Category Archives: Social Media Investigations

X1 First To Offer Social Discovery Certification

by Barry Murphy

Education, training, and certification programs are foundational elements of any profession.  When it comes to relatively new functions like social media discovery, the importance of good training and certification options is amplified.  There is a dearth of expertise coupled with the need for corporations and law firms to address challenges quickly – that combination creates an immediate need for formal and effective training.

The activities within the eDiscovery profession tend to be specialized.  For example, forensic disk imaging requires a specific skill set that is very different from the skill set required to run predictive coding review workflows and projects.  As a result, generic eDiscovery certifications have yet to gain mainstream traction in a meaningful way.  This is not to say such programs are not valuable; they are.  However, given the lack of a standards board or independent third-party that has published a treatise on what it means to be qualified to perform “eDiscovery,” it is difficult for any one certification to be an industry standard.  Further, the eDiscovery profession is a sum of many tasks, most of which are performed by various team members (as opposed to one person being responsible for, or capable of performing, all).  What I hear from eDiscovery professionals when it comes to certification is that there is simply not enough definition as to what it means to be a certified eDiscovery professional.

One type of certification that is more important than ever is vendor-specific (or tool-specific) certification.  Previous eDJ Group research had validated the fact that training and education programs are critically important for the practice of eDiscovery.

Vendor certifications

Click on image to enlarge

For years, it has been critically important that forensic investigators be certified on the tools they use – such as Guidance Software’s Encase (EnCE, EnCEP) or AccessData’s FTK (ACE).  Likewise, the Relativity Certified Administrator credential (RCA) from kCura has gained significance in the hosting and review market.  As such, upon joining X1, I was very pleased to hear that the company will offer certification for our X1 Social Discovery tool.  Why is certification for the Social Discovery tool so important?  First, social media is now ingrained in our business lives.  eDJ Group research from September 2013 shows that almost two-thirds of workers now use external social networks like Facebook or LinkedIn for business purposes.

Social Media Part of Business

Click on image to enlarge

Second, social discovery is still fairly new and requires in-depth training.  With X1 Social Discovery, users need to understand how MD5 hash values of individual items are calculated upon capture and maintained through export. They need to understand the automated logging and reports that are generated. They need to be educated on the key metadata unique to social media & web streams that are captured through deep integration with APIs provided by the sites and how this metadata is important to establishing chain of custody and authentication.  Given these new challenges, a certification program just makes sense.  Even better, X1’s Social Discovery tool will be the only one on the market with a certification program in place.  That will be an important distinction in the market, especially given the large amount of law enforcement customers for the product (doing things by the book is extremely critical in law enforcement investigations).

The X1 Social Discovery Certification course, offered by DigitalShield, will cover:

  • Introduction to the foundational skills and knowledge needed to understand social media collection, analysis, review and delivery
  • Best practices for locating and collecting social media
  • Providing investigators, digital forensic examiners and eDiscovery practitioners with the technical skills to use X1 Social Discovery
  • Hands-on training using X1 Social Discovery to collect, manage, and analyze data from Twitter, YouTube, Facebook, webmail and websites

To sign up for the training or to learn more, click here >  

______________________________________________________________________

1 Comment

Filed under Social Media Investigations, Training and Certification

The Benghazi ESI Scandal

Last week, the United States Senate Intelligence Committee issued a bipartisan report finding that the deadly assault on the American diplomatic compound in Benghazi, Libya, which killed US Ambassador Chris Stevens and 3 other Americans, could have been prevented.

Bengazi

The account spreads blame among the State Department, the military and U.S. intelligence for missing what now seem like obvious warning signs in the weeks before the September 11, 2012, attack, including multiple clues and outright threats that appeared on social media — key evidentiary source of Electronically Stored Information (ESI) as defined by the Federal Rules of Civil Procedure.

And therein lies what could be the real scandal of the Benghazi affair – The failure of the US Intelligence Committee to monitor and investigate available social media evidence leading up to the attack in that volatile and dangerous part of the world.  The Senate report notes that “[a]lthough the Intelligence Community (IC) relied heavily on open source press reports in the immediate aftermath of the attacks, the IC conducted little analysis of open source extremist-affiliated social media prior to and immediately after the attacks.” And that there were “reports from the IC indicating that more in-depth intelligence exploitation of social media in the Benghazi area, including web postings by Libyan nationals employed at the Temporary Mission Facility, could have flagged potential security threats to the Mission facility or important information about the employees prior to the September 11, 2012, attacks.”

