Electronically stored information (ESI) is information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software. The goal, during discovery, is to preserve it as evidence in its most original form. As technology has advanced, and we all use and depend on digital devices in our daily lives, ESI will almost certainly be a part of any criminal or civil case. Traditionally, discovery has included written documents, testimony, and other information that may be deemed necessary for litigation. As our society becomes more technologically advanced, the information produced during discovery also becomes more advanced, and this has led to the introduction of digital forensics and electronic-discovery to the discovery process.
So, what does a digital forensics investigation entail? Its primary purpose is to locate, recover, store, and investigate data, even deleted data, and media found on digital devices to reconstruct past events. The analysis of such media and data is typically used to prove or disprove theories and accusations in a legal setting. It may also be used to track down potential suspects and criminal activity. Investigators can use the data to determine someone’s whereabouts at a given time, or even to authenticate documents.
The information can be found in e-mails, voicemails, instant messages, social media, online documents, computer searches, downloads, spreadsheets, databases, file fragments, metadata, digital images, digital diagrams, and any other electronic information that may be stored on hard drives, thumb drives, computers, cell phones, tablets, backup tapes, optical disks, or any other media storage device, even old devices like floppy disks.
One of the most pressing issues related to e-discovery and electronically stored information is the fact that electronic documents are much easier to alter than paper documents, and changes to electronic documents can be done without leaving an outward visible sign of the alteration. Since data can be deliberately changed in numerous ways, detection of those modifications often requires a digital forensic expert. Preservation of ESI and hiring a digital forensic specialist who can communicate effectively with attorneys litigating the case, have become a growing concern in any lawsuit. Other issues may arise when a case involves ESI. The electronically stored files can become corrupted, the hard-drives that store the information may crash, users may accidentally or deliberately delete or overwrite a file, and document retention policies may not preserve data long enough. If any of these issues appear, the discovery process inevitably becomes more complex, time consuming and expensive.
As mentioned earlier, e-discovery and ESI have become an integral part of most litigation. Whether the case involves a divorced couple checking the spouse’s instant message history and photographs, an employer scanning an employee’s internal and external uses of the business’ computers and email system, or a prosecutor demanding a list of EZ-Pass access points in order to find out where a criminal has traveled, obtaining ESI during discovery has become relevant in litigating almost any kind of matter.
The process is the most important and critical element to a digital forensics investigation. Experts must take care to accurately preserve and store any information so that is admissible in court. The digital forensic process usually consists of three stages:
Any data seized from devices must be replicated exactly. This is typically done with forensic imaging. This process creates a read-only image of all the files and leftover space from the hard drive. The result is essentially a mirror image of the hard drive. The original data cannot be modified from this point to ensure the accuracy of the findings. The data is then analyzed using a number of tools and methods to recover evidence. That evidence is reconstructed to recreate actions and to reach conclusions. When the investigation is completed, a written report is created regarding the findings.
Your legal team should, of course, include qualified, experienced attorneys. But, don’t neglect to include a trained and certified digital forensics expert. Your expert should have both legal expertise and technical knowledge. This means you’ll need someone who can do more than just extract data. Your digital forensic expert should also be able to analyze the data collected, provide proof that any ESI has not changed since production, and create well-constructed court reports.
Your consultant may also serve as an expert witness in court so look for a credible person with professional associations. Ask about the tools used for data extraction, transfer, and analysis. Your expert must use admissible methods and tools. Software tools like Cellebrite can even find malware, spying applications or hacking on your devices.
Prudential Associates was founded by former Army Intelligence Officer Robert Miller in 1972, who began serving the local legal community as an investigative, surveillance, and intelligence resource.
Prudential Associates has expanded its service footprint geographically and added over 70 extremely valuable staff members and experts; our consulting and service operations have taken place in thousands of locations on nearly every continent. To date we have achieved recognition as the premier resource for clients in sectors such as: television and movie production; maritime services and shipping; large event/concert planning & security; pharmaceutical production; shipping and logistics; human capital management; and, perhaps most notably, in the legal service industry, given our highly distinguished investigative, surveillance, and digital forensics expertise.
Our in-house computer and cell phone forensics lab rivals or exceeds the capabilities of over 90% of the law enforcement labs in the United States, as well as over 99% of those overseas.
For a greater insight into our experience, expertise, and operational history, please see our Corporate Resume.