Category Archives: Best Practices

Social Discovery: An Interview With Howard Williamson

This week’s blog is something new for X1 – a Q & A with Howard Williamson, the General Manager for X1’s market leading Social Discovery product.  Howard is an experienced digital forensics expert and began his career in law enforcement, which gives him a unique perspective on the practice of social discovery.  I had the pleasure of interviewing Howard this week on what is a very hot topic – social discovery.

Why Social Discovery?

Howard:  I remember back in the mid-1990’s there was a real feeling of excitement around digital forensics.  It was the cutting edge of the forensics field and the work was really fun.  Social media is now what digital forensics was in the mid to late 1990s – it’s the cutting edge of where investigation and intelligence is right now.  The work is fun because there are lots of challenges; the fun part is taking the practice from good to great.  That is what attracted me to the opportunity at X1 – because X1 Social Discovery can make the practice great because the product addresses the challenges of defensibly collecting a high volume, diverse data set like social media.

How does the law enforcement background complement this role?

Howard:  Ultimately, the goal of social discovery is to collect data in a manner that allows it to be used in criminal or civil litigation.  Knowing how that process works is critical.  The law enforcement background gives that experience of defensible collection across many different types of digital evidence.  And, on the criminal side of things, the standards of defensibility are quite high, so carrying that over to the civil side means that X1 will always meet high authenticity standards.  I bring that high bar from the digital forensics world to this brave new world of social media.

What’s new about this practice?
Howard:  The nice thing about now versus the mid-1990s is that we are now using purpose-built tools like X1 Social Discovery rather than co-opting system administration and network tools like we did in the early days of computer forensics.  That makes the Modern evidenceprocess more efficient and more complete.
Rather than using a sledgehammer to put a nail in, we are using a hammer.  The tool is built specifically for social discovery and therefore makes the practice more efficient.  Whereas in the early days of digital forensics, collection procedures where often made up on the fly, with Social Discovery, the approach is much more structured and systematic.  At X1, with our experience, we are certainly able to think and react on the fly to new challenges, but with a purpose-built tool, we can do so much more efficiently.  And, in the eDiscovery world, efficiency and defensibility are two very important things.

Are you seeing social discovery specialists pop up? 

Howard:  What we are seeing is that digital forensics professionals and intelligence professionals are implementing social discovery into their processes and procedures.  There are not “specialists” in social media; rather, the social discovery tool allows more people to collect this type of data as part of a broader job.  They are also doing things like mobile forensics and other digital forensics.  Thus, X1 Social Discovery has become an important tool in their toolkit.  The tool actually makes it easier to bring social media content into the collection because the professional doesn’t have to dive deep into things like mobile operating systems.  It becomes easier to be an expert in social collection because the product makes it simple to collect and analyze.

Do you think that Social discovery is a mainstream practice now?

Howard:  It absolutely is.  The evidence of that is our business.  X1 has nearly 500 paid install sites and nearly 4,000 end users conducting social discovery.  These users got ahead of the curve and have social media integrated into their processes.  The growth opportunity is still huge because it is inevitable that case law will force everyone to take social media more seriously, in the way that the Enron case put a spotlight on electronic discovery in general.  Law enforcement got the importance of social media evidence early on.  Even though a more typically cautious industry, police departments see that social media is a critical form of evidence and have built it into collection processes.  This is how most areas of forensics have evolved.   There is an attitude that, if it’s good enough for criminal law, it’s good enough for civil court.  That is part of what’s exciting for X1 – we have a great base of law enforcement customers putting the product through the paces.  X1 Social Discovery is truly battle-tested and no other solution works quite as well.  We are nicely positioned as the social discovery leader in a mainstream market with high growth potential.

What should we look for in the next year of social discovery?

Howard:  I would expect to see the big social networks continue to gain traction.  I don’t foresee a new behemoth social network to challenge the popularity of Facebook and Twitter.  From an app perspective, self-destructing messaging looks to remain popular as privacy becomes more of a concern.  Forensics will play a large role in determining whether those messages are truly destroyed or actually discoverable.

X1 will continue to build out connectors to more and more social networks and improve reporting and deliverables.  There will be more ability to analyze the data within the investigation platform.   What X1 wants to enable is people to do their jobs within a given workflow.  Some users will want to collect and review social media directly within X1, and the tools enables them to do that.  Others have examiners collect the data, but then move to a review tool where litigators can look at it.

Big thanks to Howard Williamson for sharing his time with us.  If you have questions about social discovery, please contact us at info@x1.com for more information.

_________________________________________

Catch Howard’s lecture at HTCIA’s Annual Conference, Tuesday, August 26, where he will cover Social Media Collection and Review >

 

 

 

 

 

 

 

 

 

 

Leave a comment

Filed under Best Practices, Social Media Investigations, Uncategorized

As Desktop-as-a-Service Gains Traction, Do Not Overlook Productivity Search

by Barry Murphy

Oftentimes, federal government agency IT departments are technology early adopters because of mandates to cut costs and increase efficiencies and business agility. It is not surprising, then, to see FCW.com pointing out that agencies are embracing Virtual Desktop Infrastructure (VDI). Benefits of VDI include simpler and more automated systems administration, better control over security (always a big factor for government agencies), and lower costs for client-side support. Those “hard” benefits are only part of the story – VDI also enables worker mobility (especially important to the Department of Energy) and helps enable more “green IT.” Because VDI provides a zero client environment, it can reduce the required power consumption per desktop, thereby reducing the environmental impact of the agency’s IT systems. This is perhaps more of a soft benefit, but a necessary one nonetheless.

