The fundamental elements of e-discovery can be described as knowing where to look for data, preserving the data, and then analyzing the data.
The first step of any e-discovery plan is to determine where information of interest may lie and thus what items should be requested for discovery. The specific list of locations will vary with each case.
In addition to the obvious computers and smartphones, other locations and devices may hold important data. If a computer is behind a firewall, the firewall or server log files may help pinpoint Internet destinations and times of activity. If a large company's telephone system was used, PBX or Private Branch Exchange logs may be useful.
In a similar fashion, Voice Over Internet Protocol, or VOIP, call records should be readily available from the respective service provider, frequently by accessing the owner's account online, as is the case with Skype and Vonage. If activity of interest occurred inside a secured building, security tapes or building access logs may help determine who was present and when.
Any computers that might have been used by the subjects of your discovery can contain a wealth of information, from websites that have been visited to documents that may have been viewed, and the history of programs that might have been run, even if the programs or documents have since been removed.
In this sense, documents would include text, spreadsheets, pictures or anything else that might have been edited or looked at. But more importantly, a quick look at the computer's registry can provide an inventory of other devices that have been accessed and may be worth looking at separately.
The Windows registry keeps track of every device that has ever been connected. A manufacturer and model are always recorded, sometimes with a serial number. The registry also indicates the last time each device was attached. This could identify additional subjects of discovery.
Remote server log-ons and user accounts are also observable, indicating the times of both the first and most recent logons. These could point to servers that may be useful to discovery.
...login to read the rest of this article.