology News, entitled Recent Decisions Focus on Duty to Preserve ESI and Metadata, highlights the important role that metadata can play in civil discovery. He focused on a series of recent New York State decisions that dealt with these issues, and one particular case he referenced, Alfano v. LC Main, LLC, 2013 N.Y. Misc. LEXIS 1046 (N.Y. Sup. Ct. Mar. 18, 2013), involved an EnCE®-certified computer examiner named Michael Nelson, who used EnCase® Forensic in his tool set to help establish that the metadata associated with a digital photograph submitted by the plaintiff had not been taken at the time of the event at issue in the matter.

This action was commenced to recover damages for personal injuries allegedly sustained by the plaintiff when he slipped and fell on ice on a construction site owned by the defendant. The plaintiffs submitted photographs of the accident scene taken several days after the accident, which they claimed depicted the area where the accident occurred and the snow and ice conditions as they existed at the time of the accident.

E-Discovery Gone Wrong: The Blooper Reel





Five years after the changes to the Federal Rules of Civil Procedure (FRCP) our professions should have worked out the kinks in collecting, processing, culling, reviewing, and producing electronically stored information (ESI). 

And yet, most haven’t. ESI is still being created in the main through the use of Microsoft Word and Outlook for written communications. Social networking and smartphones and tablets are complicating matters, but they’re not yet primary sources of discoverable ESI.

Virtualization and cloud computing are adding to the complexity of the enterprise technology environment. While that contributes to e-discovery challenges, it doesn’t justify most of the issues being presented by litigants. The main problems lie elsewhere. 

Here’s a collection of key takeaways from recent cases involving e-discovery errors.

Judge Schiendlin Re-Affirms Dangers of Self-Collection in Opinion

United States District Court Judge Shira A. Scheindlin (author of the Zubulake (2004) and Pension Committee (2010) decisions) has issued another seminal e-discovery opinion in the saga that is National Day Laborer Organizing Network et al. v. United States Immigration and Customs Enforcement Agency, et al. 2012 U.S. Dist. Lexis 97863 (SDNY, July 13, 2012). This marks her fifth decision in the case. The last time we discussed the NDLON case was in the context of metadata and Freedom of Information Act (FOIA) requests [i.e., metadata contained in responsive electronically stored information is producible in FOIA requests (opinion withdrawn)].

The July 13, 2012 opinion still centers on FOIA requests; however, the issue this time around focuses on the effectiveness of the defendants’ searches for relevant ESI in response to the plaintiffs’ request. 

The main take-away from this opinion is Judge Scheindlin’s harsh criticism of custodian self-collection, which is how many of the defendant agencies in this matter conducted their searches and collections.

The Time Is Now for Organizations to Take a Holistic Approach to E-Discovery

Guidance Software

Too often companies reinvent the wheel when dealing with e-discovery for each case. When one claim arises and then subsequently when similar claims arise, they conduct the similar, but often slightly different processes all over again, separately. Conducting e-discovery just once can be time-consuming and costly enough. But doing it inconsistently and separately each time gives way to a myriad of inefficiencies and risks. Change is difficult, but it is time for organizations to modify their processes for e-discovery and take a more holistic approach to handling all their matters.

Many organizations perform left-side e-discovery functions (legal hold, collection, preservation) with on-premise software and then outsource right-side functions (analysis, review and production) to a service provider. Outsourcing these functions can make sense due to the need for expert resources not on the in-house team, as well as meeting staffing capacity needs through the peaks and valleys of an organization’s litigation docket. One of the key problems with outsourcing, even today with service provider bills going direct and not through the law firm, is the lack of transparency. You can’t manage what you can’t measure. So to alleviate this problem, many organizations are using a secure, hosted review platform while still leveraging outside platform management and expert e-discovery staff. This provides the best of both worlds . . . the staff and expertise that you get from outsourcing with the transparency and oversight to measure and manage your overall e-discovery business process. It’s tip number one in the recent Inside Counsel article “5 tips for using the cloud to conduct e-discovery”.

Another Lesson from Delta Airlines – The Need For Evidence Re-Use And A Single Instance ESI Repository To Harmonize Productions Across Different Law Firms And Cases

Daniel Lim

A few months ago, we blogged on the In re Delta / AirTran Baggage Fee Antitrust Litigation, --F. Supp. 2d--, 2012 WL 360509 (N.D. Ga. Feb. 3, 2012) as to the issue of the failure to have a defensible process for making sure that all of your collected evidence gets put into your review / processing platform. I recently reviewed the opinion again and noticed a second important lesson from the case --- the need to harmonize your productions across different cases and law firms.

