By: Clint Modesitt, Manager, Digital Forensics
On April 29, 2020, Innovative Discovery hosted a webinar: Managing Mobile Collections and Other Non-Traditional Data Types. The blog post below is a summary written by Clint Modesitt, the manager of digital forensics at ID, and a panelist on the webinar.
It’s an interesting time in digital forensics and eDiscovery, as rapidly evolving technology and communication tools play a growing role in litigation and investigations.
Innovative Discovery recently hosted a webinar to discuss these trends and hear from industry experts about preparing for what’s ahead. Representatives from Innovative Discovery, Seyfarth Shaw LLP, The Sempra Energy Company, and Perkins Coie LLP talked about ever-changing and emerging technology, roadblocks, and solutions and best practices.
- Webinar title: Managing Mobile Collections and Other Non-Traditional Data Types
- Date: April 29, 2020
- Panelists: Matthew Christoff, Associate, eDiscovery Practice Group, Seyfarth Shaw; Karlene Edwards, Cybersecurity Analyst, The Sempra Energy Company; John Evans, Digital Forensics Consultant, Perkins Coie LLP; Clint Modesitt, Manager of Digital Forensics, Innovative Discovery; (Moderator) Savannah Aaron, Marketing Manager, Innovative Discovery
Ever-changing and emerging technology
New technologies are changing the nature of digital forensics and eDiscovery, and industry professionals should prepare for continued disruption. Instant messaging, blockchain, virtualization, and cloud storage are just a few of the innovations playing an increasing role in litigation and investigations.
Collaboration tools like Slack and Microsoft Teams are becoming a greater source of communication and data sharing, with less emphasis on email. Because the flow of communication across these platforms is much more fluid, more data is being collected. Conversations that used to be quick phone calls or in-person discussions are being preserved as chat exchanges. Requests are getting broader from a litigation standpoint, as firms often ask for every possible piece of relevant data that exists anywhere across an organization.
Migration to cloud based email, data storage, an collaboration is another development that has facilitated an explosion of data sharing. Providers now have the ability to make changes to software without notice to forensic examiners or even to the people using it. Traditionally, we think about custodians as having their files and their network share. Now, there are various sources of data that can be readily shared amongst custodians.
Virtualization allows an organization to really tighten down what’s being used, what data is stored and where, as well as what data isn’t being stored. It makes the collection job straightforward and simplified.
Once-disparate technologies are now merging and becoming central to cases. Historically, cases have largely dealt with laptops and desktops and data stored on them, but new technologies are catching up and coalescing on mobile devices. People want to collaborate wherever they are, and their phones are making it incredibly easy to do so. These devices have become central to eDiscovery.
The attachment to mobile devices is a key roadblock in collections. Many custodians are extremely worried about what’s happening with their data and, in particular, about the over-collection of their personal data that is irrelevant to an investigation or lawsuit. It’s important to communicate with custodians about how their data is going to be protected. Soft skills are vital in explaining the process, making the technical concepts understandable to non-technical custodians but still providing confidence in the practitioner’s expertise.
Long before any litigation, however, employees should be educated on the various policies around Bring Your Own Device (BYOD)and company-issued devices. They should be aware that even if they choose BYOD, the mobile device will be subject to litigation.
Be aware of the phenomenon of “uncollectable” data. Snapchat, Telegram, and other ephemeral messaging systems are designed with privacy and encryption in mind so that messages are either not retained or inaccessible. Companies are increasingly addressing the use of such tools through policy.
Another roadblock comes in the form of companies touting one-stop solutions for the growing number of remote headaches. Their solution may not be a defensible product. And due to the sudden shift to remote work brought about by COVID-19, we may see a large increase in those types of promises.
There is also a likely increase in requests for information from personal devices due to the pandemic. Companies may not have a BYOD policy or remote policy that allowed employees to handle data in a secure fashion but, for business continuity purposes, employees had to have access to certain data. For years to come, this issue is likely to become an additional paragraph of special language in data requests and preservation. From a forensic examiner standpoint, it’s critical to be mindful of these platforms and technologies and think about how to deal with them down the road.
Solutions and best practices
What was true yesterday is not necessarily true today and probably won’t be tomorrow. So don’t take anything for granted—adaptability is key.
As we’ve seen with the proliferation of social media and mobile devices, technologies are constantly evolving and must be approached with a mindset of the defensibility and repeatability of tools and processes. In dealing with a given technology, check to see whether it’s been dealt with internally and what scholarship may exist on the subject.
Being able to speak intelligently about what custodians are doing on their devices, if they’re using certain software, can cut down on the volume of requests. Focusing on relevant sources can save clients a significant amount of time and money.
Communication with IT teams is critical, as employees may be using applications that aren’t permitted. Custodian interviews are a great way to bring out that information.
Focus on what’s being shared, where that data is being stored, and on educating legal teams as to the types of legal holds that need to be placed on this data. Approach these issues in a way that is defensible, minimally disruptive, and safeguards privacy.
Click here to view a recording of the webinar.