eDiscovery

Discovery is the legal process that controls the production of evidence in litigation and related proceedings. It is the legal procedure that controls obligations to produce and rights to obtain relevant information in state and federal courts, arbitrations, investigations, and other means of fact finding in dispute resolution.

Traditionally, discovery took the form of recorded interviews, interrogations, testimony, or physical items such as a defective product, medical records, or a weapon used in a crime. However, it is useful to distinguish electronic records from other forms of discovery using the term eDiscovery since the entire discovery process is increasingly centered on electronically stored information (ESI).

Examples of ESI that might be considered legal eDiscovery are emails, documents CAD/CAM files, databases, image files, instant messaging chats from Slack and other platforms, websites, and any other relevant electronic information. The eDiscovery process also includes metadata and raw data which may include evidence forensic investigators can reveal. 

In legal disputes, parties once exchanged mountains of paper documents. Now, the focus has shifted to Electronically Stored Information (ESI), also known as eDiscovery. This process involves identifying, collecting, and producing electronic information for legal cases, covering data from laptops, cloud apps, databases, social media, and more.

ESI presents unique challenges. Digital data can be easily altered, and it often contains hidden metadata that requires forensic expertise to analyze. Furthermore, the sheer volume of ESI is massive. While hundreds of boxes of paper documents were once considered excessive, a single digital storage device can hold the equivalent of tens of thousands of boxes, often containing millions of emails, chats, and other digital files.

Without a strong eDiscovery plan, businesses face significant risks:

• Legal Penalties: Mishandling electronic evidence can lead to hefty fines, case dismissal, or adverse inference rulings, where courts assume the missing data was harmful to your case.

• Reputational Damage: Public eDiscovery failures can erode customer trust and tarnish your brand's reputation.

• Data Loss: Without automated legal holds, crucial data can be accidentally or intentionally deleted, leading to accusations of evidence tampering.

• Operational Strain: A last-minute, reactive approach to eDiscovery diverts IT and legal teams from their core responsibilities, disrupting business operations.

• High Costs: Manual data collection, processing, and review are incredibly expensive and inefficient, causing costs to spiral quickly.

A solid eDiscovery strategy is essential to protect your organization legally, financially, and operationally.

The Electronic Discovery Reference Model (EDRM) has provided the foundation for the eDiscovery process since 2005. Nine eDiscovery stages comprise the EDRM, connected in sequence. (Not every eDiscovery process follows every step, but the EDRM is still a useful reference.)

The first four stages concern the information collection and preservation functions:

Information governance. Information governance focuses on ESI management from initial creation through final disposition with the reduction of eDiscovery costs in advance of litigation as the goal.

Identification. In this stage, the team identifies the project’s technical issues and potential scope to begin to identify relevant evidence. The focus is on locating potential sources of ESI, custodians and locations of discoverable evidence, and the volume of potentially discoverable data.

Preservation. In the course of routine business, ESI is frequently deleted, but deleting potentially discoverable information may be spoliation—sometimes a sanctionable offense. Proper preservation of ESI that is discoverable for litigation ensures evidence is not destroyed or altered.

Collection. Similarly, despite the challenges, it is essential to avoid altering evidence by collecting ESI in a forensically sound manner.

The remaining stages deal with the data analysis and presentation side of things:

Processing. ESI may be converted to formats that are more easily reviewed yet forensically secure. Meanwhile, the native documents can be subject to forensic analysis and preserved.

Review. Relevant evidence must be available for review by parties while privileged information remains protected against accidental production.

Analysis. Attorneys must provide context for ESI and its content with their analysis, identifying key custodians, discussions, patterns, and subjects.

Production. ESI must be produced to the right parties in the correct formats, whether it be electronic production or via disks or hard drives.

Presentation. A relatively small proportion of ESI is ultimately produced in a hearing, deposition, or trial, and the parties must present this relevant evidence effectively. How ESI is presented can persuade, demonstrate key facts, or bolster witness testimony.

As a larger legal process, eDiscovery spans the time any type of legal conflict, including a lawsuit, complaint, or administrative hearing, is foreseeable, to the time parties to such a conflict present the digital evidence. At a higher level, there are three basic parts to the eDiscovery collection and review process:

Attorneys, government agents, auditors, managers, or others identify potential conflicts and relevant data. A legal team places the information that is in fact relevant on legal hold, subject to conditions consistent with goals for security and preservation.