The shoe that dropped in the Delta Airlines case was that after making repeated assurances to the Court that counsel for defendants had produced all relevant documents for the bag-fee case, 60,000 pages of documents surfaced from a separate DOJ investigation against the defendant that were relevant and had not been produced in the baggage-fee case. Upon investigation by defendant as to why the documents had not surfaced for the case, defendant explained that the documents were collected and reviewed in the DOJ investigation by a law firm that was not involved in the baggage fee case. In other words, the defendant had a classic case of the right-hand law firm not knowing what the left-hand law firm was doing. The Court described the oversight as a “huge hole” in the defendant’s electronic discovery process and granted plaintiffs’ motion for sanctions, including the costs of extending the discovery period for the newly-produced documents.

Law firms working with blinders on and focused on the particular case at hand is nothing new. It is an institutional factor endemic to the litigation process. Each case stands or falls on its own merits. Accordingly, ESI routinely is collected, processed, and reviewed on a case-by-case basis, without little or no view into what has been done for other cases.

Guidance’s EnCase eDiscovery provides two ways to mitigate such risks. First, our on-premises software provides Collected Data Re-Use, which allows the search of previously collected evidence containers across multiple cases for evidence that, as in the Delta case, was collected for a different matter but was relevant to the case at hand. Second, CaseCentral’s single instance repository provides a highly-efficient method to reduce ESI across multiple cases to its lowest common denominator (e.g., de-duping files and only storing a single copy), and to keep track of different matters for which the ESI is relevant.

In the Delta case, the combination of these solutions would have allowed the defendant to (1) search across individually collected evidence files from other cases and determine if such evidence was relevant to its baggage-fee case and (2) store only a single-instance of the files in its evidence repository and manage the same evidence across multiple cases.

Of course, the primary lesson about having a solution that enables a defensible process for tracking evidence from collection through review remains. The case illustrates that having a defensible process is more than just about hashing files or having secure evidence containers --- it is about having the right solution end-to-end that is focused on actual litigation work-flow needs beyond review and archiving.

E-discovery in the Cloud, A New Approach to In-house E-discovery

Guidance Software Organizations are adopting cloud computing at an exponential rate. Projections for the cloud computing market show a jump from $37.8 billion in 2010 to $121.1 billion in 2015, according to marketsandmarkets.com . Even if your organization hasn't migrated to an Internet-based environment, you've likely heard about technology that facilitates the storage and retrieval of electronic information, collaboration among custodians and cost-effective scaling of web-based applications.

When it comes to e-discovery the question is no longer whether the cloud should be used. The question is what components of the e-discovery process are most usefully deployed in the cloud and which components work best behind the firewall to help an organization solve their e-discovery challenges. To date, in-house e-discovery often meant the purchase, installation, use and maintenance of e-discovery software for various e-discovery tasks.

Instead of making an either-or decision, organizations should leverage the strengths of their internal resources and the cloud to meet their overall e-discovery needs. A practical approach is to use internal capabilities on-premise for e-discovery functions that occur near the data and use the benefits of the cloud for geographically dispersed resources in multiple geographic locations both inside and outside the organization. With this approach, e-discovery functions such as legal hold, collection, preservation, and processing, that typically occur near the data are performed inside the firewall and early case assessment, review and production are performed in the cloud, maximizing the efficiency and effectiveness of these delivery models. Separating e-discovery functions is not absolute, many organizations will decide in certain cases that processing and early case assessment is best done on-premise and for other cases in the cloud depending upon the specific needs of a given situation.

Of course, as with any technology decision, the business problem and/or litigation profile should be analyzed first; understanding the combination of cases, users, data volumes and future projections is important. Organizations should look for a solution that not only enables a repeatable, defensible process that is scalable from small to large matters, but one that also enables them to deploy the technology in a manner that best meets their needs (on-premise, in the cloud or hybrid of both).

There is no question that cloud computing offers organizations significant benefits for e- discovery, including faster deployment, increased storage flexibility, increased access to data and reduced infrastructure costs. However, for e-discovery you don’t have to make an either-or decision. The technology is available today to enable your organization to achieve its business objectives by deploying a hybrid approach with some e-discovery functions on-premise and some in the cloud.

Learn more about e-discovery in the cloud and the new approach to in-house e-discovery:

Watch Guidance Software's webinar Migrating to the Cloud, Read the Blueprint for Cloud-Based eDiscovery or Discover the benefits of controlling on-premise e-discovery processes.

