The Portcullis Guide to Disclosing Electronically Stored Information (ESI)

Similar documents

E-DISCOVERY & PRESERVATION OF ELECTRONIC EVIDENCE. Ana Maria Martinez April 14, 2011

Proactive Data Management for ediscovery

In-House Solutions to the E-Discovery Conundrum

Electronic Discovery How can I be prepared? September 2010

UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE. 99 Park Avenue, 16 th Floor New York, New York

Digital Forensics, ediscovery and Electronic Evidence

Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI)

Elements of a Good Document Retention Policy. Discovery Services WHITE PAPER

Neil Meikle, Associate Director, Forensic Technology, PwC

Digital Forensics Services

Electronic Discovery The Sedona Canada Principles

Predictability in E-Discovery

How to Avoid The Biggest Electronic Evidence Mistakes. Ken Jones Senior Technology Architect Pileum Corporation

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013

ELECTRONIC DISCOVERY. Dawn M. Curry

E-Discovery and Electronically Stored Information (ESI):

Electronic Discovery

How To Write A Hit Report On A Lawsuit Against A Company

LEGAL HOLD OBLIGATIONS FOR DISTRICT EMPLOYEES

General Items Of Thought

THE IMPACT OF THE ELECTRONIC DISCOVERY RULES ON THE EEOC PROCESS

Legal Arguments & Response Strategies for E-Discovery

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery. ZL TECHNOLOGIES White Paper

DISCOVERY OF ELECTRONICALLY-STORED INFORMATION IN STATE COURT: WHAT TO DO WHEN YOUR COURT S RULES DON T HELP

E-Discovery Technology Considerations

E-Discovery Best Practices

Electronic Discovery & Digital Forensics

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

IT Roles in Loss Prevention. Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP

Digital Security. Dr. Gavin W. Manes, Chief Executive Officer

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

ZEROING IN DATA TARGETING IN EDISCOVERY TO REDUCE VOLUMES AND COSTS

Amendments to Federal Rules of Civil Procedure. electronically stored information. 6 Differences from Paper Documents

Electronic Discovery and the New Amendments to the Federal Rules of Civil Procedure: A Guide For In-House Counsel and Attorneys

E-Discovery for Backup Tapes. How Technology Is Easing the Burden

Archiving and The Federal Rules of Civil Procedure: Understanding the Issues

Electronic Discovery

Electronic Discovery: Litigation Holds, Data Preservation and Production

Global Headquarters: 5 Speen Street Framingham, MA USA P F

B. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence.

IBM ediscovery Identification and Collection

102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare

4/23/2014. E-Discovery. What is ESI? Discovery. Electronically Stored Information. The downside. Discovery generally. E-Discovery

Freelance Lawyers. The industry's best kept secret. Christopher Kozlowski

Electronic Data Retention and Preservation Policy 1

Purpose: To ensure that e-discovery Requests and Litigation Hold Notices are received, routed and responded to in a timely and thorough manner.

How To Manage Cloud Data Safely

Navigating Information Governance and ediscovery

COURSE DESCRIPTION AND SYLLABUS LITIGATING IN THE DIGITAL AGE: ELECTRONIC CASE MANAGEMENT ( ) Fall 2014

Discovery Technology Group

EnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network.

ACADEMIC AFFAIRS COUNCIL ******************************************************************************

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

How To Audit Health And Care Professions Council Security Arrangements

Deloitte Discovery Caribbean & Bermuda Territory Guide

E-Discovery: The New Federal Rules of Civil Procedure A Practical Approach for Employers

Chapter 7: Trends in technology impacting SDLC Learning objective Introduction Technology Trends

Data Preservation Duties and Protocols

What Happens When Litigation Starts? How Do You Get People Not To Generate the Bad Documents?

