Guide To AccessData EDiscovery_MapsEDRM_3 4 10[1] AD E Discovery Implementing In House Solution Maps EDRM
2012-09-27
: Pdf Guide To Ad Ediscovery Implementing In-House Solution Maps Edrm Guide_to_AD_eDiscovery_Implementing_In-House_Solution_Maps_EDRM
Open the PDF directly: View PDF .
Page Count: 12
Download | |
Open PDF In Browser | View PDF |
AccessData Corporation Implementing an In-house eDiscovery Solution that Maps to the EDRM: A Guide to AccessData eDiscovery, Its Components and How It Addresses the Entire eDiscovery Lifecycle White Paper Contents Introduction ..................................................................................................................................................................1 Requirements for an Effective In-house Solution .....................................................................................................2 Walking Organizations through the EDRM Lifecycle, while Eliminating Excessive Costs ...................................3 Information Management ...........................................................................................................................................3 Litigation Hold Notifications and Tracking ..................................................................................................................4 Identification and Pre- and Post-Collection Early Case Assessment .........................................................................4 Collection and Preservation .......................................................................................................................................5 Processing and Deduplication ...................................................................................................................................6 First –pass Review Facilitates Early Case Assessment and Accuracy of Data Sets Produced.................................7 Producing Load Files and Reduced Data Sets for Third-party Review Tools ............................................................8 Technical Overview......................................................................................................................................................8 The Components .......................................................................................................................................................9 Conclusion .................................................................................................................................................................10 Introduction Traditionally, electronic document production “eDiscovery” was considered a manual, time-consuming task—and an expensive one. During the eDiscovery process, companies must identify, collect, preserve, process, review, analyze, produce and present any and all electronically stored information (ESI) that might be relevant to a specific matter. The Electronic Discovery Reference Model (EDRM)1 was developed to guide law firms, corporations and consultants through this process. While service providers and various software companies have come out with offerings that address pieces of this process, very few have introduced a solution that addresses the entire eDiscovery lifecycle. Figure 1 Some companies hire consulting firms to address eDiscovery, costing hundreds of dollars per hour and thousands of dollars per gigabyte. In other cases, companies unable to handle the cost burden associated with eDiscovery have had untrained IT employees manually collect the data. This exposes those organizations to a great deal of risk, because if collection is done incorrectly, companies can be fined heavily, and in extreme cases, opposing counsel is given full access to the entire network. Others try to cut costs by using in-house solutions, which can generate significant cost savings. With an in-house solution, typically litigation support personnel, from within the IT department, will perform the initial collections and cull the data down using search criteria provided by the attorneys. These solutions can be very difficult to use and only IT personnel are able to perform any of the operations, which does nothing to address the IT- Legal collaboration challenges faced by organizations today. However, the in-house, end-to-end solution can be the most cost-effective and operationally effective option for organizations looking to gain control over their ESI. The goal of the AccessData (AD) eDiscovery solution is to allow both IT and Legal to work together to perform the eDiscovery process in a simple, easy-to-use and automated fashion. In order for an in-house solution to effectively address the operational, organizational and cost issues associated with eDiscovery, it must meet several requirements. This paper will review those requirements, discuss how AccessData eDiscovery meets those requirements, and provide a technical overview of the solution’s architecture. 