The world of data examination has changed. With more and more of our data now being stored electronically, the ability to extract and examine this data has become a key element of legal proceedings and disputes. This data examination is commonly referred to as digital forensics and e-discovery. However, while many people think the two terms mean the same thing, this is not the case. The two services are used quite differently, and it’s important to understand the distinction.
Here at Richards Private Investigations (RPI), we specialise in many types of data examination, including both digital forensics and e-discovery. As such, we are proficient in identifying what services our clients require. Quite often, we are asked to provide an e-discovery service when what is actually needed is digital forensics work. So, here’s our quick guide to the difference between the two services:
What is Digital Forensics?
Digital Forensics is the science of performing an analysis of electronic data. This type of data examination can be performed over all manner of digital medium; hardware or software. From computers, mobile phones, tablets, and flash drives to application-specific data, cloud storage accounts, and everything in between, just about any form of data can be the subject of a digital forensics case.
In Summary: Digital Forensics is primarily an artefact-based service, finding facts and reviewing content through investigative means.
What is E-Discovery?
E-discovery (short for electronic discovery) can be summarized as the search for relevant evidence from within a set of data. E-discovery forensics involves collecting data, usually documents, and searching through that data with keywords, date restrictions, or other metrics, segregating out documents deemed relevant to the case. This type of search service is now widely used in the legal world. Clients are finding the electronic search is superior to physical eye-to-paper review, particularly in terms of accuracy and time utilization.
In Summary: E-Discovery is a solely content-based service that finds facts through directed, customized searching.
Metadata: What Role Does it Play?
Metadata is also an important topic in this conversation. Metadata is additional information about a piece of data that provides more context for that data. This might be the date a document was created, or where a document is filed, for example. Metadata plays an important role in both digital forensics and e-discovery, but for different reasons. In e-discovery, metadata provides some additional information about a file to assist in a review. While that is useful, metadata meets its actual potential when it is reviewed by an analyst through digital forensics. Metadata that is expertly analyzed and correctly interpreted can be a great boon for clients.
In Summary: Metadata review via e-discovery only provides one piece of the puzzle. However, providing the metadata to a forensic analyst often identifies and answers questions that would otherwise go unnoticed.
Data Examination: Two Examples
To clarify the difference between the types of data examination, we’ve drawn up some examples of the two services in action:
A Digital Forensics Case
Case Details:
A client suspects a recently terminated employee of committing Intellectual Property theft. The client has a laptop computer that was operated by the suspected ex-employee as evidence. We need to examine this laptop to determine whether the suspect was actually stealing company data as they departed, and if so, how and when was it taken.
Digital Forensics in Action:
We can investigate the artefacts on the laptop to obtain the required information. Here digital forensics would be able to provide evidence regarding connected USB devices, files accessed by users, cloud storage usage, email communications, and any other methods that data could have been taken from that laptop. In addition, an analysis of deleted data, installed applications and Operating System integrity would also be performed. This would provide any evidence of track-covering behaviour.
For further information: Do You Suspect Employees of Data or IP Theft?
An E-Discovery Case
Case Details:
A lawyer has 500,000 emails from their client on file. We need to comb through all these emails to gather only emails relevant to the case. In addition, we also need to identify any privileged or confidential emails, as this data has been requested by opposing counsel for review during discovery.
E-Discovery in Action:
It’s time to get to grips with the content. The particular artefacts are not as much of a concern during this phase of the case, and 500,000 emails contain far too much for data to review manually. In order to cut down the number of emails to be reviewed, the e-discovery process generates a keyword list with accurate, relevant, and concise terms and phrases to apply against the data. This technique will also quickly categorize the emails for easy identification.
Data Forensics or E-Discovery? How to Choose the Right Service
It’s clear that digital forensics and e-discovery are quite different in their approach and methods. However, they both play an important role in the effective review of data and the two services can be utilised in combination to provide a complete picture. Digital forensics will provide useful insight from the artefacts that are generated by various sources of data, whether that is a laptop, mobile phone, or even individual documents. E-discovery offers an accurate and repeatable method for isolating relevant data. Both services give crucial insights into data examination. Here at Richards Private Investigations (RPI), we’re ready to advise you on which service best suits your needs.
Richard Musaazi
Digital Forensics Investigator
www.richardspi.com
Do you have a story in your community or an opinion to share with us: Email us at editorial@watchdoguganda.com