2012 Legal Tech EDI Dinner - The Social Side of E-Discovery

Patrick Burke

Yes, Legal Tech New York 2012 is all about innovation, expertise, and, at times, competition. But one of the nicest aspects of the e-discovery industry is that it has maintained a culture that encourages a sense of camaraderie and, frankly, a sense of humor. Case in point – the E-Discovery Institute’s (http://www.ediscoveryinstitute.org/) annual dinner at Legal Tech, held this year at Lidia Bastianich’s famed Becco on Restaurant Row in NYC. The event was kicked off by an in-person greeting from Lidia Bastianich herself – who declared “Tonight, no e-discovery!” Of course neither delicious food nor wine could keep this voluble group from talking a bunch of shop.

The E-Discovery Institute – brainchild of Patrick Oot and Anne Kershaw – is a non-profit research and educational organization dedicated to identification of effective legal technologies and processes and teaching lawyers and judges about their use. No wonder so many judges were among the revelers: US Magistrate Judges Andrew Peck, David Waxse, Frank Maas, and Jay Francis. Look one way and you find yourself talking to some of the very best law firm practitioners including John Rosenthal of Winston Strawn, Amor Esteban of Shook Hardy, Anthony Diana of Mayer Brown, Maura Grossman of Wachtel Lipton and Jay Brudz of Williams Mullen as well as e-discovery gurus such as Ashish Prasad, George Rudoy and Chris Dale. Turn another way and you’re meeting many of the very best in-house e-discovery practitioners including Anthony Knappen of Chevron (co-author of an excellent white paper on Data Breach & Cybersecurity distributed at the dinner), Christian Zeunert of Swiss Re, Glenn O’Brien of Liberty Mutual, Farrah Pepper of GE, Andrew Drake of Nationwide, Dawson Horn of Tyco and Jennifer Hamilton of John Deere and two score others.

Congratulations to the E-Discovery Institute on bringing together such an esteemed collection of e-discovery thought leaders for an evening of camaraderie and good cheer.

When it Comes to Collection, the OS is Not Your Friend

Victor Limongelli

Heading into 2011, the trend of organizations bringing in-house the data collection and preservation aspects of the EDRM, at least, is expected to continue. As you evaluate collection and preservation systems, however, it is critically important to keep in mind the impact of the operating system (“OS”), such as Windows, OS X, Linux, etc., on the performance and usability of your collection system. Many collection approaches try to use a “quick-and-dirty” approach of relying on the applicable OS to find and collect data. This approach has two overwhelmingly negative consequences.

First, there are a set of cases – such as IP theft, fraud, or employee disputes involving allegations of discrimination or harassment – in which hidden or “forensics” data is critically important. Collection systems that rely on the OS can “see” only what the OS presents to it, so this critical evidence can be missed entirely. Because of this, for an entire set of sensitive cases, collection systems that rely on the OS simply cannot be used. When deploying a system to handle your data collection and preservation needs, why would you go with a system that handles only some of your cases?

Second, and perhaps even more damning, collection systems that rely entirely on the OS (and File System) are much more disruptive to your business. To see why, let’s walk through a simple example. Let’s imagine a case with 50 custodians, all of whom have email (in the form of .PST files) stored locally on the laptops and desktops. Of the 50 custodians, five are senior executives (CEO, CFO, et al), and another 25 are salespeople, who use email to communicate with potential customers, as well as internally. The case is time sensitive, so collection needs to happen quickly. The company determines that, given the nature of the dispute (including the time period involved), it should preserve all of the email of the custodians. It kicks off its collection at 8:30 AM on a Tuesday morning. Oh no! It turns out all 50 custodians have Microsoft Outlook open on their laptops and desktops. Collection systems that rely on the OS and File System cannot collect files – such as .PSTs – unless and until they are not being used by other applications; in other words, the OS has “locked” the file. In order to collect these PSTs, the employees tasked with completing the collection would have to contact each and every custodian and have them log out of Outlook – taking the salespeople offline and disrupting the CEO’s and CFO’s day – so that the OS could be used to collect the email. Do you want to make that phone call (or, if you wanted to be ironic, send that email)? Perhaps you can imagine doing that once, for one case . . . but each and every time a collection needs to occur? Isn’t the Legal department trying not to harm the business?

As you look to deploy a collection and preservation system in 2011, by all means look for a system that can reach multiple data sources and handle common data formats, and one that enables easy, check-the-box creation of the collection criteria. And if you want a system that handles all of your cases, without disrupting your executives, your employees, or your business, beware the OS!