1 www.edrm.net 1 | P a g e Requirements for an Effective In-house Solution In order for an organization to successfully address the entire eDiscovery lifecycle, while significantly reducing cost and risk, it is necessary to implement an in-house solution that meets several requirements. In addition to, of course, being forensically sound technology with a history of court acceptance, the solution must also offer the following: The solution must integrate with and/or support the organization’s existing IT infrastructure. When an in-house solution integrates with the existing infrastructure it facilitates the authentication of users and the identification and selection of custodians. In addition, the solution must support an organization’s encryption technologies in order to automatically access encrypted machines, as well as to identify and collect password-protected and encrypted documents. Finally, it must be capable of searching and collecting not only the unstructured data, but data from the organization’s semi-structured and structured data repositories, such as Exchange servers, SharePoint, Enterprise Vault , Documentum or Lotus Domino. A Word About Unstructured and Structured Data Unstructured Data Unstructured data has no model or form to it and is free flowing. In the eDiscovery world this would be the most common form of data. It would include all data stored on desktops, laptops, file shares, external hard drives, thumb drives and even optical media. Structured Data Structured data is data contained within a data model, such as an email within an Exchange server or a credit card number stored within an Oracle database or documents stored in a document repository. These types of data sets can be difficult to collect as they require extraction and preservation of the usable data from the data store, making a defensible and repeatable process expensive and difficult to accomplish. The solution must be automated. An automated, in-house solution facilitates a repeatable, defensible eDiscovery process, reducing the opportunity for human error and enabling consistent compliance with internal policies and the Federal Rules of Civil Procedure. The solution must be capable of performing automated network-wide audits/collections with the option of scheduling recurring collections for a specific ongoing matter. Due to the possibility of connectivity issues and the fact that custodians are not always present on the network, the solution must also have an auto-restart function, which will automatically pick up a collection where it left off, while identifying any files or emails that have been altered since the last collection attempt. The solution must provide meaningful workflow that drives users from one step of the process to the next in an automated fashion. Finally, all operations must be automatically logged for chain of custody auditing purposes and the reporting must be extensive to illustrate every action taken and every result. The solution must provide sophisticated search options. In order to carve out the most accurate set of potentially relevant data while reducing risk, a more sophisticated approach to searching is required. In addition to simple keyword and date range searches, an organization can further refine its set of data by using more advanced options, such as fuzzy, proximity, synonym or stemming searches. In addition, for the sake of expediency and accuracy, the solution must provide relevancy ranking, as well as the ability to “test” search criteria. The solution must have extensive email and file support . It is critical for an in-house eDiscovery solution to provide broad file support and for it to be powered by a forensic engine that can handle extremely large data sets, while dealing with the difficulties different types of data present. The solution must be easy to use with real-world workflow built in. Every player in the engagement should be able to utilize the solution to perform his or her specific tasks—IT personnel, in-house counsel, paralegals, and outside counsel, if necessary. If the solution relies on scripts to operate, it may be more difficult to use and likely cannot be used by anyone other than an IT professional. Organizations can benefit from “wizard-driven” solutions that guide users through each step of the EDRM process, without the use of scripts. However, the workflow provided by the solution must map to the way the organization actually approaches eDiscovery. In addition, a web interface can streamline the overall process, enabling all parties involved to review and comment on the data from any location. 2 | P a g e Furthermore, a solution that is easy to use requires minimal training, in order for the organization to get up and running effectively with the technology. Many in-house solutions are simply too difficult for everybody in an organization to use effectively. In many cases the organization finds itself paying for professional services from the vendor who sold them the in-house solution, because nobody at the organization is able to operate the solution on his or her own. The solution must provide extensive reporting. The following are examples of the types of reports useful to an organization performing its own eDiscovery in house: • • • • • • Matter summaries: to see statistics of all collections across a matter with the ability to drill down into individual collection metrics Collection summaries: to see values per collection and per custodian with rates, file breakout and collected files with metadata Deduplication reporting: so users can view detailed deduping information for all documents and email, even on massive data sets File breakout and processing exceptions: to show processed and encrypted data with metrics per custodian and across the matters, flagging any documents that failed to process Search summaries: showing when the search took place, who performed it, and what items were searched per custodian/per asset Detailed search reporting: to see the names of files that had hits, how many total hits per file, hit count by category, display keywords (terms) and search options, what filters were applied, variations of keywords searched for The solution must offer multiple exporting options. In addition to being able to export load files for popular review platforms, (i.e. Concordance and Summation) the solution must allow for easy export of data in native format and other commonly required formats. Walking Organizations through the EDRM Lifecycle, while Eliminating Excessive Costs AD eDiscovery meets the above requirements, walking the user through the eDiscovery lifecycle with an easy-touse, wizard-driven interface. From early case assessment to producing the relevant data set, users can address electronic discovery in house, without the costly help of service providers. Figure 2: AD eDiscovery Dashboard Utilizing a hybrid of on-demand searching and a preindexed approach, AD eDiscovery enables the identification and collection of responsive ESI, including unstructured, semi-structured and structured data. The solution allows in-house counsel and litigation support personnel to work together to effectively address eDiscovery in a streamlined, automated manner. AD eDiscovery is easiest enough to use that every player in the eDiscovery engagement can utilize the technology to perform his or her specific tasks. For example, litigation support can perform collection and processing operations, while, via a secure web interface, in-house counsel reviews and comments on the results, and a paralegal logs in to track the status of all operations. In fact, the interface is so intuitive that, if policies allow, in-house counsel and/or paralegals can test search criteria and perform processing and analysis operations without the aid of more technical IT personnel. The solution is designed for ease of use, in order to facilitate collaboration among all parties involved. Information Management Proactive information management is critical to accomplishing an efficient electronic discovery process—and to mitigating an organization’s exposure. Ensuring that records retention policies are enforced is prudent and easy with AccessData eDiscovery’s automated auditing capabilities. Organizations can periodically search assets for documents and email that are outside the parameters of the retention policy and remediate from a central location. In fact, organizations can schedule periodic audits with AccessData eDiscovery, thereby implementing a consistent, documented approach to records retention enforcement. 3 | P a g e Litigation Hold Notifications and Tracking Automated litigation hold capabilities are integrated into AccessData eDiscovery. Users can send litigation hold alerts to relevant custodians and track which custodians have viewed the alerts. The process is wizard driven and allows the user to attach the organization's standard litigation hold documents to the email notification. This integrated capability not only makes the entire eDiscovery process more efficient, but it dramatically reduces error, as the litigation hold wizard requires the user to complete a series of set tasks before he or she is able to send the litigation hold notifications. • • • • Add/remove custodians from an existing hold. View real-time status of hold notifications. Single sign-on portal for custodians and IT to confirm holds and view hold status. Interview custodians and data owners. Identification and Pre- and Post-Collection Early Case Assessment AD eDiscovery’s early case assessment auditing capability allows litigation support personnel and/or in-house counsel to actually test search criteria to see what the results will be prior to collecting. This allows in-house counsel to refine the search criteria to ensure that only the optimal data set will be collected and to better understand the data prior to collection. However, AD eDiscovery also enables an organization to immediately, upon receiving a litigation hold notice, collect and preserve all user created documents, email, etcetera, based on a variety of criteria in preparation for possible litigation. This means that the organization can test search criteria prior to collecting, or it can collect everything and test search criteria on a preserved and indexed data set, using more sophisticated search techniques. Either way, the organization eliminates hourly service provider fees by handling these steps in house. (See Figure 3 on next page.) AccessData eDiscovery provides a number of sophisticated search methods that will greatly enhance an organization’s ability to perform effective early case assessment, while greatly reducing the amount of irrelevant data that is produced. For more information on AccessData’s search and early case assessment functionality read “Gaining the Advantage through Early Case Assessment: Sophisticated Searching Techniques to Assess Exposure and Save Money”. Fuzzy Fuzzy searches enable the attorney find documents with a keyword even if that keyword has been misspelled. Note, AccessData technology even allows the attorney to adjust the "fuzziness" of the search to reduce false positives. Stemming A search with stemming finds grammatical variations of keywords by reducingi words to their stem, base or root form. For example, toggling the stemming option with the keyword "apply~" will match any document that contains the words "apply", "applies" or "applied". Phonic Phonic searches find keywords that sound like—but don't necessarily have the same meaning as—the designated keyword. For example, a phonic-enabled search for "fryer" would return all documents containing the word "fryer" and "friar". Synonym Synonym searches find documents with words that match the keyword and words that have a similar meaning. For example, a synonymenabled search for the keyword "idle" would return all documents containing the words "jobless", "unemployed" and so on. Proximity Proximity searches are those that identify documents with one keyword within a certain number of words from another keyword. For example, a proximity search for "patent w/5 infringement" are much more likely to return documents with "patent infringement" and "infringement of a patent", but likely exclude documents containing "infringement" and "patently wrong". Regular Expressions Regular expressions provide a concise and flexible means for identifying strings of text of interest, such as particular characters, words or patterns of characters (such as a social security number). The expression itself is written in a formal language that enables very precise searching of text-based documents. For example, all Visa credit card numbers start with a "4" but new cards have 16 digits and old cards have 13. Thus, a regular expression that would find Visa credit card numbers in a document would be: \<4\d\d\d[\-\. ](\d\d\d\d[\-\. ]){2}\d\d\d\d\> 4 | P a g e Figure 3: Estimated service provider fees for each phase of the EDRM Collection and Preservation Once the search criteria have been finalized, the designated authority approves the collection and executes the collection operation. It is important to note that AD eDiscovery allows for identification and collection of both unstructured and structured data. AccessData’s connectors for structured data, such as Lotus Notes, Microsoft Exchange, Symantec Vault, Documentum and Microsoft SharePoint, allow users to search for, collect and preserve structured data in a defensible, repeatable manner, without it being a cumbersome and expensive task. Distributed collection capabilities allow the organization to utilize multiple computers and assign specific collection operations in various locations to increase the speed and efficiency of collections in complex environments. Users can see real-time status of a collection by asset, including percent complete status, time to complete statistics, what file is a being collected, how many files have been collected and total bytes collected by asset or across the entire collection. Collecting from custodians who work outside the office or travel frequently can prove to be quite challenging, as their laptops are not always logged into the network. With AD eDiscovery, laptops with agents can be dynamically routed to optimal collection points. For example, with dynamic locality, users as they move from New York to London are automatically routed to the optimal collection point, and collections will resume at the point of failure without having to start over. When that custodian’s machine has logged off the New York network and then comes online again in London, it will automatically restart the collection in London, picking up where it left off with no user intervention. Any files that were altered since the last collection attempt will also be collected. Figure 4: Collection Details 5 | P a g e Processing and Deduplication AccessData eDiscovery supports Lotus Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, Netscape, AOL, RFC 833, and EML formats, such as Microsoft Internet mail, Earthlink, Thunderbird, QuickMail, as well as 400 different file types, providing the broadest support when it comes to handling of ESI. The wizard-driven processing functionality gives users control of how data is processed. The processing engine opens up compound documents, email archives, deduplicates, categorizes, identifies protected files, and indexes the data in preparation for review and export. Powered by FTK®, the processing engine has been “battletested” to handle the largest and most complex datasets. Figure 5: eDiscovery processing dialog providing options from “eDiscovery mode” with full indexing, or “field mode” for faster processing. Figure 6: Processing options available via FTK platform when using FTK mode. 6 | P a g e First –pass Review Facilitates Early Case Assessment and Accuracy of Data Sets Produced Without the need for expensive consultants, organizations are able to automatically identify, collect and preserve ESI, then process the data for analysis and what is called “first pass review”. Unlike most in-house solutions, AD eDiscovery allows for in-house counsel and /or litigation support personnel to engage in a first-pass review of the culled data to ensure that the most accurate set of potentially relevant data is produced. FIGURE 7: Silverlight, web-based review platform AD eDiscovery’s third-generation, Web-based Silverlight review platform delivers advanced analytics and collaborative review of electronically stored information for the purposes of early case assessment and/or final approval of the data set to be exported. — Custom Data Views: Enables users to define exactly what reviewers can see. For example, only email from Custodian # 4 can be seen by Reviewers A and B. — Email Discussion Threads: links together related messages into chronological threads which display entire discussions, including all replies, carbon copies and forwards. By following the thread, you can quickly identify all the participants, and determine who knew what. In addition, it has thread suppression support and the ability to tag any items up or down the chain. — Detailed