Introduction to e-Discovery
MallaReddyDonapati
3,013 views
19 slides
Mar 02, 2016
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
This is a brief about e-discovery process
Slide Content
e-Discovery
Agenda Computer Forensics Vs e-Discovery Case-studies Terminology EDRM ( Electronic Discovery Reference Model)
Speaker’s Profile MALLA REDDY DONAPATI Security Enthusiast, Forensicator and Trainer M.Sc Information Security & Computer Forensics dmred1 http ://infoseclabs.blogspot.in/
e-Discovery “ Electronic discovery (also called e-discovery or ediscovery ) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case” Data are identified as potentially relevant by attorneys and placed on legal hold. Evidence is then extracted and analyzed using digital forensic procedures, and is reviewed using a document review platform. Documents can be reviewed either as native files or after a conversion to PDF or TIFF form . A document review platform is useful for its ability to aggregate and search large quantities of ESI.
Why e-Discovery ? 90 % documents created today are in electronic format 90 billion or above the number of business emails sent and received each day majority of information these days is electronic and can potentially be sought as evidence in a court of law Additionally, with the sheer amount of data available and regulatory and legal compliance requirements continuing to evolve, organizations face new challenges when it comes to information retention and governance.
e-Discovery The primary focus of standard e-discovery is the collection of active data and metadata from multiple hard drives and other storage media. Litigation can be supported by active data (information readily available to the user, such as e-mail, electronic calendars, word processing files, and databases), or by metadata (that which tells us about the document’s author, time of creation, source, and history) Computer Forensics The goal of computer forensics is to conduct an autopsy of a computer hard drive – searching hidden folders and unallocated disk space to identify the who, what, where, when, and why from a computer. A significant amount of evidence is not readily accessible on a computer; when this occurs, a computer forensic examination is necessary
Bank of America fined $10 million, 2004 Following an investigation into trading by Bank of America and a former employee, the SEC (Securities and Exchange Commission) ordered Bank of America to pay a fine of $10 million after they “repeatedly failed to promptly furnish” email and gave “misinformation ” Coleman Holdings v. Morgan Stanley, 2005 Morgan Stanley was ordered to pay over $800 million in damages when they repeatedly failed to produce emails in a timely manner. The judge in this case stated that “efforts to hide its emails” were evidence of “guilt”.
Terminology ESI (Electronically Stored Information ) Custodian Harvesting De-duplication Metadata Spoliation Legal Hold Document Retention Policy
ESI – Electronically Stored Information
What forms ESI Take ? Text based - .doc . pdf .txt . wpd . xls . ppt .html Images - . bpm .gif .jpg .tiff Moving Images - . avi . mov . flv .mpeg . swf . wmv Sound - .au .mp3 .mp4 . ra .wav .wma Web Archive - . ar . mhtml . warc Email - . pst . ost . msg . dbx . eml . mht
Data and Metadata Data – content of an email or document Metadata – encompasses all the information about a document that is not visible to the user ESI Created ESI modified Custodian To, From, CC, BCC Date & Time email was sent Subject Date or Time received
EDRM
EDRM .. Identification Locating potential sources of ESI & determining it’s scope, breadth and depth Preservation Ensuring that ESI is protected against inappropriate alteration & destruction Collection Acquisition of ESI from computers, servers, etc. for further processing and reviewing it for anticipated litigation or government investigation
EDRM . . Processing Involves pre-processing to reduce large sets of collected ESI for further review, production and subsequent use DNISTing De-duplication (removing duplicate ESI) Filtering by key word Data or metadata extraction Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis. Review Evaluating ESI for further relevance and privilege
Review Evaluating ESI for further relevance and privilege with or without technology assisted review platforms
EDRM. . Analysis Evaluating ESI for content, context including patterns, topics people and discussion Production Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms
Presentation Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,013
- Slides 19
- Favorites 7
- Age 3562 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views