June 4, 2008
Overview of Litigation Support Services American Document Management has over 14 years of litigation support experience in dealing with large document productions. The process of scanning, coding and having the ability to search and retrieve those documents is a complex one, we have tried to simplify the process in this overview to make the services offered more understandable.
Documents are received from the client and logged into our repository. Each box is bar coded, for tracking purposes, and then logged in and out of the repository to accomplish each step of the production process (we can provide you with a chain of custody on each box through the use of our internal tracking software).
The Production Process:
1. Documents are Bates numbered. (manually, or electronically)
2. AmDoc preps the documents (unstaple or remove binding elements) using prep sheets to indicate parent/child relationships.
3. Documents are scanned.
4. Text conversion (Optical Character Recognition or
OCR) is done if required.
5. Objective coding at an appropriate level is done. As little
as two or as many as 100 different types of information are
extracted from each document, based upon case
parameters. Examples of coding fields include:
• Bates beginning and ending numbers
• Document Type
• Document Date
• Title/Re Line
• Recipient(s) and CC/BCC
6. AmDoc Quality Checks each step to ensure best quality and accuracy.
7. AmDoc loads the documents onto a CD-Rom in the appropriate litigation database for your easy search and retrieval.
8. AmDoc also has Internet accessible electronic repositories available, which eliminate the need for software and hardware altogether.
May 28, 2008
By Karen Unger, President/CEO, American Document Management
Electronic discovery involves critical decisions that need to be made immediately. Working with electronic data is much more cumbersome than working with paper documents. The sheer volume is much greater. In addition, electronic files exist in multiple versions on many computers, so the incidence of duplication and near duplication is considerable. Electronic files are much more persistent than their paper counterparts – deleting a file doesn’t really eliminate it in the electronic world.
Electronic files contain additional information in the form of metadata. This “information about the information” categorizes each electronic file and may include the author’s name, file creation date, application in which it was created, and the last time it was accessed or printed. Each application maintains unique metadata.
Electronic files exist on many different devices and migrate from one device to another. A file created on a computer may be sent to a cell phone. A photo taken by a digital camera might end up on a laptop, a company server or the entire internet. Information kept in a GPS system or a company’s voice mail may be downloaded to a computer.
Today’s explosion of electronic data requires legal professionals to expand their knowledge on handling electronic discovery. Key decisions must be made quickly in order to ensure the correct preservation and collection of evidence.
The following questions need immediate answers:
If email is a critical component, does any key person maintain internet email accounts?
Providers of internet email accounts, such as AOL, Bell South, and Comcast, retain their email logs no longer than 30 days. The sheer volume of transactions for large email providers prohibits the storage of massive amounts of mail files. If a case has the potential requirement to explore email from internet accounts, the legal team needs to expeditiously request the records. In rare cases fragments of internet email may be recovered forensically from a hard drive.
Is there any chance illegal activity may be discovered?
Many cases involving electronic data uncover wrong-doings. These situations may involve a member of the Technology Department or a highly technical employee.
In these cases, the first inclination is to terminate the employee(s) involved and determine the extent of any damage prior to notifying law enforcement agencies.
Both of these may be exactly the WRONG thing to do.
If the wrong-doing is by a technical person, there is a chance that the individual is the only person who knows how to access the files, find the problem or fix it. This is often the person who knows the passwords for mission critical applications. The technical employee usually has the ability to work and access company files remotely. Unless such access is eliminated prior to the employee’s termination, it is a simple matter for a disgruntled employee to access the network and do great damage!
A better solution is to restrict the employee’s complete access privileges, both local and remote. The employee is then notified of management’s knowledge of the situation, and given an opportunity to cooperate to minimize the damage.
If the situation involves criminal matters, especially if financial or medical records have been compromised, a good decision is to involve law enforcement as early as possible. Electronic criminals frequently disappear and destroy all evidence of their activities.
Many local agencies have digital forensics teams. Both the United States Secret Service and the Federal Bureau of Investigation, have task forces specializing in investigating high tech crimes. An added benefit to federal notification for public companies is that any shareholder notifications may be delayed if the situation involves an ongoing federal investigation.
Is it possible that deleted or hidden files may play an important role in this case?
There are three ways to collect electronic files for discovery: Forensically, Semi-Forensically and Non-Forensically.
For some matters, the CONTENT of electronic documents is all that matters. The CONTEXT of the files – who created them, how they are kept, how they have been accessed, if they have been changed or deleted – is not as important.
For other cases, contextual information, including finding deleted files, is vital and requires a forensic collection. This includes (a) ensuring legal search authority of the data; (b) documenting chain of custody; (c) creating a forensic copy using validated forensic tools that create hash records; (d) utilizing repeatable processes to examine and analyze the data; and, (e) creating a scientific report of any findings.
Determining the value of electronic forensic file collection must be done prior to any data being captured. Once semi- or non-forensic methods have been utilized, it is impossible to return to the original state.
Are back-up tapes part of an active collection?
Some cases involve historical issues making the method of handling computer backups important to address immediately.
