Collection of Potentially Relevant ESI: How to Pick the Right Option
At an eDiscovery conference last month, one of my fellow panelists shared an observation from about 15 years ago that generated a collective “wow – you used to do that?” from the audience. She shared the story of supervising professionals at her firm as they were dispatched to collect email and other electronically stored information (ESI) from one of their clients for subsequent review and production in a pending litigation matter.
I remember those days well, as many of us used to do the same thing. But how times have changed – not only because data volumes have grown exponentially but also because the computer systems that house potentially relevant ESI have become more complicated. This makes it all the easier to get it wrong when it comes to ESI collection, and few law firms handling a matter on the merits want their own employees on the line to offer testimony when something goes wrong.
I’m closing out 2017 with a series of considerations for the major steps in the Electronic Discovery Reference Model (or EDRM). So far, I’ve discussed ways to help make the identification of potentially relevant ESI successful, together with some thoughts for making sure the important task of preserving potentially relevant ESI goes well. In this continuation, I address the major options and considerations for ESI collection. For a more detailed treatment, see these collection standards as promulgated by the EDRM.
- Forensic Collection. A forensic collection is the most comprehensive “image” you can make of ESI. In a forensic collection, a sector-by-sector bit stream image of the source data is obtained. Importantly, forensic collection is your best bet when you need to recover files (or file fragments) from the deleted or “slack” space on a drive or other source. It’s also helpful in that it preserves all document and file metadata with precision. And like most other technology, the cost of conducting forensic imaging continues to come down.
- Targeted Forensic Collection. This collection option is appropriate in most litigation and other matters where access to deleted files or file fragments is not necessary. A targeted forensic collection is directed only to those active files or directories that matter, with a forensically sound copy made of both the active documents and their metadata. Absent the need for a full-blown forensic collection, targeted collections have become the gold standard in many matters.
- Non-Forensic Collection. There remain matters – either by agreement of the parties or otherwise – where simply copying ESI using features of a computer’s operating system may be appropriate. It’s important that counsel guide such collections, and when possible it’s always best to have trained IT professionals actually perform the copies. Be wary of potential metadata changes when this collection method is used. And when in doubt, take it “up a level” and consider a targeted forensic collection, just to be safe.
The eDiscovery consulting practice at Level 2 Legal welcomes the opportunity to advise attorneys, paraprofessionals, technologists, and their clients concerning all aspects of litigation readiness and the EDRM, especially including the collection of ESI and other materials.