www.cloudninediscovery.com

Subscription Center

Sign up to receive eDiscovery Daily's articles via email or add the RSS feed to your newsreader of choice.

  • RSS Feed

Library

Browse eDiscovery Daily Blog

About the Bloggers

Brad Jenkins

Brad Jenkins, President and CEO of CloudNine Discovery, has over 20 years of experience leading customer focused companies in the litigation support arena. Brad has authored many articles on litigation support issues, and has spoken before national audiences on document management practices and solutions.

Doug Austin

Doug Austin, Professional Services Manager for CloudNine Discovery, has over 20 years experience providing legal technology consulting and technical project management services to numerous commercial and government clients. Doug has also authored several articles on eDiscovery best practices.

Jane Gennarelli

Jane Gennarelli is a principal of Magellan’s Law Corporation and has been assisting litigators in effectively handling discovery materials for over 30 years. She authored the company’s Best Practices in a Box™ content product and assists firms in applying technology to document handling tasks. She is a known expert and often does webinars and presentations for litigation support professionals around the country. Jane can be reached by email at jane@litigationbestpractices.com.

Litigation 101 for eDiscovery Tech Professionals: Properly Handling Evidence

January 23, 2013

By Jane Gennarelli

 

** This blog series is intended to introduce new eDiscovery professionals to the litigation process and litigation terminology. Click here, here, here, here, here, here, here, here, here, here, here, here and here to go to the first thirteen posts in the series.**

___________________________________________________

In the last couple of posts in this series we covered the first phases of the Electronic Discovery Reference Model – Information Management, Identification and Preservation – and we focused on these tasks from the perspective of the litigators. The next two phases – Collection and Processing – are technical in nature and typically not handled directly by attorneys (attorneys should, however, be involved in making decisions regarding how this work will be done and in monitoring the status of this work).

As a litigation technician, you probably handle these tasks.  Of course it’s important that you do this work “right” – that is, that you collect all the ESI that you are supposed to and that processing is done per agreed upon specifications. It is, however, equally important that you do this work in a way that preserves the integrity of the documents and that is defensible in court.

We’ve all seen courtroom dramas where law enforcement officers put on gloves before picking up a murder weapon, place it in a sealed bag, and sign it in to a locked and guarded evidence room. If the evidence needs to be removed form the evidence room before the trial (for example, for testing), it is signed out and records are maintained regarding its handling. These steps are all taken to preserve the integrity of the evidence and so that it can be demonstrated that the evidence has not been tampered with or altered. Documents need to be handled with equal care. You need to do your work in a way that precludes alteration, and you need to keep careful records so that the integrity of the documents can be demonstrated in court.  In practice, this means two things:

  1. You need to use tools and techniques that collect and process data in a forensically sound fashion.
  2. You need to maintain chain of custody records that document where ESI came from, who handled it, what was done with it, how it was done, when it was done, and what tools were used. These chain of custody records need to reflect all ESI activity throughout the discovery process.

This white paper includes a good explanation of handling electronic evidence and maintaining chain of custody records. 

In next week’s post, we’ll talk a bit more about some of the EDRM steps and how they fit into the bigger litigation picture.  Please let us know if there are specific litigation topics that you’d like to see covered in this blog series.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
http://www.cloudninediscovery.com/ondemand/free-software-trial.aspx

Comments

  • January 28, 2013 Jane Gennarelli

    Craig, thanks for the input.

  • January 23, 2013 Craig Ball

    I noted several mistakes in the whitepaper among much good advice. E.g., you don't hash the target drive when you complete a forensic image. Instead, you hash the appropriate components of the image set (if in, say, Encase .E01 format), or you hash the concatenanted images, if a raw dd-style image. Even with cloning of drives in the old days, you *never* hashed the target drive (because of potentially different drive geometries); instead, you hashed only the corresponding sector runs of the clone.

    Also, no one who understands hashing refers to hash values as "hash marks." Hash marks have nothing to do with digital digest authentication. I believe they are the little lines serving as yard markers alongside a football field.

What Do You Think?

Please comment on the above article.

Name (required)
Email Address (required, but won’t be published)
Web Address (optional) Remember My Information
TypeKey/TypePad Login (optional)