What is ESI?

When referring to electronic discovery, ESI or electronically stored information, refers to all information stored in computers, or other digital storage devices. This includes any ESI found in email, voicemail, instant messages, online chats, word processing files, MP3 files, web pages, deleted files, cached files, internet stored “cookies,” text messages, electronically stored databases, metadata, digital images and any other digitally stored information.

According to the Federal Rules of Civil Procedure (FRCP), Electronically Stored Information is defined as information created, manipulated, communicated, stored and/or best utilized in digital format. In order for something to be considered ESI, it requires the use of computer hardware and software.

Electronically Stored Information is assessed through the e-discovery process. The information can be found stored on hard drives, thumb drives, computers, handheld devices, backup tapes, optical disks and other digital storage devices. The consequences of mismanaging ESI can be detrimental. Recovering ESI requires the use of professionals to identify, preserve, collect and produce the information in a legal action. Uncovered ESI will be used to develop a party’s case and can be used in pretrial motions, settlement discussions, and the trial itself.

As technology continues to dominate our world, it becomes even more critical to use electronically stored information during civil litigations.

What’s the difference between Digital Forensics and eDiscovery?

As society becomes more dependent on electronics, the need for electronic discovery and digital forensics in the courtroom becomes more essential. The two terms are often confused for being one and the same, however, there are clear definitions and restrictions to using either for acquiring electronically stored information (ESI).

First, it’s imperative to understand the difference between the two forms. Electronic discovery encompasses information that is readily available on the electronic device, known as active data, such as documents, emails and texts that have not been deleted. Digital forensics further explores data and metadata that isn’t readily accessible, such as information about how, when, and where the documents were created or stored, or information that someone has attempted to delete from the device.

When is electronic discovery needed?
Electronic discovery includes e-mail, electronic calendars, various forms of documents, databases, and metadata. However, during an investigation it is common to find that there isn’t enough information readily available because the information is kept in hidden folders within the hard drive, is deleted or corrupted, this is when digital forensics is used to perform a deeper investigation of the devices.

Why should we outsource or use an eDiscovery Managed Services (EMS) provider?

The nature of litigation is expensive, e-discovery is not excluded. Whether done by an in-house team or entirely outsourced, there will be additional costs incurred. For an in-house team, the process is disruptive to the daily routine, thus they may not be adequately prepared or have the right tools readily available for extracting, sorting and presenting the electronic discovery.

Using an e-Discovery Managed Service (EMS) provider, you avoid the expense of:

Purchasing new hardware
Purchasing costly processing and review software
Hiring personnel to manage the infrastructure
Ongoing costs of software updates and maintenance
Ongoing costs of upgrading hardware

What information is retrieved with a digital forensics analysis?

Automatically stored data – Computers will often perform automatic backups of data stored in the computer, sometimes the computer has a backup copy of a deleted file.

Deleted files – Even if deleted, files are often not destroyed until they have been overwritten.

Residual data – Fragments of deleted or overwritten files may have enough information to provide clarity on the files that are nonexistent.

System data – An electronic trail of activity on a computer or network, such as timelines of when information was created, accessed and deleted or what external devices were connected and when.

Wiping software detection – If wiping software has been used on a device it will be discovered through digital forensics.

External Devices – 99% of the time, we connect external devices, such as our phones, thumb-drives, external hard drives.  A digital forensic analysis can determine if and what was connected.

As with all discovery requests, it is necessary to have a compelling reason for more extensive electronic discovery. If you are unsure of the depth of research a particular matter will require, our team of experts is always available to further discuss the pertinent information that may be recovered through digital forensics and shine a light on the reasons applicable for submitting a discovery request for digital forensics.

What are some challenges of digital forensics?

Technology is constantly evolving, which makes digital forensics a quickly evolving and and changing industry. In addition to the changes in technology, users are utilizing an evergrowing number of devices including: smartphones, computers, tablets, the cloud, etc.

Technological shifts in data, resources and services make investigations more complex than they have ever been. This is a trend that won’t soon change. As forensic computer experts, we are constantly learning and and evolving the tools we use.

As digital forensic investigators, we use a wide range of techniques and  software to examine hidden folders, and unallocated disk space for copies of deleted, encrypted, or even damaged files. This includes exploring and analyzing multiple operating systems and devices, even on various cloud storage.

  • Keenability
  • Medical Expert Witness
  • McfarlandGouldLaw
  • Kapila Mukumal
  • STFBLaw
  • TrianaFence
  • Mark Wolin