Electronically Stored Information (ESI) self collection drives and kits have become popular in the last few years because they offer an affordable means of collecting electronic data for a legal matter without the need to hire in expensive forensic experts. This article covers what should be included in an ESI collection drive kit as well as some tips to ensure the collections are completed properly.
ESI Self Collection Tips and Resources
Here are a few tips to help ensure a successful ESI self collection:
1) IT Assistance –Have someone on hand with knowledge of the products, how they work and how to overcome any issues encountered. This could be an individual with the legal department, corporate IT, a forensic computer examiner, or a competent vendor.
2) Hard Drives – If the ESI self collection drive is being connected directly to a custodian PC or server, take a look at the 2.5 inch enclosed external hard drives that are powered from a USB port. If collecting data across a network, a Network Attached Storage (NAS) device should be considered.
3) Software – Require these key features from active file collection software (like SafeCopy 2 or Harvester from Pinpoint Labs):
- Preserves file timestamps and metadata – Using Windows Explorer to “drag and drop” files does not preserve critical metadata or confirm that the contents were copied exactly.
- Creates electronic chain of custody – Report(s) containing details of what happened, source and destination hash values, MAC times, where files were copied from/to and results are the audit trail required for defensibility.
- Hash verifies files – Files hashes of the source and destination are verifiable proof of a valid copy.
- No local installation – Ideally the software should run from an external device or from the network without installing anything on the host computer.
- Automated job tickets – Human involvement opens the risk of human error. Products like Harvester from Pinpoint Labs include features to automate the process with predefined work tickets.
- Filtering (Optional) – Filtering at the point of collection reduces the cost of processing the collected data. Some of the filters that can be applied at the point of collection are file types/headers, date ranges, folder names, key words, deduplication, and deNISTing.
4) Evidence Bags – Tamper-proof evidence bags provide additional security and defensibility. The following antistatic bags from Packaging Horizons (http://www.alertsecurityproducts.com/antistaticsecuritybag/index.shtml) are designed for hard drives.
5) Paper Chain of Custody –Most firms are familiar with transferring evidence and have forms already created. Include this form with the drives used in an ESI collection kit.
Larger Collection Alternatives
Putting together ESI self collection kits can save money and eliminate delay and additional costs. Harvester from Pinpoint Labs is offered at a flat rate (you own it) or per collection.
Unease with ESI Self Collections
There has been some concern over custodian self collections. Relying on untrained employees to find, and then properly collect the relevant data may present a defensibility problem. This problem is overcome easily with automation features of data collection software. These features minimize the number of human errors that can occur by minimizing the amount of employee interaction with the collection process.
What you should know
ESI self collections and kits are here to stay. They significantly reduce discovery costs, perform targeted collections, and are the modern equivalent of boxing up relevant files. However, it is critical to ensure that the process is defensible by preserving the original content, with the correct process, products, and procedures. Further assistance designing an ESI self collection kit for specific project needs, contact one of the project leaders at Pinpoint Labs.
PINPOINT LABS VIDEO PRESENTATION
This information is provided by Jon Rowe, a Certified Computer Examiner (CCE) and the President of Pinpoint Labs. Please watch the video below to learn more about affordable and defensible tools for E-Discovery collections.