A forensic collection is the acquisition and preservation of digital data. The collection is an integral part of the eDiscovery process, and collections can be full (bit-for-bit) or pointed to a subset of all data, depending on the case requirements. Once validated, a defensible collection workflow can be offered for one’s case. The collected electronically stored information (ESI) will then be culled, analyzed, and further validated, as needed. Now, the culled data-set(s) can be prepared for review, coding and production during litigation.
Where does the data come from?
The collection can be compiled from various sources. Anywhere that data can reside, data can be found. Data can be collected from devices such as but not limited to; servers, desktop computers, laptops, external hard drives, smart phones, and tablets. Additionally, cloud-based applications (e.g., social media, web-share platforms, and certain email) can be accessible by forensic professionals. Today, even deleted data can be recovered and made available for review and analysis.
How is data collected?
When litigation presents a need for the collection of ESI, there are a several different methods that can be exercised by a forensic professional.
- In-Person ESI Collection
This method involves an in-persona meeting with a forensic professional. The forensic professional will be able to acquire data from multiple sources, simultaneously, and immediately address any shifts in collection-scope. The client’s IT team will typically assist in mapping the data retention infrastructure prior to the acquisition taking place, in order to allow for a more seamless, efficient approach to the collection efforts.
- Self-Collection Kit
This method is becoming more common amongst forensic professionals and their clients. Like the in-persona approach, this method of collection can range from a specific pointed location of interest to an extensive, broad acquisition of all ESI available. This method is viewed favorably for its quick delivery, convenient hours of collection, and cost-effectiveness.
- Remote Data Collection
Similar to Self-Collection Kits but requires a secure remote internet connection to a designated server. This method must overcome the barriers of company security policies restricting such access, and typically requires more oversight and IT compliance than a self-guided kit.
Regardless of the method of collection one implements, all forms of forensic acquisition will produce comprehensive reports and details as to the data-management approach best suited for the matter. Typically, the forensic collection team will confer with the attorneys as to the findings, and how the recovered data should be treated, considering the scope, budget and exposure of the case at bar. Once data has been collected, data culling methods can resume in order to narrow the review set even more.
The Benefits of a Certified Computer Examiner
There are many advantages of contacting a Certified Computer Examiner (CCE). The data collection process can be overwhelming to some and, accordingly, should be conducted by trained professionals. These trained professionals use the latest forensic tools and procedures, as to avoid data-manipulation or spoliation. A CCE will be able to guide through the data and present an outline. Those who contact a CCE for their services should feel assured that they are moving forward in a legally defensible manner.
In order to have become certified, these professionals must have completed courses and have at least 18 months experience with collection tools. Every two years the professional must re-certify their certification.
As per The International Society of Forensic Computers, a CCE must “Provide a fair, vendor neutral, uncompromised process for certifying the competency of forensic computer examiners. ” This requirement will benefit any party looking for a CCE to validate information for their case.
A CCE will be able to draft reports in-line with their independent findings. As a result of the data acquisition efforts; such reporting will include details regarding the data sought, location(s) where data was stowed, method(s) of collection, findings as to the clients depicted scope and requirements, and the ability to defend such procedures at the trial or hearing (by the way of testimony, if necessary).
Preservation and Security
When it comes to the integrity and authentication of the collected data, a proper chain of collection/custody log will be established. The purpose of the log is to present documentation of how the data originated. The log will detail how the data came to be collected, the analysis of the data, and how the data was kept preserved until trial. The chain of collection/custody log will corroborate the authentication of the evidence, as any altercations to the data will need to be logged.
At LITeGATION we know the process of eDiscovery and how important it is to gather forensic collections. No matter what the platform or device, our Certified Computer Examiners (CCE) are prepared to help you develop a collection workflow, initiate the proper data-acquisition, and get you prepared for the analysis of you responsive data.
For forensic collections or any litigation support service, contact to us today for a free consultation.