Share on facebook Share on linkedin Introducing Data Subject Access Requests In a year of pushing the definition of agile to
Forensic Data Collection – a case study
Learn more about my personal experience collecting data from six custodians from a multiple number of devices and sources.
A multi-million pound family legal dispute that ended up in the high court, required my professional services. At the time, I was a Forensic Consultant for the UK operation of an American eDiscovery Technology services company. We had been engaged by the law firm, who were acting on acting on the family’s behalf. The disclosure of data was required as part of the proceedings, in one of London’s High Courts.
Understanding the expanse of the data to be collected
In disclosure requests like this, parties are legally obliged to present data, relevant to the case, to the court. Traditionally, this would have been paper copies of documents, classed as evidence. However since the turn of the 21st century, as technology has moved forward, this documentary evidence is predominantly in Electronic format. E-documents, primarily emails, word processed and scanned PDF documents, form part of an ‘e-Disclosure’.
In this case, the data needed to be collected from electronic sources. In order to this accurately, a scope of the data was defined including the people involved (called the custodians of the data) and the relevant period of dates. In addition, sometimes a timeline of communications is required, i.e. ‘who said what to whom’. The scope can also be narrowed further by using keywords.
In the trial that I was engaged in, this involved six custodians with a multiple of devices used, over several years.
These data sources were a mixture of Skype chat messages; emails, including online Gmail and Hotmail accounts;, loose documents, including Word documents, Excel spreadsheets and PowerPoint presentations, and photos.
The devices that the data were on included laptops, desktops (Windows and Apple operating systems), company network locations and mobile phones, ranging from smartphones through to 1st generation Nokias.
Each data source, on each device, for each custodian needed to be collected. Each collection creates a point in time, a piece of digital forensic evidence that can be used defensibly. In the next part of my blog , I will outline the technology and processes used to collect the data. The data collection process …..