A Best Practice Framework for Data Acquisition

Similar documents
RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Data Protection. Secure Media Management. Offsite Tape Vaulting Drives Efficiencies, Enhances Control and Improves Audit Readiness

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

ediscovery Solution for Archiving

IBM Unstructured Data Identification and Management

AccessData Corporation. No More Load Files. Integrating AD ediscovery and Summation to Eliminate Moving Data Between Litigation Support Products

From Chaos to Clarity.

A Websense White Paper Websense CloudMerge Ingestion Service

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

IBM ediscovery Identification and Collection

Union County. Electronic Records and Document Imaging Policy

Accelerate your mission with GTSI Integration Services

Cisco Change Management: Best Practices White Paper

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

Guide to advanced ediscovery solutions

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Data Management Implementation Plan

HKITPC Competency Definition

Digital Forensics G-Cloud Service Definition

Director, Value Engineering

e-discovery Forensics Incident Response

Domain 1 The Process of Auditing Information Systems

Digital Forensics Tutorials Acquiring an Image with FTK Imager

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

How To Manage Security On A Networked Computer System

Leveraging enterprise data and advanced analytics in core operational processes: Demand forecasting at Cisco

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

Real World Strategies for Migrating and Decommissioning Legacy Applications

Discovery Data Management

SACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012

OPTIMUS SBR PROCESS IMPROVEMENT. Streamline your outdated process for maximum efficiency. CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Validating Enterprise Systems: A Practical Guide

Contents. Best Practices Guide. 3 Physical Records: The Ongoing Compliance Challenge

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE

White Paper: Managing ediscovery Initiatives In-House. Managing ediscovery Initiatives In-House

Incident Management & Forensics Working Group. Charter

Title: Harnessing Collaboration: SharePoint and Document Management

Subject Area 1 Project Initiation and Management

IBM Enterprise Content Management: Streamlining operations for environmental compliance

Process Assessment and Improvement Approach

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Maximizing the benefits of USPS Full-Service Intelligent Mail

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

Manage IT Service Continuity and Availability

Viewpoint ediscovery Services

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Complete Document & Process Management for Life Sciences on SharePoint 2010

APPENDIX B TO REQUEST FOR PROPOSALS

Project Management Office Charter

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

How to Manage Costs and Expectations for Successful E-Discovery: Best Practices

CHARTER. Interagency Information Systems Working Group. Timber Regulation and Forest Restoration Program June 23, 2015

Integrated archiving: streamlining compliance and discovery through content and business process management

Improving Service Asset and Configuration Management with CA Process Maps

Making the Cloud a Safe and Secure Place for Data

Computer Forensics & Electronic Discovery Setec Investigations offers unparalleled expertise in computer forensics and electronic discovery,

EXPLORING THE CAVERN OF DATA GOVERNANCE

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

Building a Data Quality Scorecard for Operational Data Governance

Software Escrow Service Workflow. Comprehensive and Trusted Software Escrow Services from Iron Mountain.


Digital Forensics, ediscovery and Electronic Evidence

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

A Global IT Managed Service Provider

INFORMATION ACCESS OPERATIONS LIST OF CORE SERVICES TO MINISTRY CLIENTS

Project Management Guidelines

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

10 Steps to Establishing an Effective Retention Policy

Todd Heythaler Information Governance & ediscovery. Emerging Technologies Work Group

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA

BlitzDocs Product Brief. Intelligent collaboration in the mortgage process

Our solutions reduce costs, streamline process and increase efficiencies. Facilities Management Litigation and Document Solutions

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

ILM et Archivage Les solutions IBM

Quality Manual. DuraTech Industries, Inc Commerce Street La Crosse, WI MANUAL SERIAL NUMBER 1

How Technology Supports Project, Program and Portfolio Management

Are Mailboxes Enough?

Internal Audit Checklist

DIGITAL FORENSIC TECHNOLOGY SEE BEYOND THE NUMBERS

Agreement Elements for Outsourcing Transfer of Born Digital Content

The Benefits of Archiving and Seven Questions You Should Always Ask

Information & Asset Protection with SIEM and DLP

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

Certified Information Professional 2016 Update Outline

Internet Reputation Management Guide. Building a Roadmap for Continued Success

COMMUNICATIONS MANAGEMENT PLAN <PROJECT NAME>

Qlik UKI Consulting Services Catalogue

SECURITY. Risk & Compliance Services

Ten practical steps for streamlining e-discovery from a lawyer s perspective

Biorepository and Biobanking

Applying ITIL v3 Best Practices

White Paper. Authenticating Digital Evidence Identify and Avoid the Weak Links in Your Chain of Custody

Section 1 Project Management, Project Communication/Process Design, Mgmt, Documentation, Definition & Scope /CRO-Sponsor Partnership

