Best Practices for Streamlining Digital Investigations



Similar documents
Best Practices for Streamlining Digital Investigations

Clearwell Legal ediscovery Solution

Early Case Assessment in ediscovery

Symantec ediscovery Platform, powered by Clearwell

Streamlining Government Investigations

Veritas ediscovery Platform

Predictive Coding Defensibility and the Transparent Predictive Coding Workflow

Symantec Enterprise Vault E-Discovery Connectors

The ediscovery How-To Guide:

Symantec Enterprise Vault for Microsoft Exchange

Early Case Assessment in Electronic Discovery

Symantec Enterprise Vault for Microsoft Exchange

Data Sheet: Archiving Symantec Enterprise Vault Discovery Accelerator Accelerate e-discovery and simplify review

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Veritas Enterprise Vault.cloud for Microsoft Office 365

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Symantec Enterprise Vault Discovery.cloud

The ediscovery Balancing Act

the e-discovery how-to Guide page : 1 The E-Discovery Practical Recommendations for Streamlining Corporate E-Discovery A Clearwell White Paper

IBM ediscovery Identification and Collection

Symantec Enterprise Vault for Microsoft Exchange Server

archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies.

Capstone Compliance Using Symantec Archiving and ediscovery Solutions

Enhancing Document Review Efficiency with OmniX

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

E- Discovery in Criminal Law

CASE STUDY: Top 5 Communications Company Evaluates Leading ediscovery Solutions

Only 1% of that data has preservation requirements Only 5% has regulatory requirements Only 34% is active and useful

The Clearwell ediscovery Platform

IBM Unstructured Data Identification and Management

Viewpoint ediscovery Services

Are you ready for more efficient and effective ways to manage discovery?

Symantec Document Retention and Discovery Symantec Enterprise Vault Symantec Enterprise Vault Discovery Accelerator

Predictive Coding Defensibility and the Transparent Predictive Coding Workflow

The Business Case for ECA

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

Archiving and ediscovery: Real World ROI from Hard Cost Savings

Symantec Protection Suite Add-On for Hosted and Web Security

Optimizing the Data Center for Today s State & Local Government

Veritas AdvisorMail. archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies

Symantec Enterprise Vault.cloud Overview

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments

Renowned Law Firm Reduces Cost and Risk by Moving from Legacy Software to AccessData E-Discovery Suite

Considering Third Generation ediscovery? Two Approaches for Evaluating ediscovery Offerings

W H I T E P A P E R. Symantec Enterprise Vault and Exchange Server November 2011

Enterprise Vault Whitepaper

Microsoft Office 365 Migrations with Symantec Enterprise Vault.cloud

e-disclosure Take the driver s seat

2972 NW 60 th Street, Fort Lauderdale, Florida Tel Fax

Litigation Solutions insightful interactive culling distributed ediscovery processing powering digital review

The Summation Users Guide to Digital WarRoom It s time for a fresh approach to e-discovery.

Symantec NetBackup 7.5 What s New and Version Comparison Matrix

Director, Value Engineering

Sample Electronic Discovery Request for Proposal

Enterprise Vault 11 Feature Briefing

Optimizing the Data Center for Today s Federal Government

Cyber Security Services: Data Loss Prevention Monitoring Overview

Litigation Solutions. insightful interactive culling. distributed ediscovery processing. powering digital review

AccessData Corporation. No More Load Files. Integrating AD ediscovery and Summation to Eliminate Moving Data Between Litigation Support Products

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

A Radicati Group Webconference

Intelligent Information Management: Archive & ediscovery

Veritas Enterprise Vault for Microsoft Exchange Server

Symantec Clearwell and Enterprise Vault EOOC Eating Our Own Cooking Initiative in ediscovery Enables Symantec to Save US$13 Million over Seven Years

One Easily Avoidable Pitfall in Your ediscovery and Compliance Strategy


For Your ediscovery... Software

Global Headquarters: 5 Speen Street Framingham, MA USA P F

exobase Discovery Review Platform

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Making reviews more consistent and efficient.

Capstone Compliance Using Symantec Archiving and ediscovery Solutions

Early Data Assessment. Product Summary. Processing. Review

LexisNexis Equivio Integrated Solution. Eliminate Data Redundancy in Litigation Review

Symantec Enterprise Vault for Lotus Domino

Whitepaper: Enterprise Vault Discovery Accelerator and Clearwell A Comparison August 2012

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

How To Monitor Your Entire It Environment

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

Integration of E-Discovery and FOIA

EnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network.