Victor Limongelli is president and chief executive officer of Guidance Software.

Finally, the Ability to Reuse Collected Data

Guidance Software The legal department has undergone dramatic change since the beginning of the 21st century. No longer do in-house counsel litigate first and ask questions about the bill later. The litigation lifecycle is viewed as a business process, one that in-house counsel are expected to oversee. And a significant portion of this oversight is devoted to reigning in costs and increasing efficiencies in order to maximize the return on legal spend. This new responsibility has given way to certain innovations in the litigation process.

One such new innovation has the potential to drastically alter the legal landscape. Too often companies that find themselves involved in related lawsuits must reinvent the wheel when litigating each case. When one claim arises, in-house counsel must identify, preserve and collect potentially responsive electronically stored information (ESI). Then when similar claims arise, they must conduct this process all over again. Conducting this e-discovery cycle just once can be time-consuming and costly enough. But doing it repeatedly gives way to a myriad of inefficiencies. Instead, there is a new method known as collected data reuse.

Collected data reuse capitalizes on the work product generated from previous data collections that arise from similar claims that involve identical custodians. By preserving the work product of a previous e-discovery cycle and reusing it in another case, an organization can save thousands in collection costs. Additionally, legal and IT personnel can save themselves days in time-consuming labor, thus freeing them up to work on other aspects of the case. Additionally, the risk of spoliation and threat of sanctions goes way down, because you can confidently assert that you have searched all of the potentially relevant data in your possession, custody, or control.

Recognizing this need, Guidance Software has rolled out a new feature within its EnCase® eDiscovery solution that enables collected data reuse. Now, e-discovery practitioners can automate searches of previously collected evidence each time a new matter arises with the new Collected Data Re-Use feature.

For example, imagine your organization is involved in a patent infringement case regarding a product that you produce. Your legal department will go through the typical motions to identify relevant custodians and data stores and to preserve, collect and process potentially responsive ESI. Now, imagine that a few months later a separate patent infringement claim arises with a different company regarding the same product. The odds are you will be identifying and collecting much of the same information from many of the same custodians and data stores as you did in the initial patent infringement case. Rather than repeating the entire e-discovery process, you can simply collect information from new custodians and data stores as well as newly created information from old custodians and data stores. Therefore, a significant portion of your production can come from the previous matter, thus saving your organization a tremendous amount in time and money.

With its ability to maximize efficiencies while reducing expenses and risk, Collected Data Re-Use is positioned to become the next e-discovery "must have." And no solution but EnCase® offers this powerful functionality.

Watch the Only with EnCase® video to learn more about Collected Data Re-Use and other features available only with EnCase® technology.



Russ Gould is director of product marketing at Guidance Software.

Top-Notch E-Discovery Event at Amelia Island

Daniel Lim

Just returned from the Legal Technology Leadership Summit, which was held at Amelia Island, Florida last week. Having gone to a myriad of e-discovery conferences in the past, I must say that this conference rated as one of the best. Patrick Oot and Anne Kershaw from the eDiscovery Institute put together a first-rate event, with an elite group of speakers and attendees. It had a “just right” feel of not having too much noise, but all of the key people and thought leaders dealing with legal and technology issues. Attendees ranged from judges, attorneys from major corporations and law firms, as well as key technology providers.

Of particular interest was a lunch presentation on ESI Over-Preservation, where attorneys with the Lawyers for Civil Justice discussed their efforts to put forth changes to the FRCP to refine preservation duties. While I can’t discuss the substance of what was shared in this candid discussion, suffice it to say that over-preservation of ESI remains a pressing issue.

Thanks to the eDiscovery Institute, Above the Law, and ASDFED for putting on a great, and MEANINGFUL event.

How E-Discovery Skills Can Improve Job Growth

Guidance Software Now more than ever, it is critical for attorneys to prove they are hirable and indispensable. One way to do this is to acquire desirable, cutting-edge skills that will put them ahead of the competition. As e-discovery has become a common component of many matters, e-discovery skills have quickly become a hot commodity in the legal sector. Many large law firms have established special e-discovery practices. Some of these may be headed up by a single attorney, while other larger practices are composed of a small team of lawyers. Meanwhile, as corporate legal departments continue to in-source much of the e-discovery process, they are in search of technologically savvy corporate attorneys who can manage their internal e-discovery practices. In addition, an entire cottage industry of e-discovery consultancies, technology vendors and contract attorney agencies have arisen over the last five years, creating even more career avenues for knowledgeable attorneys.