Most businesses utilize a schedule of rotating their back-up media. One example involves a four week rotation: Daily backups are done for a week, and then those tapes (or drives) are taken off-site for storage. A new set of media is used for week 2, 3 and 4 and then those are stored off-site. Then, on week 5, the tapes/drives from week 1 are re-used. This process is done for financial reasons and is extremely cost efficient.
Back-up tapes may become part of active information required to be kept under a litigation hold. This requires cessation of any rotation schedule and under the new Federal Rules of Evidence; it becomes critical for the legal team to convey that information to the technology employees responsible for business continuity processes.
Because of the volume of information available in even the smallest of collections, it becomes necessary to manage the process to control time and budget.
Who are the key people?
The people important to a case should be identified. These key individuals include not only executives, but also assistants and other support personnel from the technology, accounting, sales and marketing, operations and human resources departments.
Where are the files located?
All of the potential locations of electronic evidence should be identified. These include home computers and all computers which a key person would use elsewhere (such as a girlfriend or boyfriend’s home); cell phones, PDAs or Blackberries and any other digital device which might be used. It is important to note that MP3 players, such as IPODs, can also be used to store documents or important files.
How should the collection be culled down?
There are methods to limit the number of files collected. This may include limiting files to certain date ranges or to those that include key words or terms. This can be done either before or after an entire hard drive is collected forensically. “Known File Filtering” can also reduce the collection by removing standard application files common to all computers (such as the Microsoft Windows® logo file).
How should password protected/encrypted files be handled?
Encrypted files cannot be processed until the encryption is broken. In some instances, files with exact or similar names may be available without passwords or encryption. File locations may also provide information about the value decryptions provide. Decryption may require significant time to perform.
One important hint: sometimes the easiest way to get a password is to ask for it. That should be the first step in decryption techniques. Sometimes the use of a subpoena will produce the password.
How should duplicate and near-duplicate documents be handled?
Electronic file collections almost always include duplicates. Multiple individuals may have the same email, with the same attachments. Two or more people may have reviewed key documents, saving them on their hard drives during the process.
In processing electronic collections, it is possible to identify exact duplicate files thus limiting the number of documents that require review. Exact duplicate identification is usually performed during the phase in which the metadata is identified and extracted from the files. “De-Duping” the collection will minimally delay the processing.
Exact duplicates are exactly that – exact. If anything, including formatting, such as a change of font, changes within a document, it is no longer an exact duplicate.
A more significant portion of any collection will be “near duplicates.” This includes files that have been significantly altered, or contain only a portion of the main document. For some projects, the sheer file volume requires that near duplicates be identified and reviewed as a group. This significantly reduces review time and costs when compared to traditional linear review.
Identifying near duplicates requires comparing each document to every other document or utilization of sophisticated software applications requiring additional processing time. This technology increases consistency of review categories, reducing the chance of near duplicate documents being identified as both privileged and non-privileged.
What form should the collection take?
The new Federal Rules of Evidence state that the parties will meet and determine the format in which they wish to receive electronic evidence. In the absence of an agreement, the format will be that “in which it is ordinarily maintained” or in “reasonably usable” format.
The choices a legal team has includes whether each side prefers to receive the electronic evidence in native file format, converted to TIF or PDF or some other form. Often, this will depend upon the team’s standard review system. Most law firms and corporate counsel offices utilize Concordance®, Summation®, iCONECT®or other litigation review system. These systems handle both native files and converted files, with or without associated metadata and full text.
There are pros and cons for both options. Native files with extracted metadata, reflect the exact original file; however, cannot be Bates labeled, and are subject to inadvertent change to the original file.
Converting native files to TIF and PDFs is time consuming, and is the most expensive task in electronic discovery. Since 60% to 80% of the files in a collection may be non-responsive or irrelevant, both the time and finances expended in conversion may be counter-productive.
The best compromise involves receiving files in native format, reviewing the files for relevancy, and choosing only those files which may be produced or utilized extensively for conversion to image format.
Making the Right Choices
Making the correct choice in electronic discovery is never an exact science. Every case presents unique circumstances and knowing the available options and ramifications of each results in the best possible outcomes for your clients.
May 21, 2008
The following components, compiled by the Florida Department of Management Services, is a list ofpractices that could help your company on the road to better information security.
Although you cannot make it completely immune to attacks, there are ways to improve the overall security of your system to make it less vulnerable–CERT Coordination Center, Carnegie Mellon University
1.Identify your risks:
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.
2. Get the CEO involved:
Good security has to start from the top, with executives who help create a corporate culture that values security.
3. Put someone in charge:
Security is a complex job, so make sure someone is in charge of coordinating security efforts.
4.Develop and implement a security policy:
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.
5.Educate employees and raise awareness:
Make security awareness an ongoing project. Employees need to understand why their role is so critical.
6. Have a security audit done:
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.
7. Incorporate physical security into the plan:
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.
8. Remember internal threats:
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.
9. Stay tuned in:
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.
10. Prepare for the worst:
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.
