E-discovery forensics at CEIC 2010 part 2

Continuing on our dive into forensics for e-discovery, today we cover more on the reasons for using it in practice, as well as highlights from CEIC 2010. . .

Now that we’ve examined the technology involved, one question remains: do you need forensically-defensible collection for e-discovery?  The answer is: not necessarily. Many lawsuits do not require this depth or scope of data collection (such as collecting from RAM), particularly civil cases.  And for general defensibility purposes, courts do not expect perfection.  The goal is a reasonable, good-faith effort to accurately preserve data and metadata with a repeatable, documented process  – one you can testify to in court if necessary.

Why use a forensic approach at all?  To the layman, forensics can sound hard and even scary, as well as potentially expensive and time-consuming – some vendors even refer to it as “the F word.”

Well, at this point you should consult a lawyer or expert – the goal is that you never have to use it.  But here are some good reasons to at least educate yourself about it:

1) Forensics has impressive capabilities, and the technology is cool – a.k.a. “the CSI defense.”  E-discovery is not just paper-based discovery on a computer.  The “paper trail” is now digital, and it’s important to know about this technology’s potential for the legal field, as well as the risks involved.  Like the fact that your deleted files are not really gone.

2) Forensic evidence is critical in trying some cases where the “smoking gun” isn’t just buried in a terabyte of text and document-level metadata – criminal matters, or trade secret or insider trading cases where you might have to dig through ‘track changes’ or reconstruct an IM history from RAM to see who knew what, and when.  E-discovery requires a tool box, and forensics can be an important one of those tools.

3) Targeted collection has its own benefits as an approach to e-discovery collection.  Forensics vendors argue that existing enterprise search tools are only as thorough and current as their latest index.  Likewise, preemptively storing data in a repository like an archive, ECM or Records Management system promises easier retrieval, but is not practical for all organizations and all types or volumes of data.

4) Last but not least: court defensibility (if done reputably by a qualified person with appropriate tools – this is not legal advice in any form).

I will leave it to the experts to flesh out the rest of the forensics story (or take issue with my cribbed-notes version in the comments), but a few show highlights from CEIC:

Exhibitors: As this was a tech show, I’ll lead with the tech.  While CEIC is unquestionably Guidance’s party, there was plenty of co-opetition on the exhibition floor from forensics rivals AccessData and Nuix, e-discovery appliance vendor Clearwell Systems, the now-integrated EMC SourceOne-Kazeon, and growing forensic consultancy D4, which showcased review tool partner kCura’s new Relativity 6 release.  451 subscribers can read about Guidance’s EnCase E-discovery V. 4 here, EMC’s new SourceOne for SharePoint here, a report on kCura here, and look forward to an imminent update on Clearwell 5.5, plus new coverage of AccessData and Nuix.

I recommend checking out the demos if you have the chance.  It’s interesting to see how technology evolves to make different active and dynamic data types accessible, both for collection (SharePoint is a big problem here – EMC, FTI and Nuix all debuted tools for it recently) and for attorney review.  For example, kCura’s latest release has a pivot table feature for attorneys to drill into large amounts of structured data like text messages intelligibly, as you would in Excel.

All-star cast:  CEIC ‘s 2010  e-discovery track featured some marquis panels on judicial opinions, international privacy regulations, advanced search and retrieval, and case law updates.  Many presenters are also on Guidance’s Advisory Board (which was meeting during the conference), so they actually stuck around after their sessions and gave attendees the chance to monopolize their attention at lunch and happy hour.  UK e-disclosure expert Chris Dale has a good run-down on the judges, which included Hon. Judge Peck, Judge Donald Shelton and Senior Master Steven Whitaker from the UK.  Also present: EDRM founders George Socha and Tom Gelbmann, the oft-cited Craig Ball, Browning Marean of DLA Piper, and of course Melissa Hathaway, former presidential Cyber-security Czar and worthy successor to last year’s keynoter Leonard Nimoy.

Browning gave a plug for Recommind‘s Axcelerate and Equivio Relevance‘s predictive coding capabilities for review during the search and retrieval panel, which thrilled me as a text analysis and search enthusiast.  451 subscribers can read more on these tools in our past coverage, or the recent long-form e-discovery report.

Users:  There really are no seat-fillers at CEIC; attendees are not just there for a Vegas getaway with continuing education credit.  Everyone I met was a practitioner and formidable techie, many from large companies and government organizations with high-volume litigation or internal investigations.

My conversations with them confirmed for me that e-discovery is still a case of “one size fits all nobody.”  When I asked about their go-to forensic brands, some users told me that each vendor’s tool has strengths, and ideally you should have access to and knowledge of several (if you can justify the purchase to accounting).  Some also use multiple “end-to-end” e-discovery platforms to suit their litigation requirements and cross-functional business processes.

One final thought to wrap this up.  The “e-discovery toolbox” analogy I keep beating to death is stolen extrapolated from George Socha’s advice on search methods: As in any project, you need to know your materials and understand what tools are best for the job.  Each has strengths in particular circumstances or scenarios, and with certain data types, locations and volumes.  It depends on your requirements and what results you’re looking for.