So where does a lawyer acquire this knowledge? Conferences and one-off seminars that offer CLE credit can be helpful, but rarely do you get the kind of in-depth training that is required to qualify for one of these e-discovery positions. Instead, you will want to search for programs that provide you with more in-depth training and certification.

For instance, Guidance Software offers a range of training and certification programs that can help give you a boost along your career path. The certification courses train professionals on elements of computer forensics and e-discovery through the use of EnCase® solutions from Guidance Software, which are widely employed across the legal industry. Course options include the EnCase® eDiscovery v4, which educates individuals on how to efficiently gather and process electronic data using the latest version of EnCase eDiscovery. By completing a certain number of courses, professionals can acquire EnCase® eDiscovery Practitioner certification (EnCEP®). Learn how an e-discovery litigation attorney in Chicago bolstered his skills with EnCEP®.

There is also a separate training track that concentrates specifically on computer forensics called EnCase® Certified Examiner certification (EnCE®). The completion of this program acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase during complex computer examinations, which frequently play a role in corporate litigation and internal investigations.

Learn more about EnCE® and EnCEP®. Learn more about the leaders in e-discovery software in a report from a leading industry analyst firm.

EnCase eDiscovery 4.2 Makes Electronic Discovery Easier for Enterprises

Guidance Software EnCase® eDiscovery delivers all of the speed, scalability and ease of use that organizations expect from an e-discovery solution
EnCase® eDiscovery version 4.2 software includes more than a dozen enhancements that give corporate e-discovery teams more control and automation over their enterprise deployments combined with a new user interface to make e-discovery collection and processing even easier.

The software made its debut at the Computer Enterprise Investigation Conference (CEIC) in Orlando, Florida last month.

New “check-the-box” wizard provides improved ease of use

In version 4.2, the company has a new “check-the-box” collection and processing “wizard” to help quickly specify what electronically stored information (ESI) should be collected and/or processed. These capabilities help e-discovery teams to set up repeatable processes that are the linchpin to defensible e-discovery efforts.



New easy-to-use collection and processing interface


Improved automation and workflow
New automation features include load balancing, and the ability to build workflows, which enables better prioritization and fast processing across global enterprise infrastructures. The new features are added to a platform that is well known in the industry as the gold-standard for collection and processing strength, and an architecture that offers unlimited scalability and usage, which means enterprises can take on large cases without having to upgrade the product or purchase additional licenses.

Support for Microsoft Office 365
Adding to its long time Microsoft Office Exchange and SharePoint collection capabilities, EnCase® eDiscovery now supports Microsoft Office 365. Support enables the collection of electronically stored information (ESI) from Microsoft Office Exchange and SharePoint in the cloud. This new feature is important for those organizations that are transitioning to the cloud.

Guidance Software was also recently named a Leader in the first Gartner Magic Quadrant for E-Discovery which assesses 24 vendors on their ability to execute and completeness of vision in the e-discovery market. To download the full report click here: Gartner Magic Quadrant for E-Discovery.

“Enterprise e-discovery solutions increasingly must handle multiple digital investigation scenarios – not just legal cases – as well as supporting organizational goals without disrupting business, delivering collection and preservation strength that stands up in court, and providing scalable data capacity,” said Katey Wood, analyst for Enterprise Strategy Group.

EnCase® eDiscovery is a comprehensive enterprise e-discovery solution that includes legal hold, pre-collection analytics, collection, preservation, processing, analysis and first pass review. It is based on the company’s judicially accepted forensic technology.

Take control of e-discovery with a single, unified solution
EnCase® eDiscovery enables customers to take control of their e-discovery in a single unified solution that manages everything from legal hold through first-pass review, preserves metadata, only collects relevant files, and is scalable across large global networks with unique pre-collection analytics as well as analysis and first-pass review at any point in the process – all backed by expert services from Guidance Software that provide industry standard best practices, training, and certifications (EnCE® and EnCEP®).

EnCase® eDiscovery version 4.2 is available now.

Russ Gould is director of product marketing at Guidance Software.


EnCase®, EnCE®, EnCEP®, EnScript®, FastBloc®, Guidance Software™ and Tableau™ are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners.

