How they differ, how they should be conducted and why attorneys need to know
Electronic discovery and digital forensics continue to play ever-increasing roles in case law. Negligent e-discovery conduct has been sanctioned in all 12 federal judicial circuits. Two local cases, Mechling v. City of Monroe and O'Neill v. City of Shoreline, highlight the importance of email metadata. In the latter case, the court ruled that if the defendant is obligated to provide the emails, then it also is obligated to provide the metadata.
Electronic Discovery vs. Digital Forensics
Electronic discovery is typically the gathering, filtering and production of large volumes of relevant data for legal review. It may leave important information undiscovered. The data are accessed, but not analyzed, and typically do not include discarded, hidden or deleted data. File time stamps - one form of metadata - are usually altered by the electronic discovery collection process.
In contrast, computer forensics, a subset of digital forensics, involves investigative and detailed analysis on one or more hard drives or PCs in search of both active and latent information to determine who did what and when. The data are preserved - unaltered - before analysis. Then during analysis, critical events are recreated and, if necessary, passwords or encryption are cracked.
Digital forensics uses these same techniques applied to networks, PDAs, cell phones, and even some printers and copiers that may retain copies of documents internally.
Because of the different objectives and strategies, electronic discovery frequently ignores useful information. In some cases, it may even destroy data that could be useful to a forensic analysis.
...login to read the rest of this article.