Forensic Archive Boosts Information Management for the Data Center

- Jim McGann, VP of Information Discovery, Index Engines (www.indexengines.com), says:

Email is the most common source of evidence when facing legal and other regulatory investigations. Managing and preserving email in a defensible manner is critical to support lawsuits and investigations. Botched collection of email has been known to lose cases and also result in significant sanctions and fines.

Forensic level culling and archiving of email is required to ensure both accuracy and defensibility when collecting and preserving sensitive corporate records on legal hold. Forensic archiving does not convert email but saves it in its original bit-level format and extracts it from the email database (i.e. MS Exchange, IBM Lotus Notes). The sophistication of forensic archiving cannot be easily replicated nor can its significance be disputed when dealing with key evidence in an important lawsuit.

With that in mind, Index Engines, a New Jersey based software manufacturer specializing in information management products, released the new Octane Forensic Archive for Litigation Hold. This new forensic archive indexes MS Exchange and IBM Lotus Notes email, allowing for full content and metadata culling. Indexing of the email database is performed using a unique bit for bit indexing process. MAPI based crawling tools are not utilized as they are slow and cannot process any content that does not have a viable crawl path (i.e. corrupt or partial EBD’s as an example). Bit level indexing will process the entire email database including deleted email residing in the tombstone or dumpster. This approach ensures comprehensive access to all email and not limited to what MAPI based tools can crawl.

Once email is culled, and tagged as responsive, it can be extracted from the database. Index Engines has the ability to extract email from disk, forensic images or even backup tapes. Extracted email is not converted to eml or msg formats, it is preserved in its bit format. Extracting John Doe’s mailbox will only extract the specific bits that define this mailbox and hold it in a culled forensic image. No other ESI collection platform can preserve email in this manner since they do not have bit level knowledge of the database structure.

The new Octane Forensic Archive for litigation hold demonstrates Index Engines’ dedication to solutions for cost effective, secure collecting and preserving of ESI. As well as, the unique ability to have detailed, bit-level knowledge of email databases which allows us to introduce this new breakthrough in forensically sound email collection and preservation.

About the Author
Jim McGann is the eDiscovery expert and VP of Information Discovery for Index Engines (www.indexengines.com). Based in New Jersey, Index Engines’ patented discovery platform provides corporate and legal clients with comprehensive insight into their data to simplify information discovery, classification and management. Email Jim at jim.mcgann@indexengines.com.

Project Management for eDiscovery Collections – Get it Right the First Time

- Alon Israely, Senior Advisor, BIA (www.biaprotect.com), says:

Corporations get sued or investigated by regulators all the time – and one day, it will be your company (if it isn’t already.) As an IT professional, legal will probably come to you and ask you to gather certain data – that is, to perform “a collection of the relevant documents and emails”. Suddenly, you will find yourself forced into the realm of electronic discovery (“eDiscovery”), which is a different animal than the standard data migration job or file transfer operation.

From a project management perspective, think of eDiscovery just like any other IT project, but with a twist: since the requests are coming from lawyers, the data you’re harvesting is actually evidence. Concepts such as defensibility, spoliation and testimony apply in eDiscovery, so the data collection process must be handled with a forensically sound and methodical process.

Best practices for IT managing eDiscovery projects include:

• Use common sense. The tools and project management skill sets you currently possess have been vetted within your corporation and you know a lot about data. Just because eDiscovery is an unfamiliar type of IT project in your corporation, you don’t have to invent new eDiscovery project management protocols. The basic principles of gathering and organizing data are the same. It’s about using the right tools, keeping good documentation and being careful to ensure the data handling is performed in a compliant way that is different for eDIscovery projects.

• Get your team in place. Have well-defined roles and a clear understanding of industry standard models such as the EDRM (www.edrm.net) and principles espoused by the Sedona Conference (http://www.thesedonaconference.org/ . These models describe the full eDiscovery process related to data involved in legal proceedings and investigations, from information management on the IT level such as data mapping all the way through until the case goes to trial where some of that data must be presented in court. There are a lot more logging, auditing processes, chain-of-custody requirements and specialized mechanics in the eDiscovery process that each member of the team must understand to ensure the legal soundness and defensibility of the results.

• Remember - you only have one shot. In eDiscovery, you do not have the luxury of doing the collection again. You have to do it right the first time. Do not be afraid to ask questions and get the clarity you need from your department heads and legal counsel so you can perform the project correctly. There can be a host of inter-dependencies of which you may not be aware and thus will never know unless you ask questions. Clarify, clarify, clarify; and then base your data identification and collection schedule on that feedback.

• Standard IT tools won’t do. The biggest mistake an IT professional can make when it comes to eDiscovery is thinking he or she can not only do it themselves with standard IT tools, but also that standard IT tools will somehow be cheaper. Most standard IT data copy tools do not perform the necessary mechanical steps which preserve the integrity of the data collection. Additionally, you may come to realize midway through the process that you need too many of these tools to perform the process cost-effectively. Using standard IT tools for eDiscovery can be disastrous much later on when the lawyers are trying to make sense of the data that has been collected in a way that does not conform to legal standards.

• Use appropriate eDiscovery products. There are excellent eDiscovery products on the market designed from the ground-up for the eDiscovery process, and so, have the built in tools and measures to preserve the integrity of the collection process, the data results and to save IT professionals from having to testify as a witness at a deposition or in court. In the end, these products will be far more cost-effective than a piecemeal approach with standard IT tools.

eDiscovery projects are unfamiliar territory for many corporate IT professionals, and the territory is fraught with peril. However, by leveraging what you do know about data, consulting legal counsel to ensure the data is kept pristine and protected, and using proven eDiscovery tools to assist you, you can prevail. Being smart about eDiscovery protects you and your organization both, and next time your employer gets sued, you’ll be ready, willing and able to manage eDiscovery projects with great success.

Potential Legal Liabilities in the Data Center

- Vidya Phalke, chief technology officer at MetricStream (www.metricstream.com), says:

What steps can you take to limit the possibility for potential legal liabilities to take place?
Implement Policy programs that support accountability and communication of your policies and procedures. Programs must have a role-based publication, communication, awareness and acceptance programs and training, supported monitoring and documenting compliance through periodic audits, surveys and self-assessments. Moreover, there needs to be tight integration between the policies and procedures and the compliance, risk, control framework. This includes dynamic links and references between the two - for a clear mapping of policies to controls, control objectives, risks, areas of compliance, etc.

What potential legal liabilities might enterprises face, and how can they prevent them from happening in the first place?
Companies have to comply effectively with country specific laws and regulations for interactions and business practices where risks and losses arising from unintentional or negligent failure to meet an obligation can be prevented and mitigated through automated controls ensuring adherence to best practices. They have to ensure compliance with internal procedures, external regulations and industry mandates while streamlining complex interactions and ensuring that the staff are aware of procedural and regulatory requirements. At all interaction and exposure points, required and mandatory steps are enforced and recorded in an auditable system ensuring compliance in an end-to-end fashion.