Forward Looking Statements

This news release contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Investors are cautioned that forward-looking statements in this release involve risks and uncertainties that could cause actual results to differ materially from current expectations. There can be no assurance that demand for the Guidance Software's products will continue at current or greater levels, or that the Company will continue to grow revenues, or be profitable. There are also risks that the Guidance Software's pursuit of providing network security and eDiscovery technology might not be successful, or that if successful, it will not materially enhance the Guidance Software's financial performance; that the Company could fail to retain key employees; that changes in customer requirements and other general economic and political uncertainties could impact the Guidance Software's relationship with its customers; and that delays in product development, competitive pressures or technical difficulties could impact timely delivery of next-generation products; and other risks and uncertainties that are described from time to time in Guidance Software's periodic reports and registration statements filed with the Securities and Exchange Commission. The Company specifically disclaims any responsibility for updating these forward-looking statements.


New Georgetown E-Discovery Training Academy Featuring EnCase “Crossed The Bridge…I’ve Never Seen Anything Like This” Says Judge Facciola

Patrick Burke It is difficult to overestimate the impact of last week’s ambitious week-long Georgetown eDiscovery Training Academy (see my earlier blog post for more details.)

Some are calling it a turning point in e-discovery training. US Magistrate Judge John Facciola (D.D.C.), a member of the all-star faculty, believes it may have changed the paradigm for future e-discovery training for the bench and bar. “We of the faculty,” said Judge Facciola, “think this conference crossed the bridge. I for one can’t go back to superficial lectures any more. I’ve never seen anything like this. It’s been a terribly exciting experience for me.”

What was different about the academy? E-discovery technology received an equal amount of attention as legal issues. This meant that discussions of realistic case scenarios were layered with realistic understandable technical details. The first three days of the Academy were dominated by detailed technical training, primarily by Craig Ball, assisted by Guidance Software’s David Neal and Andy Spruill. Each attendee received a copy of Guidance Software’s EnCase® Forensic software, which was used by the faculty to explore the characteristics of Electronically Stored Information and how it can be found and preserved.

On the legal side, topics were explored in thorough and entertaining detail by e-discovery legends including Judge Facciola, Chief Judge Paul Grimm (D. Md.), Michael Arkfeld (whose excellent treatise served as the basis for legal reading), Tom O’Connor, Maura Grossman, and Jason Baron. The Academy culminated in mock 26(f) meet-and-confer sessions conducted by teams of attendees, each observed and critiqued by Judges Facciola and Grimm. In a final session, Judges Grimm and Facciola faced off for an epic (and hilarious) evidentiary hearing in which Paul Doyle served admirably as the technical expert.

The buzz is that Georgetown Law’s Larry Center – who produced the program – has hit on an exceptionally smart program that provides a well-balanced view of e-discovery technical and legal challenges. Discussions are sure to follow on how this program might be expanded and offered to a broader audience.

New Georgetown Law E-Discovery Training Academy Provides Training on Best Practices, Forensics and the Use of Forensic Software

Patrick Burke On Monday June 6, 2011, the Georgetown University Law Center launched its ground-breaking week-long eDiscovery Training Academy. The Academy combines training for lawyers and litigation support professionals on e-discovery legal concepts and hands-on training in forensics and technical concepts important to accomplishing e-discovery tasks. The innovative program was sold-out and had to turn potential attendees away. Guidance Software donated copies of EnCase® Forensic software for each Academy attendee for use during the week.

The program kicked off with instruction by the renowned lawyer-technologist Craig Ball, explaining local computing systems and applications. His training included both conceptual teaching and hands-on data manipulation using EnCase® Forensic software (which was provided free of charge to all attendees). Guidance Software trainer David Neal followed up with enterprise IT architecture including networks, servers, backup systems and the Internet. The day closed out with a roundtable discussion moderated by US Magistrate Judge John Facciola.

The five-day intensive program also features US Magistrate Judge Paul Grimm, Michael Arkfeld (Arkfeld & Associates LLC), Jason Baron (National Archives & Records Administration), Maura Grossman (Wachtel,Lipton, Rosen & Katz), Tom O’Connor (Gulf Coast Legal Technology Center), and Larry Center (Georgetown CLE).

The Academy wraps up on Friday, June 10th with Judges Grimm and Facciola conducting a mock 26(f) conference with Andy Spruill (Guidance Software), and a closing session on the “lurking dangers of admitting ESI” with Michael Arkfeld.

CEIC 2011 Roundup: Attend. Cultivate. Grow.

Guidance Software Those who attended the eleventh annual Computer and Enterprise Investigations Conference (CEIC), May 15–18, 2011, at the Loews Royal Pacific Resort at Universal Orlando, certainly had plenty to cultivate and much to think about to help them grow in their e-discovery and IT investigative work. And, the sun was out!