Symantec ServiceDesk 7.1

Enterprise Vault Whitepaper Move Archive Feature Overview

Cost-Effective and Defensible Technology Assisted Review

Unified ediscovery Platform White DISCOVERY, LLC

Securing Your Software for the Mobile Application Market

Archiving with Enterprise Vault Bruno Ritter

Symantec Enterprise Vault.cloud Overview

Data Protection. Administrator Guide

Altiris Server Management Suite 7.1 from Symantec

Symantec NetBackup 7.5 for VMware

Taking the Leap to Virtualization

Cloud, Appliance, or Software? How to Decide Which Backup Solution Is Best for Your Small or Midsize Organization.

Understanding the Value of Symantec Managed Enterprise Vault

e-discovery Solutions and Services

INFORMATION PROTECTED

Transcription:

WHITE PAPER: BEST PRACTICES FOR STREAMLINING DIGITAL INVESTIGATIONS Best Practices for Streamlining Digital Investigations

Best Practices for Streamlining Digital Investigations Contents Key Challenges Facing Digital Investigations Today.................. 1 Limitations of the Traditional Investigations Process................. 1 Step 1: Collect Data 1 Step 2: Audit and Filter Collection 2 Step 3: Search and Analyze Data 2 Step 4: Deliver Data 3 Corporate Best Practices for Streamlining Digital Investigations.......... 3 Step 1: Collect Data 4 Step 2: Audit and Filter Collection 4 Step 3: Search and Analysis 5 Step 4: Deliver Data 6 Summary............................................ 7

Key Challenges Facing Digital Investigations Today Corporate investigators are increasingly challenged to perform more investigations in less time as they face greater demands from inside and outside the enterprise. Overall, businesses expect a 40% increase in the number of disputes they will face in the coming year. 1 From inside the enterprise, investigations related to HR issues, suspected fraud, and suspicious activity continue to strain resources. External forces such as changes in the regulatory environment, updated mandates for Sarbanes- Oxley, and the Department of Justice are fueling regulatory inquiries. For example, in 2009, there were 120 Foreign Corrupt Practices Act-(FCPA) related investigations, compared with 38 two years ago. 2 With the increasingly pervasive use of email and electronic documents in all forms of business communication and activities, the amount of electronically stored information involved in an investigation is greater than ever before. From 2007 to 2011, businesses experienced a 10-fold increase in digital data growth, with 80 percent of that growth attributable to unstructured data. 3 Over 60 billion emailsare sent daily throughout the world, and 90% of all documents generated today are electronic. 4 Further, deadlines are increasingly aggressive and cost control remains a pressing concern. Investigators are under mounting pressure to rapidly find the key facts of an investigation so the appropriate course of action can be taken. While workloads are increasing, cost constraints are forcing investigators to make do with their existing resources, meaning they simply have to do more with less. As a result of these challenges, investigators are taking a closer look at their existing workflows and searching for ways to immediately get to the heart of their investigations in a simple, efficient way. Realizing that their existing methods don t enable them to meet tomorrow s challenges, investigators are seeking new technologies that help streamline their workflows and enable them to rapidly convert mountains of data into actionable information critical to their investigations. Limitations of the Traditional Investigations Process Investigations conducted today using traditional technologies and workflows generally require a high degree of manual intervention, repetition, and brute-force, increasing the duration of an investigation and the risk of errors. Below is an example of a typical workflow applied to an investigation. Step 1: Collect Data Documents from custodians involved in the investigation are collected and preserved as evidence. Since business records are contained within multiple data servers, companies must use a variety of standalone tools (i.e., Microsoft Outlook, Guidance EnCase, AccessData Forensic Toolkit ) to collect data from multiple data sources. These tools typically have arcane interfaces that are slow and cumbersome to use. In addition, 1 Fulbright & Jaworski, 6th Annual Litigation Trends Survey Report, 2009 2 Gibson, Dunn & Crutcher LLP, 2009 Mid-Year FCPA Update, July 2009 3 Channel Web, XChange 2010: IBM Counts On Software As Key Digital Future, March 2010 4 Sally Kane, ediscovery Explosion: ediscovery Growth and Challenges 1

