Tag Archives: investigation

SharePoint Search: Beyond eDiscovery

by Barry Murphy

I had the pleasure of conducting a SharePoint eDiscovery webinar with Patrick Burke of Reed Smith for the OLP last week.  The subject is fascinating because finding, preserving, and reviewing SharePoint content in the litigation/investigation context can be so challenging.  The metadata users add to content (e.g. workflow tasks), the web page interface that creates more native ESI than just a document, and the decentralization of SharePoint deployments make eDiscovery for SharePoint a topic unto itself.  Often lost in this topic is the issue of end-user search of SharePoint.

When I talk about end-user search in SharePoint, most people just assume that the search functionality baked in to the product (Microsoft acquired FAST Search & Transfer several years back) is enough.  In some cases, that will be correct, but in others it does not work to give business users efficient access to information.  Some companies have standardized on SharePoint as an enterprise content management (ECM) platform while others have some departments that use SharePoint for sharing files and managing specific business processes.  In either situation, the reality is that business workers store information in multiple places – SharePoint, email, network file shares, etc.  To find that information is often a frustrating task of switching from application to application only to have a subpar search experience.

Consider the screenshot below of a search experience in SharePoint:

SharePoint blog 1

Click to enlarge

The experience leaves something to be desired in that I have to execute several more clicks on the left to do any kind of filtering and, in the result set itself, it is very difficult to know if any of these are the document I am looking for because I can’t see the document itself.  I would need to open it first.  In addition, as a business worker, I probably don’t know if I should be looking in email, file shares, or SharePoint for the document I need.  I know I saw it somewhere, but can’t remember where.  In this search experience, if I don’t find what I am looking for in SharePoint, I now have to go search my email and then my file system.  It adds up to a waste of time.

Now, consider a unified, single-pane-of-glass approach:

SharePoint blog 2

Click to enlarge

In this user interface, I can search across email, files, and SharePoint.  I can see a full-fidelity preview of the attachment.  I can refine on any kind of metadata.  It is a positive search experience that is helpful and allows me to be efficient.  More and more people realize now that this unified access to information is critically important. That may be why SharePoint guru Joel Oleson said, after a X1 Search 8 product demo, “the great news is seeing unified search across the variety of platforms [email, file shares, SharePoint] in a single powerful desktop product priced very reasonably.”  It’s because business workers really do need that unified interface across all information.  To be forced to move from email to SharePoint just to run a search can be frustrating and time consuming.  For SharePoint administrators, not having to worry about a user’s search experience in SharePoint is liberating.  When business workers and IT administrators are both happy, the world is a better place.

Read Joel Oleson’s complete review of X1 Search 8 here >

 

Leave a comment

Filed under Cloud Data, Enterprise eDiscovery, Enterprise Search, SharePoint, Uncategorized

Discovery Templates for Social Media Evidence

Book coverAs a follow-up to the highly popular Q&A last week featuring DLA attorneys Joshua Briones and Ana Tagvoryan, they both have graciously allowed us to distribute a few of their social media discovery templates found in the appendix of their book:  Social Media as Evidence: Cases, Practice Pointers and Techniques, published by the American Bar Association, available for purchase online from the ABA here.

The first template is deposition questions relating to social media evidence. The second is a sample of special interrogatories. They can be accessed at this link. Thanks again to Joshua and Ana for their insightful interview, and for providing these resources.  Their book contains many more such templates and practice tips, including sample document requests, proposed jury instructions, client litigation hold memorandums with a detailed preservation checklist, preservation demand letters, and much more.

In other social discovery news, the ABA Journal this month published an insightful piece on social media discovery, featuring attorney Ralph Losey, with a nice mention of X1 Social Discovery. In a key excerpt, the ABA Journal acknowledges that “there is a pressing need for a tool that can monitor and archive everything a law firm’s client says and does on social media.”  The article also noted that more than 41% of firms surveyed in Fulbright’s 2013 annual Litigation Trends report, acknowledged they preserved and collected such data to satisfy litigation and investigation needs, which was an increase from 32% the prior year.

