What is eDiscovery?

The steps involved in an eDiscovery process may seem quite similar to several of the steps seen in the digital forensics process. The key differences are in the way the electronic information is collected, managed, processed and presented.

Differences between eDiscovery and digital forensics

In eDiscovery, professionals collect, manage, prepare and present electronic information found on different forms of storage. Firms conducting eDiscovery services usually do not analyze the documents themselves. Their scope is often set to gather and prepare large amounts of data and supply the processed data to the appropriate parties, typically a client or legal counsel. This will allow such legal parties to conduct their own review of the documents to evaluate it for relevance to the ongoing case.

In relation to digital forensics, a digital forensics expert will use a variety of tools and methods to undergo a more thorough process to protect the integrity of the electronically stored information. The digital forensics expert is present to assist legal parties by supplying digital evidence related to their case. Another differentiator between digital forensics and eDiscovery is that digital forensics does not typically stop gathering information after all commonly visible documents are identified. Digital forensics tools and methods allow for identification of information that is normally not visible to be gathered. This includes files on the stored media that may be encrypted or deleted. With the right tools and techniques, the digital forensics expert may attempt to decrypt or reconstruct the files.

Source: https://teris.com/key-differences-between-ediscovery-and-digital-forensics/

eDiscovery process

It is possible for organizations to be specialized within the area of eDiscovery without having a deep knowledge of digital forensics. Digital forensics adds a layer of protection and verification to the process and the data involved in the process.

A standard set of steps that should be included in a thorough eDiscovery process may include:

1. Identification

   Identify all the different types of information that you may want to take into control. This includes the client-side specific information as well as possible custodians and locations where relevant information might be discovered. Collaboration with different parties may be required to access and identify all the information that you want to collect. To gain access to all the relevant data and documentation you may have to communicate with a variety of different parties. Such parties can be anywhere from large firms with dedicated IT-departments and advanced system administrators to regular non-technical people and system user.

2. Collection and preservation

   Make sure that all actions involved in your collection plan are reasonable and defendable. Upon requesting information from a firm or a person, remember to remind them to suspend any potential destruction of files and documentation, even if it extends the data beyond any set data retention policies. When deciding to move forward with the collection, you may either decide to collect the information yourself or hire another firm to perform the collection for you. Select an appropriate collection technique and log all people and locations involved in the process where information was gathered.

3. Processing and review

   Some processing may be required to view and analyze specific documents and files. The eDiscovery professional needs to take this into account when preparing the data for further review. The processing stage should be discussed with the team and involved parties in order to ensure that scope and strategy are within the limits of resources and is cost-efficient. Decide upon what methods to use in order to select search method, filtering and data quantity reduction strategy. In large quantities of data, machine learning is sometimes utilized to reduce the amount of irrelevant documents to review. The common method with machine learning is to have people select several documents known to be relevant to the case and then have an algorithm pick out documents from the remaining data set based on the initial document selection.

4. Production

   Some file formats are not available to read and review in typical computer software applications or are required to be converted or exported to readable formats. If files and documents have been converted or exported in another format for review, then the original files should be included in the delivery to allow others to perform similar extraction methods and get the same result.

5. Presentation

   Presentation of technical and detailed data may be challenging for legal professionals with limited experience with electronic information. Non-technical people can be affected by the way electronic information is presented. Making the presentation too complicated and speaking in technical terms may result in people not understanding the point at all, while a well-made presentation and interactive tools with simple explanations can be quite convincing.

Content