Record-breaking attendance, once again!

More than 1,300 people were on hand this year. Attendees had a choice of more than 110 learning sessions led by computer forensics, e-discovery, cybersecurity, and enterprise investigations experts. Many also took the opportunity to take a track dedicated to EnCase® Forensic v7. As an added bonus, EnCase® Certified Examiner (EnCE®) and EnCase Certified eDiscovery Practitioner (EnCEP®) exams were offered to qualified attendees at no additional cost.

A big week for e-discovery

The legal and IT community charged with electronic discovery had a busy week during CEIC. The market saw two acquisitions, a leading analyst firm published new research about the e-discovery space, and last but not least, sessions at CEIC highlighted key e-discovery trends and best practices.

The Guidance Software e-discovery legal team covered some of the show’s most interesting e-discovery sessions and discussions on their e-discovery insights blog. Some of the highlights include: Craig Ball's “Nerdy Things Lawyers Need To Know About Computer Forensics and a Few Nerdy Things Forensics People Need to Know About the Law,new critical e-discovery case law updates, common misconceptions of early case assessment, and perspectives from Dell, Best Buy and Nationwide on real-world e-discovery scenarios.

Additional e-discovery blog posts from CEIC:

-- Judges Focus on E-Discovery Challenges

-- Navigating International E-Discovery Challenges With Guidance From Multi-National Experts 

-- Testing, Sampling and Quality Control – Keys to Success in E-discovery

-- E-Discovery and Cloud Computing: Still More Questions Than Answers

-- E-Discovery Ethics Issues Apply to More Than Attorneys

-- Hiding Your Head in the Sand is not the Right Way to Conduct an Internal Investigation

The Keynote: Eric O’Neill

Keynoting at the show was Eric O’Neill, subject of the 2007 film “Breach” for his undercover role in the capture of Robert Phillip Hanssen, one of the most notorious spies in U.S. history. IT security publication CSOonline covered the O'Neill CEIC keynote, where O”Neill noted the importance of forensics in the apprehension of Hanssen, especially mobile forensics:

"The forensic analysis of a Palm Pilot played a crucial role in the apprehension of Hanssen, as it detailed the location and time of his next drop to the Russians. And the explosion of electronic devices has become crucial to fighting both the spying of nations and of corporate espionage. "Spies previously had to first photocopy or photograph the material they wanted, then make arrangements for drops and payments," O'Neill said. "Today they just capture it on their phone and email it to anywhere in the world."


The keynote theme certainly proved on-message for the conference, which included dozens of sessions and hands-on lab training about mobile forensics analysis and mobile malware threats. James Doyle, who presented his Hot Topics Lecture on Corporate Investigations in the Electronics Era said that the proliferation of mobile devices has made investigations much more difficult. "With so many different kinds of devices, and the average person using more devices than before, it certainly makes investigations more challenging that in the past," he said. "Mobile forensics is crucial because that's where more people are processing their data," he said.

Another big theme this year, as many might expect, was cloud computing. As more users turn to cloud-based storage and applications, there will be more cloud security and privacy concerns arise, said Joshua Gilliland, who presented his talk Oceania Rising: The Collision of Technology & Privacy. "The proliferation of cloud computing, social media, smart phones are all having a profound impact on e-discovery and personal privacy," Gilliland said. "These aren't things that are going to be easily resolved," he said.

That's for certain – and neither are the challenges in e-discovery, digital forensics, and cybersecurity. The ever increasing use of electronic devices and services are going to demand investigators and security professionals be smarter about how they investigate and protect for years to come.

Speaking of years to come: next year's CEIC will be at the Red Rock Resort in Summerlin, Nevada, May 21 to 24. See you there!

Follow CEIC on Twitter and Facebook.

CEIC 2011: Judges Focus on E-Discovery Challenges

Patrick Burke The CEIC Panel on “Judicial Perspectives on E-Discovery” featured US Magistrate Judge David Waxse (D. Kansas), Chief Judge Donald Shelton, Washtenaw Trial Court (Ann Arbor, Michigan) and retired US Magistrate Judge Ronald Hedges (D. New Jersey). CEIC attendees were treated to the judges’ views on which recent cases deserve attention from in-house e-discovery lawyers, the challenges of social media and the cloud, the effective use of Federal Rules of Evidence 502, and the development of electronic discovery law in state courts. Attendees also had an opportunity to pose questions and get answers directly from thought-leading judges.