Next comes negotiation, which determines the scope of eDiscovery. Obviously all parties have a hand in this part of the process, as legal teams identify the relevant ESI, challenge eDiscovery requests they find irrelevant, and make eDiscovery requests of their own. Typically, parties can negotiate and agree on search parameters for evidence and relevance to ensure the eDiscovery process is streamlined.

Finally, the legal teams and their experts extract and analyze the relevant evidence using digital forensic procedures. Experts may use machine learning, predictive coding, computer assisted review, and other techniques to identify trends and patterns and conduct deeper levels of analysis. After they review and produce their evidence, they will convert it into a useful format for court or an agency setting, such as PDF or TIFF.

eDiscovery involves identifying, preserving, collecting, processing, reviewing, and producing electronically stored information (ESI). The types of ESI that eDiscovery handles are vast and include:

• Structured data: Such as information found in databases and spreadsheets.
• Unstructured data: Like documents, emails, voicemails, instant messages (IMs), and text messages.
• System and forensic data: Including file fragments and file metadata.
• Multimedia: This covers digital diagrams, images, and video files.

This diverse ESI can reside on nearly any electronic medium. This includes traditional storage like back-up tapes, hard disk drives (HDD), and solid-state drives (SSD), as well as modern solutions like cloud storage and network storage (NAS or file servers). It also extends to portable devices such as flash drives, thumb drives, mobile phones, PDAs, iPods, game consoles, and optical disks like CDs and DVDs.

Although some level of analysis is certainly part of advanced eDiscovery, digital forensics is its own analysis-driven investigative process. Digital forensics involves identifying, collecting, reviewing, preserving, analyzing, and presenting digital information to answer specific questions in civil litigations, criminal prosecutions, employment law cases, family law cases, and particularly in fraud investigations, white-collar criminal investigations, and any other legal case that relies heavily on documentary evidence.

Experts in eDiscovery digital forensics can often:

• analyze internet or social network usage and peripheral device usage such as printers, USB drives, etc.
• analyze movies, images, and other media
• determine electronic communications outside standard channels
• determine timelines of computer activity
• install and execute applications
• recover deleted information and detect alterations

During the eDiscovery process, massive amounts of data are transferred and stored. In some proceedings, digital forensics can achieve a deeper view of the data, including hidden data and deleted files found by a forensic specialist.

An expert can identify the possible data that exists, find a way to retrieve it, and then testify about the process to ensure the evidence is admissible. The forensic expert creates an exact copy of the data to work with so that the information is preserved. This protects the chain of custody and data integrity.

ESI is here to stay, and while each proceeding is unique, eDiscovery responsibilities under the rules remain consistent. Creating a defined process for managing eDiscovery and compliance, using advanced eDiscovery platforms and tools is the best way to protect against sanctions and achieve positive outcomes.

These kinds of eDiscovery solutions are also more cost-effective. Although an hourly employee may have a lower rate for reviewing case-related ESI manually, the approach is cumbersome, lengthy, and error-prone, ultimately costing more.

In contrast, a comprehensive eDiscovery software solution enables parties to expedite the process significantly while improving accuracy—and increasing actionable findings.

An eDiscovery service should achieve several goals:

Redaction. Redactions are essential to eDiscovery review to prevent sharing of privileged information. Manual redactions are costly, prone to error, and slow, so auto-redaction capabilities with version history features are desirable in an eDiscovery solution. This way, the legal team retains a trail of all redactions made by all users, and the original document content remains preserved and searchable.

Proactive collection. eDiscovery tools that allow for proactive user data collection and preservation across various endpoints and applications enable a more targeted result, allowing for massive savings at both the collection and review stages.

Advanced search. This is another area where eDiscovery tools really stand out. Approximately 80 percent of discovery costs accumulate during review, mostly due to the need to hone in on specific topics, search parameters, keywords, or mentions in ESI material across all devices, users, and storage locations. Advanced search functions in eDiscovery solutions enabled by robust tagging and metadata search allow the eDiscovery team to cull the amount of data that must be reviewed by a significant amount, making review  much faster and driving down review costs. Look for eDiscovery tools that allow you to cull data by file, date range, run multilingual eDiscovery queries, and access deleted files and their data for analysis and processing.

Annotation features. Many members of the legal team may review various documents, which risks data siloing or sidetracking parts of the project. Annotation features can help centralize information for reference and structure the review collaboration.