As the FCW article states, there are now two options for deploying VDI: on-premise and through the Cloud, as Desktop-as-a-service (DaaS). There are good market options in both directions, with on-premise providers like Citrix and VMWare, and DaaS providers such as Amazon (with its Workspaces offering) and the aforementioned VMWare (with its Horizon offering). Whichever direction an organization chooses for its VDI, it is critical to remember that business worker adoption and acceptance is the key to ROI. In my experience, one thing that scares business workers when moving to VDI is the potential loss of easy access to their information assets. With VDI, it is a best practice to turn off Windows indexing, and that can leave a business worker without the ability to search for his or her information.

DaaS

With VDI in the Cloud, the DaaS provider will want to manage virtual computing resources diligently – also meaning that desktop indexing will likely be turned off. And with government agencies increasingly storing information in the Cloud, it can make search of that data a challenge. There is an opportunity to ensure a better business worker transition in these environments – build in productivity search requirements up front. Business worker access to information is an important component of easing any kind of end-user angst when transitioning to a new desktop environment. Providing these workers with unified access to common information like email, files, and SharePoint will help with change management and user acceptance. And it is important to stress again – without the end-users, there is no ROI on these VDI projects. Therefore, the upfront productivity search requirements should include a search solution that supports VDI environments and that is deployable in the Cloud, like X1 Rapid Discovery.

The move is on to VDI in the federal government, and industries like financial services and professional services are also in the midst of VDI roll-outs. These early adopters will set the trend of many industries. If the early adopters require excellent business worker productivity search experiences, acceptance of these new technologies will be much smoother and more successful. And that is good for everyone – VDI vendors and customers.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, Desktop Search, Enterprise Search, IaaS, Information Access, Information Management, Records Management, Virtualized Environment

Highlights from Reed Smith’s SharePoint eDiscovery Webinar

by John Patzakis

Reed Smith recently hosted an excellent webinar on SharePoint eDiscovery challenges, led by Patrick Burke with the firm’s eDiscovery team. The webinar featured a substantive and detailed discussion on the nuances, pitfalls and opportunities associated with eDiscovery of data from SharePoint sites. This topic is very timely as the majority of enterprises are deploying the Microsoft platform at an accelerated rate, with the solution reaching $1 billion in sales faster than any other Microsoft product in history. Burke noted that “SharePoint has exploded across corporate networks, and are filling rapidly with ESI,” but that “the bad news is that it’s not centralized. There is no single place to go to search through the ESI across an organization’s SharePoint sites to identify which SharePoint Site holds the ESI you’re looking for.”

As SharePoint enables enterprises to consolidate file shares, Intranet sites, internal message boards and wikis, project management, collaboration and more into a single platform, it provides significant operational efficiencies as well as eDiscovery challenges. The vast majority of current SharePoint deployments are versions 2007 or 2010, and neither have meaningful internal eDiscovery or even export features. This is one reason why SharePoint eDiscovery is fraught with over-collection, resulting in much higher costs and time delays that what is typically seen with other similar data stores such as email servers and file shares.

In addressing best practices for eDiscovery of SharePoint sites, Burke advised, among other key points, that the litigation hold process must not only involve individual custodians but the SharePoint administrator as well: “As it usually isn’t feasible to search all an organization’s SharePoint sites, the first step is to talk to the key custodians (through litigation hold questionnaire processes) and ask them which SharePoint sites they use (to identify) relevant ESI.” From there, “the cross-check involves talking with the SharePoint administrator, who can look up all the SharePoint sites to which the custodian’s belong.”

A full video recording of the webinar can be accessed here >

Appliance-based eDiscovery solutions or remote collections do not work as it may take weeks, if not months, to copy a multi-terabyte SharePoint site over a network connection and a large corporation may have several dozens of SharePoint silos from which to collect.  Manual collection efforts, which are geared toward mass “data dumps,” are also time consuming and are typically very costly due to the extensive processing and data massaging required to put the SharePoint data back into context.

Instead, what is needed is a solution such as X1 Rapid Discovery can quickly and remotely install and operate within the same local network domain to enable localized search, review and early case assessment in place. X1 Rapid Discovery’s full content indexing and preview of native SharePoint document libraries and lists, as well as its robust search, document filters, intuitive review interface uniquely enables targeted and contextual search, preservation and export of SharePoint evidence in its native format. In fact, we believe it is the only solution available that enables true in-place early case assessment and eDiscovery review of SharePoint sites, including iterative search, tagging and full fidelity preview in place, without the requirement to first export all of the data out of the platform.

To learn more, sign on to the recorded webinar or please contact us for a further briefing to learn how to save your organization or your clients tens of thousands of dollars on litigations costs associated with SharePoint.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery & Compliance, Enterprise eDiscovery, Information Access, Preservation & Collection