A few tidbits from the judges’ comments:

-- “Everyone who must produce documents say its burdensome. But the standard for relief isn't burdensomeness; it’s when its unduly burdensome," Judge Hedges

-- “The best solution to most e-discovery disputes is to put the IT people from the two sides together to work out a solution, rather than fight about it," Judge Waxse

-- “Half the states have substantially adopted FRCP 26. But 'substantially' varies," Judge Shelton

-- “Everyone’s always talking about the benefits of moving to the cloud. We haven’t yet seen the burdens. We don’t know what the real costs of cloud computing are," Judge Hedges

Craig Ball Leads Off CEIC Programs with Pre-Conference Workshop For Lawyers and Techies

Patrick Burke Craig Ball, one of the world’s leading attorney forensic experts, led off CEIC 2011’s educational panels were launched with a sweeping presentation entitled “Nerdy Things Lawyers Need To Know About Computer Forensics and a Few Nerdy Things Forensics People Need to Know About the Law.”

Employing his renowned ability to translate between lawyers and technologists, Ball covered a broad swath of e-discovery issues ranging from the many ways data hides on computer systems, why forensics is important and what it can uncover that can aids legal strategies, the importance of metadata and defensible, smart and cost-effective strategies for preservation and production of electronically stored information (ESI) in litigations.

Ball’s two-and-a-half hour computer forensics tour-de-force included scores of nuggets surprising to most in the room, including the following “did you knows?”:

-- that iPads capture screenshots and log keystrokes that can often be retrieved months or years later?

-- that even when one deletes images from their computer, the images are often preserved in “thumbs.db” that preserve the thumbnail versions of pictures.

-- that de-NISTing, which is meant to screen out known irrelevant computer program applications, do not reflect Windows 7 or Office 2010 applications (used by some 350 million users worldwide).

-- that the decision to TIFF ESI can cause the size of documents to increase to 18 times their original volume which can vastly inflate hosting and production costs.

Can you in-house e-discovery processing?

Guidance Software Most of e-discovery used to be outsourced to law firms and vendors. Over the past several years, surveys have shown consistent growth in the number of organizations that choose to bring parts of the e-discovery process in-house. By in-sourcing e-discovery, companies can manage the process like most business functions. The organization can hand-select skilled employees to assume ownership, and these employees, in turn, can hone a reliable, consistent and defensible e-discovery strategy that can be replicated for each matter. This kind of control and predictability mitigates risk and reduces costs.

However, to say that many companies have brought e-discovery in-house is somewhat of a misrepresentation of the facts. It's true that a large number of organizations — more than half, according to studies — have moved to in-source certain steps of the e-discovery process. Yet, there is still one area that in-house counsel continues to outsource more often than not — processing.

According to a recent survey of in-house counsel, more than 50 percent of companies have devised some sort process for collecting electronically stored information, issuing legal holds, and a significant number of businesses also have brought analysis and first-pass review in-house as well. However, only a small fraction have actually attempted to in-source processing.

Processing certainly is one of the more misunderstood components of e-discovery. You can easily surmise what collection and review entail even if you're an e-discovery rookie. Processing, on the other hand, is vague. Many see it as the magic black box of the e-discovery assembly line. Clumps of data go in one side and come out the other end neatly refined and repackaged.

But the truth is processing doesn't have to be a daunting and mysterious task. In fact, with the right set of tools, any e-discovery team can in-source data processing. The reduction of data and the cost reduction achieved at the review stage can benefit these organizations.

At its core, processing is when extraneous data is siphoned out of a collection. The remaining potentially responsive data can then be sorted and sent down the e-discovery workflow to be analyzed and reviewed. Extraneous information can mean a number of things. It may be e-mail duplicates, or it may mean data that falls outside a specific date range. What data is and is not relevant will depend on the specifics of the case and the discovery request.

A product like EnCase® eDiscovery from Guidance Software demonstrates how in-sourcing processing can be a reality. The software provides users with the ability to sort data using a variety of criteria, including keywords, date ranges and file types. Plus its intuitive graphical interface makes it easily navigable for non-tech users.

As e-discovery continues to become just another business function, more companies are going to realize the benefits of in-sourcing the process. Although bringing litigation hold requests, collection and preservation is a start, it certainly is not the end for many organizations. As in-house counsel become informed about the tools available to them, other e-discovery functions, including processing, will be moved in-house.

Learn how EnCase® eDiscovery can help you with data processing.

Learn more about EnCase® eDiscovery.

Russ Gould is director of product marketing at Guidance Software.