Another important publication, Compliance Week, also highlighted social media discovery, where Grant Thornton emphasizes their use of X1 Social Discovery as part of the firms anti-fraud and data leakage toolset. Incidentally,  when determining whether a given eDiscovery tool is in fact a leading solution in its class, in our view it is important to look at how many consulting firms are actually utilizing the technology, as consulting firms tend to be sophisticated buyers, who actually use the tools in “the front lines.” By our count we have over 400 paid install sites of X1 Social Discovery and over half of those – 223 to be exact – are eDiscovery and other digital investigation consulting firms. We believe this is a key testament to the strength of our solution, given the use by these early adopters.

Leave a comment

Filed under Best Practices, eDiscovery & Compliance, Social Media Investigations

Social Media Evidence at the Center of the A-Rod Suspension

Earlier this month, Major League Baseball took the unprecedented step of suspending a star player, Alex Rodriguez, for two years due alleged illegal use of performance enhancing drugs (PEDs). A-RodWhile the suspension of one of baseball’s greatest players of all time made the headlines, the critical role social media evidence played in tying “A-Rod” to Biogenesis, the company which allegedly provided him with the PEDs, is an important sub-story. While we are not at liberty to discuss any details of the social media investigation software used by any of the parties, this Associated Press report describes a detailed, thorough and highly professional investigation of the social media evidence involved.

Specifically, investigators collected key evidence from publically available Facebook posts and Tweets from associates of the targets, which apparently proved to be the most effective source of evidence. Per the AP: “Baseball investigators examined the Facebook pages of (Biogenesis founder Anthony) Bosch and Porter Fisher, the former Biogenesis associate who gave documents to the newspaper. They began to sketch out which people they were friends with, and which of those friends posted photos of athletes or mentioned athletes. Each link led to new loops that provided leads.”

In response to the investigation, MLB players’ union general counsel David Prouty noted that social media evidence “adds a layer of proof that certainly wasn’t available many years ago.”

This type of thorough investigation of publically available social media evidence is only possible with best practices technology that enables scalable and automated collection of up to millions of items preserved and organized in a single case in an instantly searchable and reviewable format.

Given its very high profile and the high stakes involved (The suspension could cost A-Rod over $100 million) the A-Rod case represents a seminal development in the field of social media and Internet investigations. According to the media reports, this is not a situation where social media evidence merely served a supporting role, but was a difference-maker that apparently formed the basis of the suspension.

No need to comment further.

Leave a comment

Filed under Best Practices, Social Media Investigations

Live Social Media Evidence Capture from Today’s Vegas Strip Shooting

Unfortunately, a tragic event transpired this morning in Las Vegas leaving three people dead and at least three others injured after a shooting and fiery six-vehicle crash along the Strip. According to reports, at about 4:20 a.m. someone in an SUV opened fire into a Maserati that had stopped at a light. The Maserati moved into the intersection at Flamingo Road and collided with a taxi, starting a chain of crashes that involved four other vehicles. Our thoughts and prayers are with the victims and their families.

Given the criminal investigation and civil liability implications of this event, we wanted to demonstrate the new important capabilities of X1 Social Discovery to immediately identify, preserve and display geolocated Tweets (and often Instagram posts) at or near the scene immediately before, during and after the incident. X1 Social Discovery is now able to map a given location, such as a city block or even a full metropolitan area, and search the entire public Twitter feed to identify any geolocated tweets that have been made in the past three days (sometimes longer) within that designated area, as well as to capture any new tweets within that area going forward. As illustrated below, this capability is extremely useful for law enforcement, corporate security and civil litigators.

When we learned of the Vegas incident, we mapped the general area of the strip  and within seconds, all the recent Tweets from the past several hours were populated within the grid and collected within X1 Social Discovery.

Accident 4

From there, we were able to sort those tweets within the interface and identify some key Tweets made immediately after the incident, such as this post:

Accident 5

Accident 2

We are able to sort and identity the exact time (in GMT) of the posts in question as well as associated metadata.

Accident 3

Here is another post below. Both this example and the one above contain notable intel in the comments, suggesting the possible identity of one of the victims, as well as a reference to another posted picture on Instagram. This reflects the utility of X1 Social Discovery’s ability to collect not just the social media post, but the comments thereto in real-time.