The ediscovery Balancing Act

Misplaced Trust: Vendor Fraud. IIA/ACFE Conference Patrick Mitchell, Managing Director Sharon Delgado, Senior Manager

Information Security Program Management Standard

Transcription:

A Best Practice Framework for Data Acquisition Corporate Headquarters 595 Greenhaven Road Pawcatuck, CT 06379 US European Office London, United Kingdom P: 860.599.9760 F: 860.599.9768 info@the-olivergroup.com www.the-olivergroup.com

Electronic data and electronic evidence. Finding it, accessing it and collecting it can be a daunting process. As the role of electronic data becomes increasingly more critical to the litigation process, it s imperative to develop rigorous protocols and procedures for data acquisition. The Oliver Group has spent years defining, building and implementing a best practices approach to the acquisition process. Based on international standards, direct experience and technical expertise, our proven framework has helped us successfully manage engagements across multiple jurisdictions. At a high level, the data acquisition process typically can be broken into three phases: Secure communication procedures Incident handling and escalation paths Status meeting schedule Initial documentation/information request list The assessment process Every organization varies in its organization, infrastructure, technical environment, and culture. As a result, the engagement must be tailored to meet the unique requirements of the situation to ensure the complete and accurate capture of the dataset. The assessment process consists of: Administrative Discovery Technical Discovery Data Acquisition Action Plan Step One Administrative Discovery Phase One: Planning The planning phase allows The Oliver Group to refine the engagement strategy to meet the specific needs of the company. Ideally the planning phase should begin with a kickoff meeting that defines and validates the overall approach, and ends with stakeholder signoff. Without agreement and understanding among the stakeholders at the outset, the likelihood of errors, delays and increased cost rises. The kickoff meeting should, at a minimum; cover the following items: Administrative discovery is all about understanding the root cause of the inquiry for information and the entities and people that may be involved. It is important to consider is who is the main driver of the process: internal legal departments, outside counsel or regulatory entities. How data is acquired and handled may vary depending on the nature of the inquiry, which may be as a result of: Government investigation Internal audit request/investigation or other sources Criminal or civil litigation Initial rules-of-engagement Identification of project stakeholders High level goals and objectives The Oliver Group l 2

The final element of administrative discovery is getting a clear picture of organizational layout and the flow of information between departments and individuals. This provides a roadmap of where key players sit within the organization and what are the most appropriate places to look for key custodian data. All of these facets must be taken into consideration because they have a direct impact on the project and its ultimate deliverables. For example, choosing a forensic acquisition approach instead of a non-forensic approach has significant impact on the entire electronic discovery process and the accessibility of certain data post-acquisition. Step Two: Technical Discovery An understanding of the client s specific technical environment is critical to determining the scope of collection, the necessary tools and resources required, and formation of an appropriate action plan. The Oliver Group works in concert with clients to acquire specific technical information spanning several key areas (see chart). This upfront process can be completed by the client s internal IT and compliance staff, however, The Oliver Group frequently works with corporate clients and law firms in an advisory capacity to: Develop a litigation readiness plan which evaluates these areas in advance of an event Assist with locating and accessing relevant data Generate the specific strategy and tactics of collection Provide technical oversight and guidance The Oliver Group l 3

Step Three: Collection Plan Upon assessment of all pertinent information, The Oliver Group, in conjunction with the client, develops a Data Acquisition Action Plan which consists of the following aspects: The Oliver Group l 4

Phase Two: Collection Phase Two encompasses the actual collection of electronic data and is structured entirely to address the findings and action plan agreed upon in Phase One. A typical data acquisition project may include: Locating data deemed relevant on local drives or networks Verification that all relevant files have been located Documentation of all harvested data Installation of data capture devices and confirmation of capture location Accessing relevant email and file server data Creation of separate archive files for both file server and email data Providing a final report of collected files During acquisition, The Oliver Group preserves all data associated with the electronic file including: Naming conventions Path structure System level metadata (filename, create date, modify date, last access date, and original file location) File level metadata (internal fields storing information such as author, subject, summary, etc) Experts and Teams Due to the complexity of the data acquisition process it s imperative to build the right acquisition team and enhance it with individual experts as necessary. Data acquisition teams typically will include a combination of senior level consultants and systems engineers with backgrounds in a variety of relevant fields: Computer forensics Data collection Media restoration Electronic discovery processing Acquisition Tools Depending on the requirements of the project, a variety of acquisition tools may be used to automate and support the collection effort. The Oliver Group has developed a proprietary set of tools to enhance industry standard tools. The Oliver Group s approach to acquiring data is in accordance with forensically sound practices, ensuring data integrity is maintained throughout the process. A combination of standard and proprietary applications is used to locate and collect client data along with the appropriate tools for managing the logistics of the project. Acquisition Procedures The Oliver Group s benchmark methodology was developed through extensive work on large scale acquisition projects. We ve developed a streamlined, efficient process to acquire massive amounts of data as well as the needle in a haystack variety. This capability can only be found among service providers who have deep technical expertise and real world experience with the electronic data discovery process. The Oliver Group l 5