container files usually need to be extracted to loose files and manually exported from one tool to another prior to processing, contributing to workflow inefficiencies and errors. Step 2: Audit and Filter Collection Collected data is filtered by custodian, date range and file type. Key stages typically include the following: De-NIST data to remove non-user generated files irrelevant to the investigation Apply basic filters (i.e., date range and file type) to focus the scope of the investigation Data is generally not de-duplicated across the disparate data sources nor are files extracted from their container files until indexing. Consequently, investigators lack an immediate sense of the volume of data they are dealing with and how many resources they will need for the investigation. Step 3: Search and Analyze Data Simple keyword searches and analyses are conducted using different tools that offer only limited search capabilities and have not been designed specifically for investigators. In general, investigators: Search for relevant data for each custodian within one application and then must repeat the same search in each of the other applications. The inability to search and analyze data across all custodians at once forces investigators to repeat their tasks across data sets and analyze the same documents multiple times. Re-run searches time and again. This may be because of limited application functionality (i.e., previous searches couldn t be saved and used for subsequent searches) or because incremental new data has been added to the investigation, (i.e., naming of additional custodians or expansion of date ranges). Either way, the result is the creation of unnecessary workflow redundancies. Waste time sifting through thousands of mostly irrelevant documents returned by searches, a drawback of the traditional tools inability to help investigators bulk eliminate false positives. Answer the frequently asked question of who said what to whom only by manually and painstakingly re-creating the flow of events, using complex diagrams depicting relationships with time/date stamps of emails connecting senders and recipients. Other custodian-document relationships are also separately manually analyzed to understand the timing and flow of communications across different custodians. The lack of visual analytics that help uncover event chronologies and situational contexts limits an investigator s ability to quickly identify and assess case facts. 2

In addition, investigators are unable to perform advanced analyses based on: A universal view of all variations of a custodian s email address with the choice to designate specific addresses upon which to focus Inbound or outbound email communications for specific custodians to understand the flow of key information Files that have been saved under a different name or file type, since they can t be identified or traced back to their original custodian As a result, investigators face high false positive and low cull-down rates that necessitate additional searches and reduce data by only 30% to 40%. More importantly, investigators risk an inaccurate and incomplete investigation because they can t easily find all the relevant evidence or the smoking gun. Step 4: Deliver Data With traditional tools, investigators must spend an inordinate amount of time manipulating files from multiple point products to develop a standardized format for data delivery to case requestors or other members of the investigation team (i.e., paralegals, inside counsel or HR) for further review. Oftentimes, gigabytes of analyzed documents from each application are printed out or separately saved to DVDs and physically delivered to business team members for review. The lack of a single, Webbased, self-service portal for the team to quickly review relevant documents results in unnecessary overhead and complexity. These traditional workflows severely limit an investigator s ability to quickly cull out irrelevant data, intuitively unearth critical documents, and administer investigations with ease and simplicity. Progressive investigators need a new approach that can help them streamline their investigations with greater accuracy, speed, and effortlessness than ever before. Corporate Best Practices for Streamlining Digital Investigations The Clearwell ediscovery Platform is the first enterprise-class investigation management solution designed and proven to accelerate investigations within a single, easy-to-use application. Drawing upon corporate best practices of hundreds of enterprises, Clearwell provides an integrated processing, search, analysis, review, and delivery platform. With Clearwell, investigators are up and running within 25 minutes and can rapidly cull-down data and quickly expose and prioritize key facts of an investigation in context through advanced analyses. Clearwell s Web-based portal also allows investigators to easily administer and manage access to their investigations, so they can more effortlessly scale and increase productivity. 3

Revisiting the earlier example of the step-by-step investigation workflow, the following process details how real companies are employing the Clearwell ediscovery Platform to streamline their digital investigations. The Clearwell ediscovery Platform draws upon corporate best practices to accelerate digital investigations. Step 1: Collect Data This step remains largely unaltered since data must still be collected from multiple data sources. However, once this is completed, Clearwell seamlessly integrates into a company s current collection process. Since Clearwell can automatically extract data from logical files, manually exporting the data from the standalone tools to Clearwell is unnecessary and the collection process is streamlined. Step 2: Audit and Filter Collection Instead of jumping directly into data indexing, Clearwell s Pre-Processing Module offers a set of interactive reports, which provide investigators with detailed visibility into the makeup of the data collection within a case. Investigators can then audit the collection for missing data and accurately filter out irrelevant files prior to full indexing, significantly reducing data volumes. This allows users to: Utilize visual analytics to summarize overall document set characteristics and present detailed analysis by custodian, timeline, and file type. This rapidly confirms that all Clearwell Pre-Processing Filters can reduce case datasets by up to 30% by filtering on custodian, data, strong file type, and file size prior to processing. 4

