1 / 21

E-Discovery for System Administrators

E-Discovery for System Administrators. Russell M. Shumway. Russell M. Shumway, CISSP russ@aerstone.com. Admin. I am not a lawyer This is not legal advice Interrupt me if you have questions IANAL. Our Goals Today. Understand the eDiscovery Process

iola
Download Presentation

E-Discovery for System Administrators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Discovery for System Administrators Russell M. Shumway

  2. Russell M. Shumway, CISSP russ@aerstone.com

  3. Admin • I am not a lawyer • This is not legal advice • Interrupt me if you have questions • IANAL

  4. Our Goals Today • Understand the eDiscovery Process • Identify Ways to Make the eDiscovery Process More Cost Effective and Efficient • Learn What you can do to Save Money and Reduce Burden in the Future • Learn how to avoid common pitfalls • Understand the need for cooperation between IT and counsel

  5. Discovery, generally • Discovery process provides opportunity to both parties in litigation to acquire information in support of its case • BUT – more than just litigation! Government subpoenas, CIDs, etc. • -Rules developed, historically, based on paper records Discovery: “the ascertainment of that which was previously unknown…[t]he pre-trial devices that can be used by one party to obtain facts and information from the other party in…preparation for trial.” - Black’s Law Dictionary

  6. E-Discovery • Courts struggled with how to handle electronic information, but (most) have become a lot more savvy and judges are more educated. • E-discovery has surpassed paper: • 95% of business records exist in electronic form • E-Discovery includes document metadata • When it was created or modified • When an email was sent and to whom

  7. Sanctions • Cost Shifting • Fines • Administrative actions • Ethical sanctions (e.g., disbarring) • Legal sanctions (contempt of court order) • Adverse inference • Directed verdict

  8. Let’s Talk the Same Language • Where might information hide? • Usually (not always!) in three “buckets” – network data, local data and email • Network (Home) Drives • Shared Network Drives • Desktops/Laptops • Mail servers • Databases • Other Helpful Terms • ESI • Native Format • Metadata • TIFF/PDF • Review Platform • Readily Accessible

  9. Discovery Process • Litigation (or investigation) is anticipated • Counsel issues litigation hold • Parties meet and confer • Data is extracted from various sources • Review • Responsiveness • Privilege • Confidentiality • Data is produced to opposing counsel • Repeat 3-6 as necessary

  10. Preservation • Litigation Hold • Identify potentially relevant custodians • Issue written litigation hold to all potential custodians • Interview key custodians to obtain information regarding data storage habits and to ensure compliance with legal hold • Figure out where the data resides • Understand backup and autodelete functions • Collect and preserve potentially relevant evidence

  11. Acquisition • Method may vary with custodian • Refer to custodian interviews so you know where to look • Photos on cell phone? Documents on iPod? Flash drives? • Self collect or outside consultant? • This will depend on nature of case, extent of discovery and your resources • Understand chain-of-custody requirements • Potential appearance of bias

  12. Pre-Processing for Review Attorney review is overwhelmingly the most expensive part of electronic discovery – more effective processing can reduce attorney review costs by focusing the relevancy of the review material • Keyword Searches • Consider agreeing on these with opposing counsel • Consider separate search for privileged documents • De-duplication? • Understand vendor’s method of de-duplication to ensure defensibility • Sampling? • Concept searching?

  13. Forensics and Discovery • Forensics process provides digital evidence based on digital media • May be used in litigation (criminal or civil) or administrative actions • Very strict procedures and processes help ensure repeatability Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis - Kruse & Heiser, Computer Forensics

  14. Convergence • Both eDiscovery and forensics involve the extraction of data from electronic media • Both must be repeatable • Both may involve personal testimony as to the process • Both may use the same or similar tools and techniques

  15. Divergence • Inaccessible files • Deleted data • Data location and/or context • Duplicate copies • Data format

  16. Concerns • Deleted files • Deleted • Overwritten • Recycle Bin • Deleted emails • Unallocated and slack space • Temporary files (web cache)

  17. Tools, general • Indexing search tools • May or may not include desktops • Typically handle common mail formats (Exchange) and common file formats • Typically do not handle proprietary formats or apps • Cost

  18. Email • Location (server, personal folders, cloud) • Format for extraction • Format for production • Attachments • De-Duplication • Native utilities (exmerge) • 3rd party tools (PowerControls) • Other utilities (dtSearch) • How to handle the cloud?

  19. Documents • Microsoft Office and similar • Easily viewed • Printable • Location • Format • Extraction • Native utilities (grep) • 3rd Party tools (indexing and non-indexing)

  20. Others • Databases • Canned or custom reports • Paper output • May require assistance and/or software • Custom applications • Paper output • May require assistance and/or software • Location • Native utilities (grep) • 3rd Party tools (indexing and non-indexing)

  21. Questions?

More Related