One of the missed clues identified by the Senate report, which includes 14 independent references to social media evidence, involved a prior May 22, 2012, attack on the Benghazi-based International Committee of the Red Cross (ICRC) building by militants with Rocket Propelled Grenades (RPGs). On May 28, 2012, a previously unknown organization, The Omar Abdurrahman Group, took to social media to claim responsibility for the ICRC attack and issued a direct threat against the United States. It is believed by many intelligence experts, and implied in the Senate report, that the Omar Abdurrahman group was responsible for the September 11, 2012, attacks on the American diplomatic compound.

The Senate report includes a key recommendation that the Intelligence Community “must place a greater emphasis on collecting intelligence and open-source information, including extremist-affiliated social media, to improve its ability to provide tactical warnings…” And separately, the Senate Intelligence Committee recommends that the “IC should expand its capabilities to conduct analysis of open source information including extremist-affiliated social media particularly in areas where it is hard to develop human intelligence or there has been recent political upheaval. Analysis of extremist-affiliated social media should be more clearly integrated into analytic products, when appropriate.”

Ironically, all these pieces of evidence and clues could have been very effectively gathered with specially designed investigation software that runs $945 a seat.

And speaking of written reports issued last week by prominent organizations that address the compelling trend of social media evidence, Gibson Dunn released their 2013 Year-End Electronic Discovery and Information Law Update. In a section dedicated to social media, the Gibson Dunn Update notes that “the number of cases involving social media evidence continues to skyrocket,” and that “Commentators and courts alike have noted that the use of social media evidence has become commonplace across all types of litigation.” The Update covers several cases, many of which have been addressed on this blog, involving key legal issues related to social media. It’s a good read, and is not unlike the Senate Intelligence Committee’s Benghazi report, in that both underscore the critical importance of social media evidence, for both reactive and proactive investigations of many stripes.

1 Comment

Filed under Social Media Investigations, Uncategorized

eDiscovery Software Industry Faces Transition

changes aheadRecently, the eDiscovery and litigation support field has seen many developments reflecting a significant shift in the eDiscovery software industry. Greg Buckles and Barry Murphy of The eDiscovery Journal report in several articles and notes in the past few weeks that they see a palpable transition away from software back towards services by corporations seeking to address their eDiscovery requirements. So not surprisingly, there had been various reports indicating reductions in force at several of the top eDiscovery software providers.

Not to pick on Guidance Software, my former company, but they are publically traded and recently disclosed their aggressive cost-cutting measures. In their PowerPoint presentation, Guidance states that the eDiscovery software field “is maturing…not as many large deals available there” resulting in a strategy for the company to refocus on core computer forensics and computer security, and to pivot toward profitability over topline revenue growth. And I don’t think what Guidance is experiencing is much different than from what many other eDiscovery software firms in the space are going through.

And neither does industry analyst Barry Murphy. “Based on what I see, KCura with their Relativity product is doing well, and I think there has been some good growth in the mobile forensics space, and X1 has done well with X1 Social Discovery in terms of growth and customer acquisition. Other than that, it seems that the remaining eDiscovery software companies are either contracting or experiencing only very modest growth.”

Part of the problem is that many aggressive enterprise eDiscovery deployments never achieve their promise of global scalability. A little over a year ago, the CEO of another eDiscovery and forensics software firm publicly claimed that enterprise-wide Autonomy implementations for eDiscovery, in his opinion, never really worked that well from what he could see. Without commenting on or taking a position on the accuracy of that assertion, the article does reflect broader frustrations I have heard from IT and in-house counsel about eDiscovery software in general that claims to be an end-to-end solution for aggressive and enterprise-wide deployments. As a result, many corporate legal departments and corporate IT have opted to continue to outsource eDiscovery to service providers over attempting to implement enterprise-wide solutions.

On the other hand, and reflective of this trend, services firms in this space are apparently doing quite well and their numbers are growing. There are clearly hundreds, if not over a thousand consulting firms, in North America providing eDiscovery consulting services. In just one metric, two years since we launched X1 Social Discovery, nearly 200 eDiscovery and computer forensics firms have become paying customers, and many more are currently evaluating. Some firms have a single license of X1, many have multiple, even dozens. I think those figures reflect both the number of service providers in this space and the aggressive spending behavior from the providers.

I also think, and of course being biased, that with X1 Social Discovery gaining over 400 paid install sites in just two years since the launch of the product, with 250 percent increase in annual sales in 2013, is quite an accomplishment especially given the status of this market. I think that reflects both the quality of X1 Social Discovery as well as the compelling use case of the collection and preservation of social media data for discovery and investigative purposes. So I want to take this opportunity to thank our customers for making 2013 a great year for us and driving the further development and enhancements of our products.

I’m looking forward very much to Legal Tech New York this year, both to meet with our customers old and new, and to speak with some fellow executives about how they are adapting to the changes in the eDiscovery market and opportunities in 2014. I hope to see you there!

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery, Social Media Investigations