Posted on: December 18, 2014in Blog
Forensic Investigations and Data Collections Preparation Checklist
Being informed and prepared prior to scheduling a data collection can greatly reduce costs. Providing your collections consultant with the most information possible will ensure an efficient, thorough, and cost-effective collection.
It's critical your IT and legal departments collaborate effectively for a more successful internal investigation process. For best practices and steps that can be taken to improve collaboration between the teams, sign up for the webinar on Feb. 15th!
Here are some things to think about during the planning stages, before you have a consultant come on-site to collect data.
Identify the custodians.
Custodians are the people in the organization that create or access data that is potentially relevant to the matter at hand. Identify and interview them to determine the sources of relevant data.
Determine the general types of data sources in your environment that contain data subject to discovery.
Items to consider include:
- Mobile Devices (tablets and smartphones)
- External Storage Media (CD/DVDs, portable hard drives, thumb drives, etc.)
- Cloud Services (Dropbox, Google Drive, iCloud, etc.)
- Social Media (Facebook, Twitter, Instagram, LinkedIn, etc.)
- Structured Data (SharePoint, CRM, ERP, accounting, DMS, etc.)
- Tape Backup Systems
When the general data sources have been identified, try to collect more specific information:
Desktops and Laptops:
- Make and model (Macs vs PCs)
- Storage capacity (total hard drive size and number of hard drives)
- Is encryption employed? If yes, what type of encryption (Truecrypt, Symantec, McAfee Endpoint, BitLocker)? Is the decryption information (keys, passwords) and contact information for the administrator of the encryption system available?
- Make and model. Apple (iPhone 4S, 5, 5s, 6, etc.), Android (HTC One M8, Samsung Galaxy S5, etc.), Windows (Lumia 1020, Icon etc.), Blackberry.
- Internal storage size, both total and used. For Android, Windows and Blackberry devices is there an SD card? If so, what is the size and current usage?
- Is it password protected in any manner (PIN code, swipe pattern, password, etc.)? If so, please have the ability to supply the password.
- Type of server (file, email, application, database, etc.)
- Operating system running on the server? (Linux, Windows, etc.)
- Is IT support in-house or outsourced?
- If an Exchange Server, do you have the ability to supply access to an administrator account on the server? Alternatively, do you have the ability to supply the username and password for each account?
- If a file server, do you have the ability to supply access to an administrator account with access across the entire network or at least to all locations of relevant data?
- Make, model, and storage size.
- Same issues relating to encryption as for desktops and laptops.
- What social media platform is it? (Facebook, Twitter, Instagram, etc.)
- Is the username and password available? If yes, please provide that information. If no, we may still be able to collect public information, but it will be limited.
- What type of system is it? (SharePoint, CRM, ERP, accounting, DMS, etc.)
- What are the export options from the system?
- Is there a system administrator available on-site or off-site to help?
Take a quick glance through this checklist before scheduling an on-site forensic collection to prevent wasted resources.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted November 16, 2017
5 Workflow Tips for Conducting a Foreign Language Review
Posted November 10, 2017
What You Need to Know About Managed Review and the eDiscovery Process
Posted November 02, 2017
7 Steps to Help You Defensibly Migrate eDiscovery Data
Posted October 27, 2017
CLE Webinar with Lewis Brisbois: How to Do Social Media Collection and Presentation Right
Posted October 26, 2017
Despite Clawback, Defendant’s Reckless Abandon of Rule 502 Bites Back
Posted October 20, 2017
How to Use the eDiscovery PST Export Tool in Office 365 E3
Posted October 12, 2017
Recent eDiscovery Cases for Mobile Phones and Social Media
Posted October 05, 2017
Raising Objections to the Format of ESI Productions: Do it Early and Do it Clearly
Posted September 27, 2017
5 Reasons eDiscovery Alternative Fee Models Make Sense for You
Posted September 22, 2017
Why it's Crucial to Have a Corporate Mobile Device Policy