Skip to main content
Find a Lawyer

eDiscovery Analysis: Pitfalls to Avoid

Having explained the techniques and tools most suited to electronic discovery projects, it is important that we address some of the common pitfalls that one can fall into.

Lack of Iterative Process

It is critical that electronic discovery be viewed as an iterative process. While the initial identification phase may have turned up five custodians of interest, a handful of keywords and concepts of interest, and a few months in which company events are of interest, analysis typically expands this set of criteria throughout the course of the investigation. Simply performing search and collection once or twice up front seldom proves sufficient, and further collections are generally warranted throughout the discovery effort. Assumptions concerning date ranges made early in the analysis phase can be wrong, in that certain key dates may have been unknown or incorrect. Assumptions made concerning keywords, phrases and concepts of interest may have been incomplete. As analysis yields results, new keywords, phrases and concepts, and in some cases new custodians of interest are added to the scope of the investigation, requiring re-searching of the original dataset (or a subset thereof).

Failure to employ an iterative process can lead to an incomplete set of evidence which could, of course, jeopardize your case.

Incorrect Understanding of Underlying Data & Metadata

When processing, analyzing and reviewing documents from a variety of data sources and representing e-mail, spreadsheets, documents, database content and the like, it is very easy to make assumptions that metadata types are consistent across all data. That simply isn't the case. For example:

  • Assumption: Assuming that blind carbon copy (bcc) information is captured, stored and searchable in all e-mail databases could lead to the assumption that all custodians are known in an investigation.
  • Fact: not all e-mail systems (i.e., Exchange) retain bcc information on stored e-mails, and therefore other mechanisms (i.e., Exchange journaling + archives) need to be employed in order to gain a complete list of custodians of interest.

 

Or looking at another example:

  • Assumption: Attempting to determine when a custodian made changes to an attachment of a Microsoft Exchange e-mail in his or her Inbox is not possible through simply looking at the "last modified" attribute on the e-mail containing the attachment.
  • Fact: The "last modified" attribute on the e-mail is triggered simply by reading an e-mail in Outlook and does not necessarily indicate a change has been made to any of the text. Accessing the "last modified" attribute on the actual attachment is required to determine when the attachment was modified.

 

Having an incorrect understanding concerning the underlying data and metadata could lead to incorrect conclusions, and is one reason you need to consult with experts in the technology (or have them in-house) in order to confirm critical assumptions up front.

Incorrect Understanding of Discovery Tools

Any time technology is used for electronic discovery purposes, understanding what is happening "behind the scenes" is critical. Operators need to understand each tool extremely well:

  • Understand its limitations;
  • Understand common issues;
  • Understand prerequisites; and
  • Understand its strengths.

 

Moreover, operators need to understand the complement of analytical tools that they are using as a whole:

  • How do the tools differ in search capabilities;
  • How do search operators with the same name function differently in different tools;
  • Which tools can co-exist on a workstation and which can't, and;
  • Understand what mechanisms for data interchange or export parity exist.

 

Failure to understand the tools in use could lead to loss of data, corruption or alteration of data, missed data, and overall risk to your case. As noted above, these issues can be greatly simplified by using an integrated analysis tool suite specifically designed for electronic discovery.

Source: EDRM (edrm.net)

Was this helpful?

Copied to clipboard