Reporting o Matter, collection and search summaries o Deduplication o File breakouts and processing exceptions o Detailed search reports — Tagging/Labeling Options for Custom and Bulk Tagging: with annotation pop-ups and three-way (include/exclude/neutral) label filters to quickly toggle between coded and un-coded documents. — Bookmark Items into Categories and Include Comments — Hit Highlighting: Highlights search terms in files, emails and attachments, allowing you to quickly and easily find what you are looking for without having to read every single word. Users can view hit highlights in the 400+ different data types we support in both natural and text view. — Split-screen Support: users can view item on the left and file contents on the right 7 | P a g e — Enhanced Search Capabilities: o Relevancy ranking, based on automatic term weighting. o Fuzzy searching with a slider. o Stemming, related words, phonic, wildcard, proximity, and concept. o Nearly all search types can be combined to make your search as complex as you want. o Easy –to-use search help panel. — Automatic Data Categorization/Classification: per custodian or across the entire matter Producing Load Files and Reduced Data Sets for Third-party Review Tools The solution provides organizations the ability to create reduced (culled) data sets in a number of different formats, including native format organized by custodian or as a single instance with reduced PST or NSF. Also, user have the ability to create load files for export to popular third-party review tools, including Concordance, EDRM XML, ICONECT, Summation and Introspect. Technical Overview AccessData eDiscovery is a designed to be a distributed environment, with multiple components able to handle unstructured, semistructured and structured sources. Figure 7: eDiscovery Workflow 8 | P a g e Figure 8: AD eDiscovery Architecture The Components Application Server — manages workflow and eDiscovery operations within the application Web Server — provides web services for users to drive eDiscovery operations within the application — hosts website for first pass review data modeling Collection Worker(s) — The work administrator service that does the actual search and forensic-level collection from data sources (structured/unstructured/semistructured) — designed to scale up and out Processing Worker(s) (FTK) — performs the post-collection processing of data — expands archives (PSTs/NSFs), indexes, de-duplication, file identification, secondary culling/filtering, and production — scales up and out Processing Database (Oracle) — facilitates secondary culling/filtering, data modeling, searching, deduplication and production — scales up to handle massive amounts of data Orchestration and Logging Database (SQL) — tracks all eDiscovery matters, workflows and operations IDOL Worker — index engine and structured data connectors from Autonomy for file identification Agent — a service that runs on target nodes, providing secure forensic-level access to and preservation of ESI External Storage — stores collected/preserved and culled data 9 | P a g e Conclusion AccessData eDiscovery facilitates a project management approach to electronic discovery and streamlines eDiscovery processes from the point of identification all the way to production. By enabling all players in the eDiscovery engagement to utilize the same platform, the collaboration challenges IT and Legal normally face can be easily addressed. AD eDiscovery enables automated, targeted searches and the forensic collection of only potentially relevant data from multiple custodians simultaneously, all from a central location. With state of the art workflow, AD eDiscovery provides absolute control, matter delivery, and custodian and collection management capabilities. It gives visibility into all ESI across the enterprise and allows for proactive enforcement of records retention policies via automated auditing for easy identification, flagging and/or deleting of noncompliant data. These capabilities are key to optimal litigation preparedness and proactive enforcement, and result in massive time reduction and cost savings. About AccessData® AccessData has pioneered digital investigations for more than twenty years. Its automated, in-house eDiscovery solution allows users to identify, collect, forensically preserve, process, deduplicate and produce electronically stored data. It allows users to collect from laptops, desktops, databases, servers, email and more than 30 popular structured data repositories. Additionally, AccessData eDiscovery enables large-scale auditing to detect data leakage and files that aren’t in compliance with an organization’s retention policies. For more information visit: www.eDiscoveryWithAccessData.com ©2009 AccessData, Inc. All Rights Reserved. AccessData, is a registered trademark owned by AccessData in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners. 10 | P a g e
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : Yes XMP Toolkit : Adobe XMP Core 4.0-c316 44.253921, Sun Oct 01 2006 17:14:39 Creator Tool : PScript5.dll Version 5.2.2 Modify Date : 2010:05:28 13:30:16-06:00 Create Date : 2010:05:28 13:30:16-06:00 Format : application/pdf Title : Microsoft Word - Guide to AccessData eDiscovery_MapsEDRM_3-4-10[1] Creator : mbrown Producer : Acrobat Distiller 8.1.0 (Windows) Document ID : uuid:6091b56e-7e61-4c0f-acbf-2c8e54026a8e Instance ID : uuid:30d0e0e3-a7fd-47ca-b026-ed8e1aa97afa Page Count : 12 Author : mbrownEXIF Metadata provided by EXIF.tools