Accident 1

This feature can also be employed proactively, to map an area around a school, an embassy, an oil drilling facility overseas, or other critical infrastructure assets to collect and store any geolocated tweets in real time. But of course in order to take full advantage of this ability to gather key evidence such as the evidence, posted above, you need to own the software at the time of the incident.

2 Comments

Filed under Social Media Investigations

The Global De-Centralized Enterprise: An Un-Met eDiscovery Challenge

Enterprises with data situated within a multitude of segmented networks across North America and the rest of the world face unique challenges for eDiscovery and compliance-related investigation requirements. In particular, the wide area networks of large project engineering, oil & gas, and systems integration firms typically contain terabytes of geographically disparate information assets in often harsh operating environments with very limited network bandwidth. Information management and eDiscovery tools that require data centralization or run on expensive and inflexible hardware appliances cannot, by their very nature, address critical project information in places like Saudi Arabia, China, or the Alaskan North Slope.

Despite vendor marketing hype, network bandwidth constraints coupled with the requirement to migrate data to a single repository render traditional information management and eDiscovery tools ineffective to address de-centralized global enterprise data. As such, the global decentralized enterprise represents a major gap for in-house eDiscovery processes, resulting in significant expense and inefficiencies. The case of U.S. ex rel. McBride v. Halliburton Co. [1]  illustrates this pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once. [2]

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase instead of culling, filtering and searching the data at the point of collection drove up the costs.

Despite the burdens associated with the electronic discovery of distributed data across the four corners of the earth, such data is considered accessible under the Federal Rules of Civil Procedure and thus must be preserved and collected if relevant to a legal matter. However, the good news is that the preservation and collection efforts can and should be targeted to only potentially relevant information limited to only custodians and sources with a demonstrated potential connection to the litigation matter in question.

This is important as the biggest expense associated with eDiscovery is the cost of overly inclusive preservation and collection. Properly targeted preservation initiatives are permitted by the courts and can be enabled by adroit software that is able to quickly and effectively access and search these data sources throughout the enterprise. The value of targeted preservation is recognized in the Committee Notes to the FRCP amendments, which urge the parties to reach agreement on the preservation of data and the key words, date ranges and other metadata to identify responsive materials. [3]  And In re Genetically Modified Rice Litigation, the court noted that “[p]reservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.” [4]

However, such targeted collection and ECA in place is not feasible in the decentralized global enterprise with current eDiscovery and information management tools. What is needed to address these challenges for the de-centralized enterprise is a field-deployable search and eDiscovery solution that operates in distributed and virtualized environments on-demand within these distributed global locations where the data resides. In order to meet such a challenge, the eDiscovery and search solution must immediately and rapidly install, execute and efficiently operate in a localized virtualized environment, including public or private cloud deployments, where the site data is located, without rigid hardware requirements or on-site physical access.

This is impossible if the solution is fused to hardware appliances or otherwise requires a complex on-site installation process. After installation, the solution must be able to index the documents and other data locally and serve up those documents for remote but secure access, search and review through a web browser. As the “heavy lifting” (indexing, search, and document filtering) is all performed locally, this solution can effectively operate in some of the harshest local environments with limited network bandwidth. The data is not only collected and culled within the local area network, but is also served up for full early case assessment and first pass review on site, so that only a much smaller data set of potentially relevant data is ultimately transmitted to a central location.

This ground breaking capability is what X1 Rapid Discovery provides. Its ability to uniquely deploy and operate in the IaaS cloud also means that the solution can install anywhere within the wide-area network, remotely and on-demand. This enables globally decentralized enterprises to finally address their overseas data in an efficient, expedient defensible and highly cost effective manner.

If you have any thoughts or experiences with the unique eDiscovery challenges of the de-centralized global enterprise, feel free to email me. I welcome the collaboration.

___________________________________________

[1] 272 F.R.D. 235 (2011)

[2] Id at 240.

[3] Citing the Manual for Complex Litigation (MCL) (4th) §40.25 (2)):

[4] 2007 WL 1655757 (June 5, 2007 E.D.Mo.)

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery