Malc0de CyberNet
Fulfill your daily dose of Security & Tech News.
The Electronic Discovery Reference Model (Source: EDRM – www.edrm.net)

A Beginners Guide to e-Discovery and stages involved

Traditionally, discovery occurred when there is litigation. The litigating parties review evidence in the other’s possession before full court proceedings begin to see the quality of it; that can help determine whether or not the court proceedings should be proceeded to or an out-of-court settlement will be reached. The process of this evidence review is known as discovery.

With advancements and developments in technology has led to basically every aspect of human endeavor being linked one way or the other to information technology. This could be through the use of electronic devices like mobile phones, tablets, PCs, laptops, CCTV cameras, etc; or platforms like corporate networks, the Internet, social media and so on. These devices and platforms have given rise to a new genre of evidence – digital evidence. The use of these devices and platforms leave the digital footprint in the form of electronically stored information (ESI) which serve as digital evidence for investigations and in litigation.

As a result of this digital evidence, a new field of discovery emerged: electronic discovery (eDiscovery). Essentially, eDiscovery involves parties in litigation reviewing digital evidence in the other’s possession before full court proceedings to determine whether or not to go ahead with court proceedings or to settle out of court. Digital evidence has to be presented in a court of law in a manner that is acceptable to the law of the land. In fact, the collection, handling, analysis, review and storage of the digital evidence all have to be done in line with legal requirements, that is to say, the digital evidence should be forensically sound for it to be admissible in court. This shows that eDiscovery is a kind of manage between information technology and the law.

Also See: 100 Best Open Source Security Tools

eDiscovery begins once there is a reasonable anticipation of litigation; hence an organization has to start preparing for it once it has reason to believe litigation is inevitable. This has to be so, and should not wait until litigation begins as this can lead to sanctions against the party that does not prepare beforehand.

The process of eDiscovery can be summarized in the Electronic Discovery Reference Model (EDRM) which comprises nine stages:

  • Information governance
  • Identification
  • Preservation
  • Collection
  • Processing
  • Review
  • Analysis
  • Production
  • Presentation
The Electronic Discovery Reference Model (Source: EDRM – www.edrm.net)

Information Governance

This does not necessary wait for litigation to be in place. Good policies and management of information assets help ensure timely and forensically sound ESI whenever digital evidence is requested – this could be for eDiscovery or other forensic investigations.

Identification

As soon as there is a reasonable anticipation that there would be litigation, the electronic evidence that may become requested for eDiscovery has to be identified. What would be relevant has to be identified.

Preservation and Collection

Information and data (ESI) that has been identified to be relevant for eDiscovery has to be preserved, protected from tampering, alteration or destruction so that it will be readily available on time if requested for. As the ESI is being preserved, it should also be collected, acquired to be forwarded for processing review and analysis.

Processing, Review. and Analysis

The preserved ESI that has been collected is then processed to filter out non-relevant data from the evidence in order to ensure efficient and effective review. The review stage is to further ensure that the ESI is relevant and also to filter out possible privileged data and information. After that the analysis is carried out to ensure the ESI to be produced meets the requirements of the other party that requested for it as well as legal requirements.

Production

The litigant requesting for ESI usually determines how such is to be produced. Hence the production stage involves presenting the ESI to the requesting in the format that was requested for. It could be delivered in full; final production, or based on milestones; that is rolling production.

Presentation

The final stage of the eDiscovery process is the presentation of the digital evidence in court. The evidence apart from being forensically sound has to be presented also in a legally acceptable manner and should be presented in a professional and easy to understand manner. Most judges and jury are not technical; hence the presentation has to be done in such a way as not to lose them. That said, the presentation still has to be professional so that it will not be written off, should definitely not be shabby.


I hope that you enjoyed reading this. This will give you a head start. More articles on Digital Evidence, Forensic investigation are to come. Leave a comment below if you liked reading the article, we love to hear your feedback.

2 Comments
  1. Ivan Vega says

    Great article ! Thanks

    1. Dauda Sule says

      You’re welcome, Ivan. Thanks for the feedback.

Leave A Reply

Your email address will not be published.