E-Disclosure & Digital Forensics

e-disclosure and digital forensics go hand-in-hand. All e-disclosure exercises should be underpinned by digital forensics principles.

E-disclosure and digital forensics go hand-in-hand. All e-disclosure exercises should be underpinned by digital forensics principles.

If you do not adopt a forensically sound approach from the start, it is possible that crucial data could be overlooked or compromised during the e-disclosure process. It is not uncommon for metadata to be pivotal to a legal case, so protecting this through forensically sound capture, handling and processing is vital to the success of the exercise.

Forensic collection means taking an exact copy of a hard drive, server or other device at disk level, which includes metadata, and can even include deleted data, without altering any of the original data in the process. A key aspect of digital forensic collection is that it can be proven that the image is an exact copy of the original data. A non-forensic data collection can alter and corrupt the data being collected – especially the metadata – which reduces defensibility in court and makes a subsequent forensic collection ineffective.

By collecting data forensically, you can guarantee its defensibility in court; however, there is more to it than that. Forensic data collection also ensures that the maximum amount of information is extracted, meaning that collection, which can be a costly exercise, is as efficient as possible and will not need to be repeated.

Analytic skills in digital forensics are immediately applicable to e-disclosure. On cases of a highly sensitive nature – particularly cases involving allegations of impropriety or dishonesty, a covert approach is required. Using digital forensic tools, collections can be undertaken remotely without alerting individual custodians to the exercises and minimising business disruption.

Digital forensics approach:

Full chain of custody – data is tracked and logged through each phase of the e-disclosure process, from collection through to production, with fully documented and traceable processes

Maximum amount of information can be extracted – including metadata, and encrypted, password-protected and deleted data

Fully defensible

Robust collection – efficient collection that does not need to be repeated

Digital forensics methodologies and processes need to be embedded within the business

Paul Bromby is the author of this article on computer forensics. Find more information, about computer forensics here

License: You have permission to republish this article in any format, even commercially, but you must keep all links intact. Attribution required.