The core procedure model for data acquisition within an enterprise includes: Creating A Master Custodian List The custodian list is comprised of all relevant custodian names that are supplied by the client s IT staff and their counsel. Forming a comprehensive, accurate master list is an essential element to protecting data integrity, maintaining chain of custody, and ensuring that every responsive file for each custodian is collected. The master custodian list serves as a blueprint for the collection and tracking of custodian data. The list can only be developed if there is a full understanding of the client s technical environment, current and historic data archiving, data identification, and data storage procedures. Custodian Naming Due to the uniqueness of client environments and naming structures, a variety of challenges can develop that may impact the accuracy and completeness of a data set, including: Changes in last names (e.g., marriage) Different names that could generate a similar naming structure (for example: Jen Smith and John Smith could generate a similar jsmith naming structure) A change by the client s IT department to the custodian coding/naming structure of employees for the organization, including id type naming conventions which have no reference to a custodian without a key To combat these challenges, The Oliver Group has developed quality control measures such as: Working with the client IT staff to gain all account information for all relevant custodians Cross checking all user naming/ identification conventions with the client s IT administration Verifying custodian information post extraction by sampling data to confirm correct custodian name and naming convention File Tracking Every relevant file for every user must be tracked and accounted for during data collection. The Oliver Group acquisition teams utilize approved forms and standardized documents to track: Collection components Key collection metrics The collection and delivery of files for further electronic discovery processing Acquisition Logs To accurately document acquisition activities, The Oliver Group utilizes a series of collection logs and reports designed to maintain all relevant details associated with data collected. These logs capture: Which drives, folders and files have been accessed The date, time, and location of the collection Full path names Where data has been transferred Notes about the collection Size of data collected Hash values if applicable The Oliver Group uses a combination of detailed event logs, media intake logs and data restoration logs (as well as others depending on the project) to provide a complete audit trail covering data acquisition to data delivery. The Oliver Group l 6

Phase Three: Closeout Data Transfer and Delivery Once data is collected, it must then be transferred and transported to a processing facility. The Oliver Group recommends placing collected data onto external hard drives. This media type allows for the easiest transportation of the data and simplifies the subsequent transition into the restoration process. All data transfer is recorded and documented in Chain of Custody logs, to assure that all data and media are accounted for at all times. Special precautions should be taken when packaging, transporting, and storing electronic media. The Oliver Group recommends that media be shipped in secure, hard-case containers designed specifically for the shipment of the particular media type. These containers should be designed to protect the media against temperature fluctuation, humidity fluctuation, physical shock, and electrostatic discharge. By doing so, clients minimize the chance of source media being tampered with or otherwise damaged. It is also important to include a manifest of the shipment s contents in each container. This manifest should clearly indicate the contents of the shipment and the project to which it belongs, along with information about the client s point-of-contact should there be any questions or issues related to the shipment. Many clients have standardized formats for their shipment manifests and Chain-of-Custody documentation, however, The Oliver Group will provide templates upon request. The method of shipment is determined by the client s needs and preferences. Shipping methods range from utilization of large scale commercial services such as FedEx and UPS, to secure courier services. The Oliver Group is also equipped to transport the media once a phase of the collection or the entire collection process is complete. is generated to provide an accurate means of correlating collected data to its source. The Oliver Group s data collection policies are designed to adhere to the strict chain of custody procedures which investigations of this nature demand. The Oliver Group maintains strict Chain-of- Custody procedures, designed to ensure the security and integrity of clients data. Upon receipt of media, The Oliver Group conducts a catalog of the collected data s contents. This includes a physical inspection of the media, creation of the Chain-of-Custody Document and the recording of any documentation included with the shipment. The Chain-of-Custody documents serve as comprehensive tape inventory reports and are maintained by The Oliver Group throughout the project s lifecycle. Clients are provided with copies of the Chainof-Custody documents for their records. Media Preservation Upon completion of the intake process, media is housed within The Oliver Group s secure media library. For active processing, media is checked out of the library and transferred to our production area, which is accessible only to senior executives and authorized production team. Conclusion Collecting electronic data is a sophisticated and complex process. By working with The Oliver Group, clients leverage The Oliver Group s unique expertise in data recovery and our proven experience in managing large scale data collection projects. Through The Oliver Group, clients access a technical team that has developed collection methodologies built upon the principles of data integrity and chain of custody. They tap into the knowledge of The Oliver Group s engineers who have knowledge and skill sets spanning the areas of computer forensics, data collections, data restoration, and electronic discovery processing. Chain-of-Custody The Oliver Group ensures that all data collected is tracked precisely throughout the project s lifecycle and that a documented source history The Oliver Group l 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information