Chain of custody reporting. To ensure compliance with Department of Justice and EDRM requirements, the best eDiscovery software and tools use chain of custody reporting and extended metadata and file fingerprinting. This guarantees data authenticity and the party’s ability to meet defensibility requirements.

Ease of sharing. After review files must be shared, and this requires merging and converting documents into certain file formats. Manually this is time-consuming, so eDiscovery solutions with easy document conversion tools are preferable. Also look for the ability to share data with other eDiscovery providers without exporting, including cloud to cloud.

eDiscovery costs spike for businesses as the volume of ESI they collect and analyze grows, because most eDiscovery services, tools, and platforms charge by data volume. Without a collection strategy or better tools for analysis in place, over-collection of data, missed information, and overspending on data analysis are all problematic.

Collecting ESI via traditional eDiscovery methods demands excessive time, effort, and money. Data siloing between IT, desktop administrators, SaaS apps, forensics, legal, and other teams reduces employee productivity.

Druva offers a one-click legal hold feature that allows IT and legal teams to place holds on relevant data quickly and securely without disrupting user activity. This silent preservation ensures that data is preserved in its original state without alerting users, minimizing risk of tampering or spoliation. 

The platform also provides comprehensive chain of custody reporting and tamper-proof audit trails to uphold data integrity throughout the legal process. By automating these tasks, Druva reduces administrative overhead and speeds up response times to legal inquiries. 

Request a free demo! 

Key Benefits of Druva’s eDiscovery Solution

Reduced Costs: Automated data collection and proactive legal hold management significantly lower data collection and downstream review expenses by minimizing the volume of data processed.

Increased Productivity: Simplifies legal hold and data preservation processes through automation and easy-to-use interfaces, reducing reliance on specialized investigative teams.

Forensic Readiness: Captures detailed metadata with full audit trails and maintains chain of custody to ensure data authenticity and compliance with legal standards.

Streamlined Compliance: Policy-based automation helps organizations maintain compliance with key regulations, enabling defensible deletion and comprehensive monitoring.

Single Source of Truth: Consolidates data from endpoints, cloud apps, and SaaS platforms into a unified repository, simplifying search and data management.

Faster Legal Response: Enables quick identification and preservation of relevant data with federated search capabilities across multiple data sources.

Druva eDiscovery Solution - How It Works

1. Capture Data: Collect user data non-intrusively.

2. Federated Search: Search across all end-user data sources.

3. Data Exposure: Make legally held data accessible for eDiscovery systems.

4. Review Access: Enable network-based ingestion and review of data.

5. Ensure Integrity: Maintain strong data integrity throughout the process.

Avoid the financial and legal risks of outdated eDiscovery processes. With Druva's modern, cloud-native eDiscovery solution, you can turn a costly, reactive task into an efficient and defensible approach. Protect your data, reputation, and budget while simplifying compliance and security. Get started with Druva's eDiscovery solutions today

Speed Up Legal Hold with eDiscovery. Cut data collection costs by 50% and simplify legal hold.

Start Your Free Tour Today!

1. What is Druva’s eDiscovery & Legal Hold solution?

Druva’s eDiscovery & Legal Hold solution helps organizations streamline legal hold management, reduce data collection costs, and minimize risks of data spoliation by securely preserving and managing data across endpoints and cloud applications.

2. How does Druva reduce the cost and complexity of eDiscovery?

Druva provides a single source of truth for enterprise data, eliminating the need to collect data from multiple silos. It automates legal hold processes, enables pre-culled data to minimize downstream review, and integrates with popular eDiscovery platforms, reducing time and expenses.

3. How does Druva ensure the authenticity and integrity of data under legal hold?

Druva captures extended metadata, maintains full audit trails, fingerprints data for authenticity, and preserves chain of custody according to DOJ and EDRM guidelines. This prevents tampering and ensures compliance with legal requirements.

4. Can Druva preserve data in place without moving it?

Yes. Druva allows IT teams to quickly identify relevant assets via federated search and place legal holds securely on stored data across users, devices, and locations without needing to move or duplicate data unnecessarily.

5. Does Druva integrate with other eDiscovery or security platforms?

Yes. Druva integrates seamlessly with Exterro’s eDiscovery software platform and various security integrations, enabling legal and IT teams to manage legal holds efficiently while maintaining data security and compliance.