May 15, 2008
At the heart of any legal undertaking is the mass amounts of data that legal professionals need to perform their jobs. The demanding task of acquiring and organizing data requires a high level of organizational ability and a painstaking attention to detail. Furthermore, today’s documents are increasingly created and stored in electronic format which means that litigation support professionals must develop technical skills and knowledge.
The legal system runs on information. Any law suit or court case involves a veritable sea of documentation ranging from witness statements to affidavits to any documents that can be applied as evidence. As a result, the legal system demands impeccable documentation with accuracy, security, integrity, speed and efficiency. The management of this rigorous process is known as litigation support. Litigation support can be defined as any operation involving human and mechanical systems to process information for use by attorneys or expert consultants in preparation for a lawsuit or a trial. This is an especially demanding task in these high-tech times.
Nowadays, a major part of such documentation is likely to be in electronic form and stored on a computer system. The retrieval and authentication of such digital documents is a field in itself and one of vital importance in a successful legal undertaking. What’s more, paper documents also have to be scanned and stored in digital format. This allows for easy access to all concerned parties. It’s a process that demands impeccable organization and supervision. Documents have to be tagged, indexed and stored in document management centers in a way that they’re instantly retrievable. Clearly individuals working in this field have to be skilled in both technology and law.
The challenges of dealing with digital media are many. For instance, there are large volumes of data and each electronic document may have many copies or exist in several versions or several locations. Also electronic data is much more volatile than hard copy and may require special handling. Moreover, the data may be concealed or encrypted which demands special expertise.
Litigation support firms not only offer procedures such as scanning, imaging, and indexing of documents, but may also provide such sophisticated services as electronic discovery and computer forensics. These two services have a different philosophy about capture and processing procedures, software applications, and at times may require special time, effort, and financial resources for processing data.
Forensic investigations involves recovering hidden, damaged or corrupted files and is often used when a crime is committed, to audit a computer and if your collection may be challenged in court by opposing. Therefore, deciphering decrypted password-protected or encrypted files, as well as recovering emails, deleted chat data and other forms of hidden electronic communication employ computer forensics techniques.
The legal system depends on accurate and documented information in order to function. As more data is stored in digital format and with data security being of grave concern to corporate America it is essential to have technically skilled professionals take charge of the electronic discovery and computer forensic task.
American Document Management (AmDoc) provides clients with solutions to their document management challenges.
e-Forensics: Critical Steps in Capturing Legally Defensible e-Data
e-Forensics is the application of electronic investigation to uncover information that is not readily available or viewable to the average user. These deleted or hidden files can often contain vital electronic information that is important to your case, but identifying it is like searching for the proverbial needle in a haystack.
- Document chain of evidence to ensure your electronic evidence is admissible
- Identify the scientific methods used in capturing electronic data
- Gain knowledge of the latest technology used in e-Forensics
Electronic Discovery is part of the much larger litigation discovery phase which includes that of paper documents and information stored electronically. According to the Sedona Principles for Electronic Document Production, Electronic discovery is the process just like that of paper documents, of managing for litigation those documents and data that exist in a medium that can only be accessed through the use of a computer. Electronic format is most often thought of as computer files. However, electronic data also includes email, word processing documents, spreadsheets, presentation files, databases, computer design drawings (CAD), accounting files, some forms of medical records, and other types of computer records.
Furthermore, electronic data encompasses information contained on CDs, DVD and other forms of media, including the information that is stored on cell phones, MP3 players, removable hard drives, “”thumb”" drives, digital cameras or any device that stores data. Voice mail systems that store messages on hard drives are considered electronic data. Devices that are sometimes forgotten include internet cameras and navigation systems contained in cars. Quite frankly, any information that is recorded on any type of electronic media has the possibility of becoming evidence in a case that involves “”electronic discovery.”"
The volume of electronic documents is greater than has been encountered in paper format. Nonetheless, these e- documents must be reviewed and produced. It is important to establish new methods of review, or the volume will bog down the legal team.
Electronic documents are highly duplicative. For example, an e-mail sent to you by a co-worker may reside on your company’s server, the back-up tapes, and on your computer.
- Larger Volumes of Data
- High Level of Duplicity
- Data is Stored in a Volatile State (Spoliation)
- Not all Data is Easily Accessible
- Special Expertise Required to Retrieve
- Certain Types of Data
- Unallocated/Slack Space
- Encrypted/Password Protected
- Tape backups
Electronic data is also stored in a volatile state. Thus, merely opening the data will change the meta data for that document. This in turn creates a high risk for spoliation of electronically stored data. Finally, not all data is easily accessible to the average user therefore, individuals must have special expertise and training to locate data that may be hidden, located in slack space, encrypted or located in back-up tapes.
American Document Management
American Document Management (http://AmDoc.com) specializes in the electronic management, discovery and retrieval of business documents. Our mission is to provide clients with the highest quality, most effective methods that enable them to access, share and manage their documents, whether they are in paper or electronic format.
May 7, 2008
This blog is design to be a resource about the document management industry, as well as in-depth information about American Document Management (AmDoc).