subject: Esi Discovery [print this page] Electronic discovery is any procedure in which electronic and/or some other non-paper forms of data is sought, with the purpose of using the data for evidence in some civil or criminal legal case. The electronic data can be mechanical, electrical, wireless, magnetic, optical, etc. The information may be stored on a hard drive, compact disc, flash drive, digital video disc (DVD), or with some other method or technology. My articles are my opinions and are not, legal advice. I'm a judgment broker, and not an attorney. If you ever want a strategy to use or legal advice, please contact an attorney.
Stored data which might be discoverable is called Electronically Stored Information (ESI). The ability to completely destroy or delete ESI gets reduced when data is backed up either on or offsite. Totally deleting data isn't a trivial task, because the basic concept of deleting a file is to remove its first file number/letter designation and make that disk space available for another file. Until the specific file location gets overwritten, the deleted file still is recoverable and accessible.
Today's computer operating systems usually will offer to "securely" delete files, yet this isn't foolproof. Commercially available scrubbing programs do more than just remove data files, they overwrite the data file areas many times with random characters, so that the deleted data file gets "scrubbed clean".
However, the only "foolproof" way of permanently removing saved information is to destroy physically every hard drive or other storage device or system, that the data file has ever been stored. Physical destruction of a computer or device data can include at least one action to destroy the media the data file resides on; including shredding the media, burning or melting the media, liberal use of a big hammer, degaussing, etc. If the file has ever been sent over the internet, it may never be totally removed.
Discovery of electronically stored info (ESI) may be done onsite, off-site, online or offline. With civil cases, most info available offsite and off-line is obtained through the use of a Subpoena Duces Tecum (SDT).
The data that may be asked for with SDTs is usually within the scope of Federal Rules of Civil Procedure (FRCP) 34(a). If SDTs demand things(s) and documents(s) which aren't stored on paper, care must still be taken to insure the data stays accessible, usable, and admissible in the court. The defendant or witness is most often compelled to disclose the format of the ESI, and any needed passwords, to allow the data to be examined by an agent of the court when the court specifies.
Whether civil or criminal, either in matters of malware or trade secrets, or when all other data-related evidence is required; the electronically stored info (ESI) must be secured. The handling of ESI, once captured, must follow the same chains of custody challenges as any other evidence type is. Yet, in ESI situations, as there are no paper documents, the handling and storage of ESI must be carefully managed by individuals specially trained for such cases. Evidence gathering and analysis by cyber-forensic techs is done with a digital copy of the original drive or media that is being examined. The goal is to avoid any chance of harm being done to the original evidence.
In certain instances, particularly when the government gets involved, courts may order computers to be seized for forensic analysis, or can order a clandestine incursion under the guise of a search warrant, or another form of subpoena.
Where critical evidence is needed, and there's a chance that such evidence might be deleted, modified, or destroyed; the plans for electronic discovery may be expedited by hacking into a network system or computer. Most instances of hacking into a computer or network under those conditions is conducted by government agencies with search warrants. The type of data that is usually examined is that which is suspected of storing evidence of financial crimes, theft of trade secrets, or other internet-related potential crimes.
