Over the past few years, it has been noticed that computer forensics and E-discovery have been a buzz word in the computer security arena and in legal societies. Although both of them refer to the process of handling digital data but is there any difference between them? To clear the confusion further we need to understand both the terms in details.
Genesis of E-discovery
The advent of email messaging, and various forms of electronic communications between individuals at work place has given tremendous pressure to litigation cases .With almost all evidence present in digital form, the litigators must not only have command over law but also a depth of knowledge over data retention approaches. Without this cognizance it won’t be easy for them to descry important evidence so as to defend a case in the court of law. Often litigators have to decipher the technical intricacies and it is not possible for them to individually carry out the reviewing process with such cumbersome amounts of data involving thousands of email messages and ESI. In such cases consensus, resolution of the problem is the formation of e-discovery team which generally comprises of a group that has lawyers, IT and management professionals.
Main Goal of E-discovery?
The main objective of E-discovery is to provide electronically stored information to the requesting party which may be legal authorities, government bodies or any type of third-party entity. It rests its foundation on three basic pillars which are law, technology and science. The approach involved over here is to descry the ESI so as to defend a court case.
How E-discovery is carried out?
E-discovery presents a new fractal unification which has become an emergent inevitability so as to meet the radical renovation in the system of justice because of ever increasing growth of technology. ESI forms the core part of e-discovery and spotting crucial ESI is considered to be important. Now the question comes, what e-discovery consists of? So let us discuss the procedure of e-discovery.
The E-discovery approach consists of the following steps
- Management of records
- Identification
- Preservation
- Collection
- Processing-Review-Analysis
- Production
- Presentation
Data which are considered as inherently significant by attorneys are put on legal hold. Then comes the process of abstracting evidence which are then analyzed by employing various types of forensic techniques and then these are reviewed on a platform that provides the facility for reviewing documents. Such kind of platforms have the potential to help forensic investigators to collect and search through the bulk of ESI data. The approach is generally targeted on information that are present in allocated clusters. The process filters out applications, system files and temporary files and takes into consideration only the active user related accessible files. Such kind of files generally involves PDFs, documents, spreadsheets and most importantly email messages.
The electronic data generally co-exists with metadata which cannot be traced out from normal paper documents. Preservation of metadata from these documents is one of the main challenges for the investigators so as to inhibit data spoliation.
Computer Forensics
Computer forensics refers to the scientific study and inquisition of computers in a way that is accordant with the rules of evidence extraction and with the rules of litigation procedure. To explain a lay man we can say that it can be considered as the application of forensic methodologies to computer based materials. Although it is generally thought of as a part of the traditional forensics arena. But it requires vast knowledge of computer software and hardware details for the purpose of avoiding the destruction of important evidence.
Now the question that comes around is extraction of what kind of evidence? It refers to investigation of culpable evidence which can be extracted from a computer’s hard drive and preparation of evidence for presentation in the court. Here, the information is already present on the hard-drive of the system but it is in hidden form. It also refers to the searching of data from unallocated disk space for retrieving copies of files which has been damaged, deleted or encrypted. So basically, the investigators have to carve out data so as to produce it as evidence in the court.
Methodology behind Computer Forensics
Forensic experts follow a set of standard rules while carrying out the investigation case. They physically isolate the computer which is being suspected to ensure that it is not further contaminated. For this they also make it a point to make a digital copy of the hard drive and all the investigation is carried out on this digital copy.
The computer forensic experts adopt well-defined procedures and work together as a team for a successful digital investigation. While conducting the process of gathering data, the forensics expert make it a point to document all those valuable information in a well-structured format.
With the rapid growth experienced in technology, the technical skills needs to be also expanded. A normal investigation procedure consists of the following parts.
- Detection of network intrusion
- Evaluation of threats and other vulnerabilities
- Forensic investigation on data
A computer forensic examination reveals lot of information like when a document first appeared on a computer, the date on which it was last edited, etc. All these information can bring out a great change in investigation procedures. To sum it all, the computer forensics procedure consists of the following basic steps.
- Identification of evidence
- Preservation of evidence
- Extraction of probative evidence
- Interpretation and necessary documentation
- Presentation of evidence in the court by adhering to the rules
Striking Out the Differences
It can be well pointed out that computer forensics and e-discovery go hand in hand, both the approaches thrust on gathering important evidence which is considered as the basic criterion of forensics investigations. However, strong differences have been pulled out between both of them and this comes while analyzing information. In case of e-discovery, the legal authorities are involved in reviewing the evidence aspects whereas in case of computer forensics, the investigation experts review the digitally stored data, collect important evidence and suitably present it before law.
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
