eDiscovery Vs Digital Forensics: Which Does Your Law Firm Need?

12 July 2020 by Ross eDiscovery digital-forensics

Takeaway: eDiscovery assumes that the data you need is easily accessible. And while there’s a lot of complicated technology behind the scenes, eDiscovery software is easy enough for anyone to use. In contrast, digital forensics focuses on data that isn’t easily accessible (e.g., it’s been deleted or tampered with). So, you need to be a specialist with extensive training and niche software. Although your law firm probably won’t need to use digital forensics, it will need eDiscovery software that can protect important file metadata.

eDiscovery is a relatively straightforward (but challenging) process based on a concept that attorneys have been using for decades.

As businesses went digital over the last few decades, so did traditional ‘discovery.’ When building a case, attorneys used to review bankers boxes full of paper documents. But now, most of these documents are electronic (emails, PDFs, etc.), sitting in terabytes’ worth of storage space, on multiple servers and hard-drives. Obviously, this changed the workflow of ‘discovery.’ But the basic concept remains the same. I.e., you’re building a defensible case by finding and sifting through oceans of data, to find the evidence you need.

a) eDiscovery assumes the data you want is easy to access and focuses on what you do after getting hold of it.

The Electronic Data Review Model (EDRM) outlines the major eDiscovery steps. And it adds a significant technology component to traditional ‘discovery’.

  1. Identify the data you’ll need. Electronically Stored Information (ESI) – i.e., Word documents, PDFs, emails, etc. – usually sits on a custodian’s computer, your clients’ server, or in the Cloud. You’ll need to find it, decide how much of it you need to collect, and how you’re going to collect it.
  2. Make sure the data is preserved. This means stopping your clients from their regular data deletion protocol if they have one. And making sure the data isn’t altered – either by mistake or on purpose.
  3. Upload the data to into your eDiscovery software. The software then processes the files and flag duplicates and unusable formats.
  4. Review, tag and redact the data. You’re weeding out irrelevant files and organizing the relevant ones. And you’ll search the relevant ones for keywords, topics, people, and email exchanges. You might even do a technology-assisted review (TAR).
  5. Produce the data. That is, choose the final documents you’ll be presenting, order them, and convert them into a common format.

b) eDiscovery relies a lot on technology, but even the most technologically-challenged attorney can use modern eDiscovery software.

Cloud technology transformed eDiscovery. Nowadays, the best software is intuitive and easy to use. For example, you’ll be able to:

  1. Sign up in minutes: Just go to your provider’s website, choose your plan, and sign up in minutes. (See an example)
  2. Use it like email. Go to the website, sign in with your username and password, and you’re good to go. It’s like checking email. And you won’t need to download anything.
  3. Move files around like in Windows. To upload files, just drag-and-drop them into your internet browser.
  4. Search as you do with Google. Type in keywords into the application’s search bar. And you’ll get all the files and emails with your keywords. Learn more about searching.
  5. Share ‘productions’ from within the software, instead of downloading and mailing/emailing them. It’s safe, cost-effective, and easier to track. Learn more about sharing productions.

eDiscovery assumes the data is easy to access. Digital forensics, in contrast, focuses on hidden data.

With eDiscovery, you’re asking custodians to hand over their data. With digital forensics, you’re digging a little deeper. You’re autopsying hard drives and electronic devices, looking for hidden folders and deleted data. Digital forensics is used in civil litigation, criminal prosecutions, fraud investigations, and employment cases. And digital forensic experts are brought in when you can’t find evidence that should be there but isn’t. For example, a client archives their files but crucial data is missing from those archives. Or, a custodian knows that a batch of files were on her computer last year, but have since been deleted.

a) Only specialists can do digital forensics because it’s a highly technical process.

You’ve got to know where to look, how to look, and which niche tools to use. For example, you might need ‘data carving’ to reassemble a file from raw data fragments – perfect for when your hard drive crashes, but not something you were taught in law school. With eDiscovery, though, we’ve seen how the technology is complicated but the software is easy to use.

b) Digital forensics is less about using the evidence than it is about finding it.

For example, a digital forensic expert is more preoccupied with:

  • Using specialized tools to locate hard-to-get data from email servers, laptops, mobile devices, network shares, etc. This might include emails, search histories, phone logs, GPS locations, and so on. Remember, an iPhone, Kindle, and Android all have different hardware, so digital forensic experts need to have a repertoire of techniques to get at the data they’re looking for.
  • Mastering advanced extraction. They might extract data using JTAG (Joint Test Action Group) – i.e., connecting special wires to a port on a mobile device and transferring raw data off it onto their memory chip. If that doesn’t work they might use ‘chip-off’ forensics – a more invasive procedure where they remove the entire memory chip from the device and work on it separately.
  • Reconstructing data. They’ll need to piece together data from crashed hard drives, broken mobile phones, damaged memory sticks, and legacy backup tapes.

Your law firm may not need digital forensics, but you’ll need to know the basics of preserving data for eDiscovery.

Each of your files has hidden data that you’ll need for eDiscovery.

When you create a document on your computer, the app you’re using (e.g. Microsoft Word) records a whole bunch of information about it. Things like who created it, when they created it, when it was last opened, etc. This ‘data about data’ (i.e., metadata) is a digital footprint which tracks the history of the document. There are hundreds of different types of metadata. Some of them are easy to find–e.g. the author of a document, how much time was spent editing the document, and where it’s stored. And some of them are hard to find unless you have technical skills–e.g. the history of all edits to a document.

This hidden metadata can help win cases.

For example, your client says she was home at 8 PM. So, you check the metadata of a text message she sent and it confirms that she sent the message at 8:05 PM. And it’s even logged the phone’s GPS location at the time she sent the message. So, you can use this metadata to prove your client’s whereabouts.

But metadata is fragile and can easily be damaged. So, you’ll need to find eDiscovery software that can preserve it.

It’s quite easy to change metadata by mistake. For example, you’ll change the ‘last accessed’ metadata date if you open a file, copy a file to another computer, or forward an email. In fact, you can modify hundreds of files just by booting up a computer that has evidence on it. This can be a problem if you’re trying to prove when someone last accessed a privileged document. Luckily, most good eDiscovery software can keep your metadata safe. (Learn more about metadata.)

Looking for eDiscovery software that preserves metadata? Try GoldFynch.

It’s a tried and tested eDiscovery application that prioritizes things that matter to small and midsize law firms. That’s why:

  • It costs just $10 a month for a 1 GB case: That’s $25 less–every month–than the nearest comparable software. And hundreds of dollars less than many others. With GoldFynch, you know what you’re paying for exactly – its pricing is simple and readily available on the website.
  • It’s easy to budget for. GoldFynch has a flat, prorated rate. With legacy software, your bill changes depending on how much data you use.
  • It takes just minutes to get going. It runs in the Cloud, so you use it through your web browser (Google Chrome recommended). No installation. No sales calls or emails. Plus, you get a free, fully-functional trial case (0.5 GB of data and processing cap of 1 GB), without adding a credit card.
  • It can handle even the largest cases. GoldFynch scales from small to large, since it’s in the Cloud. So, choose from a range of case sizes (1 GB to 100 GB, and more) and don’t waste money on space you don’t need.
  • You can access it from anywhere. And 24/7. All your files are backed up and secure in the Cloud. And you can monitor its servers here.
  • You won’t have to worry about technical stuff. It’s designed, developed and run by the same team. So, its technical support isn’t outsourced. Which means you get prompt and reliable service.

Want to learn more about GoldFynch?