Successful ediscovery in a Bring Your Own Device Environment

The E-Discovery Process

EMC SourceOne Management and ediscovery Overview

The Honorable Dwight Kay Illinois House of Representatives 401 Stratton Springfield, Illinois June 10, Dear Mr. Kay,

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

E-Discovery for Paralegals: Definition, Application and FRCP Changes. April 27, 2007 IPE Seminar

Transcription:

The Portcullis Guide to Disclosing Electronically Stored Information (ESI) Portcullis Computer Security Limited www.portcullis-security.com http://labs.portcullis.co.uk/ Tel: +44 (0)20 8868 0098 Email: asm@portcullis-security.com

Who am I? Eight years in Digital Forensics / edisclosure Portcullis since February 2012 LE and commercial clients Worked for both defences, prosecution and plaintiffs People still manage to surprise me!

What is edisclosure? Electronic disclosurerefers todisclosureincivil litigationwhich deals with the exchange of information inelectronic format(often referred to as Electronically Stored Informationor ESI). This data is subject to local rules and agreed-upon processes, and is often reviewed for privilege and relevance before being turned over to opposing counsel.

edisclosure vs Digital Forensics Forensic principles are applied where possible 1GB of data is equivalent to 65000 pages of A4. Expect to work on an average of 5 custodians Approximately 10GB of responsive data per custodian 50 x 65000 = 3,250,000 pages

edisclosure Putting it in Perspective

edisclosure Laws and Guidelines Civil Procedure Rules of England and Wales PD 31 PD 31b ACPO Guidelines for Computer Based Evidence

edisclosure Landmark Case Zubulake v. UBS Warburg 2003/2005. Plaintiff was awarded $29.3 million. Set many of the principles applied to ESI today Points to bear in mind are: Do not try to hide things Do not try to destroy things - someone WILL find out

edisclosure Early Case Assessment Identify level of exposure Can be used proactively Regulatory bodies can take a pragmatic view Average ECA of five days Dependent on volume of data

Electronic Discovery Reference Model Processing Preservation Information Management Identification Review Production Presentation Collection Analysis VOLUME Electronic Discovery Reference Model / 2009 / v2.0 / edrm.net RELEVANCE

Information Management Getting your electronic house in order Mitigate risk & expense From initial creation of ESI to final disposition Knowing where all relevant data is can reduce overall costs

Identification Aim: To identify: subject matter experts resources involved potential sources of data the depth and breadth of potential liability aggregate information sources for developing a course of action Goal: Evaluate, leverage and mitigate

Identification - Data Sources Data requiring examination may stem from many sources: Laptops, (Encryption)? Desktop Systems Servers NAS/SAN Thumb drives Digital Media cards

Identification - Data Sources Data requiring examination may stem from many sources (cont): Mobile telephones/blackberry MP3 players, IPOD etc Satellite Navigation Systems Backups (data tapes / cartridges etc)

Identification Potential Issues Could data fall outside corporate ownership? BYOD policy Employee status (full time, contractor?) Webmail

Preservation Aim: When duty to preserve is triggered, promptly isolate and protect potentially relevant data in ways that are: Legally Defensible Forensically Sound Proportionate Efficient Auditable Broad, but tailored Goal: Mitigate risks

Collection Aim: When data needs to be used, collect potentially relevant data in ways that are: Legally Defensible Forensically Sound Proportionate Efficient Targeted Auditable Goal: Mitigate risks

Collection Methods Forensic image acquisition Targeted collection of data using specialist utilities Mailbox dumps or complete message database? Client provided data Copying of data using file manager (Windows Explorer, Finder etc)

Processing Aim: Perform actions on ESI to allow for: metadata presentation Itemisation normalisation of format data reduction via selection for review Goal: Identify ESI items appropriate for review and production as per project requirements

Review Aim: Gain an understanding of document content while organising them into logical sub-sets in an efficient and cost effective manner Goal: Develop facts Reduce risk and cost Leverage technology Facilitate collaboration and communication

Production Aim: To prepare and produce ESI in an agreed upon and usable format Goal: Efficient production in compliance with agreed production specifications and timelines Reduce cost, risk and errors

Portcullis and edisclosure Natural progression from existing services ECA ensures cost effectiveness CPR Practice Direction 31b Costs dependant on volume of data No per GB processing charges

Questions? Portcullis Computer Security Limited