Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
e-Discovery
Agenda
• Computer Forensics Vs e-Discovery
• Case-studies
• Terminology
• EDRM ( Electronic Discovery Reference Model)
Speaker’s Profile
MALLA REDDY DONAPATI
Security Enthusiast, Forensicator and Trainer
M.Sc Information Security & Computer ...
e-Discovery
“ Electronic discovery (also called e-discovery or ediscovery) refers to any process in
which electronic data ...
Why e-Discovery ?
• 90 % documents created today are in electronic format
• 90 billion or above the number of business ema...
e-Discovery
• The primary focus of standard e-
discovery is the collection of active
data and metadata from multiple
hard ...
Bank of America fined $10 million, 2004
Following an investigation into trading by Bank of America and a former employee, ...
Terminology
• ESI (Electronically Stored Information)
• Custodian
• Harvesting
• De-duplication
• Metadata
• Spoliation
• ...
ESI – Electronically Stored Information
What forms ESI Take ?
• Text based - .doc .pdf .txt .wpd .xls .ppt .html
• Images - .bpm .gif .jpg .tiff
• Moving Images -...
Data and Metadata
• Data – content of an email or document
• Metadata – encompasses all the information about a document t...
EDRM
EDRM ..
• Identification
• Locating potential sources of ESI & determining it’s scope, breadth and depth
• Preservation
• ...
EDRM . .
• Processing
• Involves pre-processing to reduce large sets of collected ESI for further review, production
and s...
• Review
• Evaluating ESI for further relevance and
privilege with or without technology
assisted review platforms
EDRM. .
• Analysis
• Evaluating ESI for content, context including
patterns, topics people and discussion
• Production
• D...
Presentation
• Displaying ESI before audiences (at depositions,
hearings, trials, etc.), especially in native &
near-nativ...
Introduction to e-Discovery
Introduction to e-Discovery
Upcoming SlideShare
Loading in …5
×

Introduction to e-Discovery

1,301 views

Published on

This is a brief about e-discovery process

Published in: Data & Analytics
  • Be the first to comment

Introduction to e-Discovery

  1. 1. e-Discovery
  2. 2. Agenda • Computer Forensics Vs e-Discovery • Case-studies • Terminology • EDRM ( Electronic Discovery Reference Model)
  3. 3. Speaker’s Profile MALLA REDDY DONAPATI Security Enthusiast, Forensicator and Trainer M.Sc Information Security & Computer Forensics dmred1 http://infoseclabs.blogspot.in/
  4. 4. e-Discovery “ Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case” Data are identified as potentially relevant by attorneys and placed on legal hold. Evidence is then extracted and analyzed using digital forensic procedures, and is reviewed using a document review platform. Documents can be reviewed either as native files or after a conversion to PDF or TIFF form. A document review platform is useful for its ability to aggregate and search large quantities of ESI.
  5. 5. Why e-Discovery ? • 90 % documents created today are in electronic format • 90 billion or above the number of business emails sent and received each day • majority of information these days is electronic and can potentially be sought as evidence in a court of law • Additionally, with the sheer amount of data available and regulatory and legal compliance requirements continuing to evolve, organizations face new challenges when it comes to information retention and governance.
  6. 6. e-Discovery • The primary focus of standard e- discovery is the collection of active data and metadata from multiple hard drives and other storage media. Litigation can be supported by active data (information readily available to the user, such as e-mail, electronic calendars, word processing files, and databases), or by metadata (that which tells us about the document’s author, time of creation, source, and history) Computer Forensics • The goal of computer forensics is to conduct an autopsy of a computer hard drive – searching hidden folders and unallocated disk space to identify the who, what, where, when, and why from a computer. A significant amount of evidence is not readily accessible on a computer; when this occurs, a computer forensic examination is necessary
  7. 7. Bank of America fined $10 million, 2004 Following an investigation into trading by Bank of America and a former employee, the SEC (Securities and Exchange Commission) ordered Bank of America to pay a fine of $10 million after they “repeatedly failed to promptly furnish” email and gave “misinformation” Coleman Holdings v. Morgan Stanley, 2005 Morgan Stanley was ordered to pay over $800 million in damages when they repeatedly failed to produce emails in a timely manner. The judge in this case stated that “efforts to hide its emails” were evidence of “guilt”.
  8. 8. Terminology • ESI (Electronically Stored Information) • Custodian • Harvesting • De-duplication • Metadata • Spoliation • Legal Hold • Document Retention Policy
  9. 9. ESI – Electronically Stored Information
  10. 10. What forms ESI Take ? • Text based - .doc .pdf .txt .wpd .xls .ppt .html • Images - .bpm .gif .jpg .tiff • Moving Images - .avi .mov .flv .mpeg .swf .wmv • Sound - .au .mp3 .mp4 .ra .wav .wma • Web Archive - .ar .mhtml .warc • Email - .pst .ost .msg .dbx .eml .mht
  11. 11. Data and Metadata • Data – content of an email or document • Metadata – encompasses all the information about a document that is not visible to the user • ESI Created • ESI modified • Custodian • To, From, CC, BCC • Date & Time email was sent • Subject • Date or Time received
  12. 12. EDRM
  13. 13. EDRM .. • Identification • Locating potential sources of ESI & determining it’s scope, breadth and depth • Preservation • Ensuring that ESI is protected against inappropriate alteration & destruction • Collection • Acquisition of ESI from computers, servers, etc. for further processing and reviewing it for anticipated litigation or government investigation
  14. 14. EDRM . . • Processing • Involves pre-processing to reduce large sets of collected ESI for further review, production and subsequent use • DNISTing • De-duplication (removing duplicate ESI) • Filtering by key word • Data or metadata extraction • Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis. • Review • Evaluating ESI for further relevance and privilege
  15. 15. • Review • Evaluating ESI for further relevance and privilege with or without technology assisted review platforms
  16. 16. EDRM. . • Analysis • Evaluating ESI for content, context including patterns, topics people and discussion • Production • Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms
  17. 17. Presentation • Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.

×