make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

eDiscovery or Digital Forensics?

10/29/2018  |  By: Bill Dean, CCE, GCIH, GCFA, GPEN, Senior Manager

Share

Social Logo Social Logo Social Logo Social Logo

I am often asked the question, "What is the difference between electronic discovery and digital forensics?" There is often confusion between the disciplines of electronic discovery (eDiscovery) and digital forensics, but from a civil litigation perspective, the same rules apply to both. While both provide value in litigation, the differences are distinct. For starters, the pricing model is typically different. eDiscovery is often billed by the volume of data involved, and the digital forensics pricing model typically revolves around hourly rates. However, the most important difference between eDiscovery and digital forensics is who analyzes the information.

Simply defined, eDiscovery is the process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation. The digital forensics process involves identifying, preserving, collecting, analyzing, and reporting on digital information. As you can see, they are very similar until the crucial difference, the responsible party for analyzing the information. In an eDiscovery matter, the role of the expert is to provide the information to legal teams in a reviewable format for the analysis. However when leveraging digital forensics, the expert will perform the analysis of the information and report the findings to the legal teams. The party performing the analysis of the electronic information, in my opinion, is the primary differentiator between eDiscovery and digital forensics.

Since most of you are fluent in how to properly leverage eDiscovery, I will discuss additional information of interest that is provided by digital forensics:

  •  Determining timelines of computer activity
  •  Determining electronic communications outside of conventional email
  • Recovering deleted information
  • Analyzing Internet usage
  • Analyzing social network usage
  • Applications installed and executed
  • Analyzing pictures and movies
  • Peripheral device usage (USB drives, printers, etc.)

There are matters in which we find that the "hybrid approach" is most successful. In these instances, we work with legal teams to develop the strategy for the case and obtain as much information as possible. We then perform the forensic analysis of the computer activity and provide the electronic documents to legal teams for their review. In both instances, the context of the information is obviously very important. When working with digital forensic experts, the more information you provide us surrounding the litigation matter, the more value we will be to you. In digital forensic engagements, we typically ask for the complaint and any relevant depositions. Once we have completed our review of the applicable sections, we schedule a meeting with the client to determine the objectives, discuss strategy, and ask questions. The goal of digital forensic experts is to meet the objectives outlined with the digital information available. I assure you the time investment made with your expert on the front end will pay dividends as the case progresses.

In any eDiscovery matter, there is the opportunity that the need for digital forensics will arise. For example, you have received the document production, and the volume is a small fraction of what is expected. Your client provides information indicating that electronic information has been destroyed intentionally; you will now likely need digital forensics to determine if, when, and how the destruction occurred. For this reason, I always suggest choosing litigation support companies with a strong competency in both disciplines to maintain the momentum in your case. In addition, "interview" the potential experts ensuring a good fit for the case and working with your legal team.

The terms "eDiscovery" and "digital forensics" are often used interchangeably, but there are clear differences. It is my opinion that the critical difference is the analysis of the information. In an eDiscovery engagement, the legal teams review and analyze the information. In digital forensics, the expert reviews the digital information and provides the findings in an expert report. Because experts can vary greatly in experience, capabilities, and communication skills, choose the right expert carefully.    

Recent Litigation Articles of Interest

Recent Podcasts of Value

eDiscovery Case Law Links of Interest

Posted in: Security Consulting