case data has been collected and allows for accurate estimation of investigation budgets and timelines, as well as an increasingly defensible process. Interactively filter collected data by custodian, date, strong file type, and file size prior to full processing. Clearwell also provides one-click filtering of custom file and NIST List items from Guidance LEF and E01 containers, eliminating the need to manage and manually export data to another tool to perform this task. Step 3: Search and Analysis Once full indexing is complete, Clearwell s advanced search and analysis capabilities enable investigators to gain immediate visibility into case facts. Interactively reduce collected data. Clearwell s Auto-Filters automatically group the data set by several metadata fields such as email sender domain, sender name, email recipient domain, recipient group, recipient name, document type, and language type, and display exact hit counts across the entire search result set for every filter. This allows investigators to reduce data by 80% to 90% by simply clicking on a checkbox to cull-down documents containing irrelevant information for instance, removing all extraneous emails received from domains like amazon.com or espn.com. Clearwell Auto-Filters automatically group search results by metadata fields such as tag, sender domain, recipient domain, document type, custodian, and language type. Route special documents to experts. As one example, Clearwell automatically identifies documents written in different languages, which can allow an investigator to quickly route Chinese email and documents to a translator or to another investigator fluent in Chinese. Discover exactly who knew what and when. Clearwell s Discussion Threads analyze both metadata and content to link together emails, including all replies, carbon copies, blind carbon copies and forwards, into chronological threads. By tracing the thread, users can quickly identify all primary and peripheral participants involved and address the most important question in an investigation: who knew what, when. 5

Clearwell Discussion Threads dynamically link together all related messages into chronological threads that capture entire discussions to determine exactly who knew what and when. Improve the accuracy of searches. Clearwell s Participant Selector provides a list of email addresses associated with a custodian, allowing investigators to specifically choose the addresses that should be included in the investigation. Analyze individual communication patterns. Clearwell s People Analytics enable investigators to analyze individual and group-to-group communications within a company or with customers, suppliers, and partners. Users can easily access a ranked list of top custodians for a search or monitor communications between regulated and non-regulated divisions. Discover secret project names and code words. Clearwell s Term Analytics analyze noun phrases to help investigators find code words or secret project names that are likely to be relevant to the case. Find all instances of a document. Clearwell s File Analysis capabilities automatically find all instances of an attachment or loose file based on multiple hash values that relax the last modified date, strong file name, or other metadata. Investigators can then find all instances of a document even if a document name or extension has been changed. Step 4: Deliver Data Whereas traditional tools often require manual and time-consuming processes to deliver data, Clearwell enables investigators to: Provide access to case data through a single Web-based portal. Clearwell s Web-based platform provides a single, easy-to-use portal that allows investigators, business users, paralegals, counsel, law enforcement, and other authorized users to access case data in real time. Enable self-service for reviewers. Clearwell provides reviewers with the ability to quickly access key facts in standard, easy-to-read formats directly. 6

Clearwell Term Analytics analyze noun phrases to uncover secret project names and code words. Using traditional technologies, the average time required to collect and cull-down investigation data to its relevant facts and deliver the data to reviewers can take between five and ten days. By contrast, using Clearwell investigators can generally complete this process in just one day, dramatically accelerating the rate at which investigations can be completed. Summary As today s corporate investigators face increasing pressure to complete more cases involving growing amounts of digital evidence with less time and money, they can no longer be satisfied or effective with traditional, incomplete, and inefficient tools. In addition to prolonging an investigation, these traditional approaches introduce greater risk and costs that investigators cannot afford. Rather, investigators need a next generation digital investigation solution that enables them to gain immediate visibility into case facts easily, simply, and intuitively. The Clearwell ediscovery Platform is uniquely designed and built to meet the needs of investigators and is being used by hundreds of companies across thousands of cases to improve their investigative process. With Clearwell, investigators can tackle their cases with unparalleled ease and confidence. 7

About Symantec Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Symantec helps organizations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions. Copyright 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 02/2012 21227800

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information