Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1508143
21 I L T A N E T . O R G D ata collection plays a pivotal role in the fast-evolving field of legal IT. This article aims to provide technical legal IT professionals with a deep understanding of the critical differences between eDiscovery and digital forensic data collection methodologies. By unraveling these distinctions, professionals can make informed decisions, develop robust strategies and protect client interests in the face of evolving discovery challenges. eDiscovery Data Collection: Techniques and Considerations Electronic discovery refers to the process of identifying, preserving, collecting, reviewing and producing electronically stored information in legal proceedings. Key factors in eDiscovery data collection include ensuring data integrity and authenticity, collecting data from diverse sources and formats, considering metadata and chain of custody and leveraging advanced techniques such as data sampling, keyword searching and filtering. Collaboration between technical professionals and attorneys is crucial to maintain compliance and develop effective data collection strategies. This is why a standard eDiscovery data collection commonly refers to a more informal (but well-documented) process of gathering and preserving ESI in a legally defensible manner. It involves identifying and extracting your potentially relevant data from various sources while ensuring data integrity and maintaining a documented chain of custody. This eDiscovery data collection method is typically executed by either internal IT staff familiar with the process of exporting from the various data sources or specialized eDiscovery service providers. These professionals must have the technical expertise and knowledge to perform data collection tasks effectively. Attorneys often collaborate closely with these individuals to develop a data collection strategy and provide guidance throughout the process, ensuring compliance with legal requirements and maximizing the relevance and admissibility of the collected data, as standards will vary when using this option. Digital Forensic Data Collection: Techniques and Considerations Digital forensics, however, involves the more formal process of preservation, extraction, analysis and presentation of digital evidence in a more highly regulated manner suitable for legal proceedings. In the realm of legal IT professionals, digital forensics extends beyond eDiscovery by focusing on forensic investigation and analysis techniques. In digital forensic data collection, the emphasis is on preserving evidence for investigation and litigation purposes, often with an added focus on cybersecurity incidents and breaches. Attorneys must ensure the integrity and authenticity of the evidence by employing techniques such as forensic imaging, which creates an exact replica of the storage media. Both volatile and nonvolatile data sources must be acquired, including data stored in computer memory (RAM). Techniques such as physical acquisition and forensic imaging capture data in a forensically sound manner. Live forensics and memory analysis techniques enable real-time assessment of running systems, while mobile device and cloud forensics address the unique challenges posed by these specific types of data sources. Comparing the Differences Understanding the differences between the data collection methodologies of eDiscovery and digital forensics is crucial for technical legal IT professionals working in eDiscovery. These methodologies diverge in several key 21 I L T A N E T . O R G