Category Archives: Case Study

eDiscovery Collection 3.0: Much Better, Much Faster, Much Cheaper

In his recent blog post, X1 CEO Craig Carpenter discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution. As Craig pointed out, in the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

Desktop_virtualization

Craig outlined how endpoint forensic imaging are still employed on a limited basis. Many companies have also tried network crawling methods with repurposed forensic tools. (A “collection 2.1” method, if you will).  While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs. As such, this network crawling based architecture is fundamentally flawed and cannot scale.

What is needed is the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares, and return results within minutes instead of days or weeks. The approaches outlined above and by Craig Carpenter do not come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Solving this collection challenge once and for all is basis for X1 Insight and Collection, which is our eDiscovery collection 3.0 solution.  X1 Insight and Collection (XIC) enables enterprises to quickly and easily search across up to thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, XIC is the first product to offer true and massively scalable distributed data discovery across an organization. XIC replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of XIC, imagine being able to perform multiple, detailed, Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by XIC by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to either a central location, or uploaded directly to Relativity, using Relativity’s import API where all data is seamlessly ready for review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata. Here is a recording of a live public demo with Relativity, showing the very fast direct upload from XIC straight into RelativityOne.

This effort described above — from iterative, distributed search through collection and transmittal straight into Relativity from hundreds of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well, and could even dwarf collection costs through unnecessary attorney review time.

XIC operates on-demand where your data currently resides — on desktops, laptops, servers, or even the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

As Relativity Product Manager Barry O’Melia said in the live X1/R1 integration demo, it is something you have to see for yourself to believe. So please check out the demo here, or contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, Enterprise eDiscovery, Uncategorized

X1 Insight and Collection & RelativityOne Integration: Testing and Proof of Concept

Editor’s Note: The following is a blog post published by eDiscovery expert Chad Jones, Director at D4 Discovery, regarding D4’s extensive testing and validation of the integration of R1 and X1 Insight and Collection.  It is republished here with permission. 

Discovery is a complicated business. For a typical litigation, there are at least five separate stages, collection, processing, review, analysis, and production, and while the average discovery period lasts eight to ten months, the matters themselves can run for years. During the lifecycle of a common eDiscovery project, these five stages are usually performed by several different parties, which further complicates the process by introducing a variety of hand-offs and delays between organizations and individuals.

The proof of concept that follows was designed to validate Insight and Collection, a product created by X1 Discovery, Inc, and that now features a direct upload to Relativity and RelativityOne. With this product, X1 proposes to streamline the five-stage process by allowing enterprises to search locally, collect those search hits, process the results and push them directly to RelativityOne in a matter of minutes.

To evaluate the viability of the X1 Insight and Collection, D4, LLC. designed and executed the following Proof of Concept (POC). A leader in forensic collection services and a seven-time Relativity Best in Service, Orange Levelhosting partner, D4 staff leveraged its expertise in end to end eDiscovery to implement the workflow and document the results.

Background

Project

eDiscovery is a multi-stage process with a series of hand-offs between disconnected parties. This process can be extremely expensive and error prone. In addition to the costs, the time to review can often span weeks or even months to complete.

Stakeholders

Those who stand to benefit from X1 Insight and Collection are business and organization leaders looking to manage and control the cost and risks of discovery.

Solution Features and Benefits

There are several features of the X1 Insight and Collection: search-in-place, early case assessment visualizations, remote collection, processing on demand, publish to review in RelativityOne. Searching in place on the local machine has several benefits. It prevents needless over collection and saves the end user from the hassle of turning over her machine and losing productivity. It also gives case teams the opportunity to iterative refine search terms and review search hits on the fly.

Finally, searching in place replaces the need to collect data and load to a master repository for indexing and searching. This includes email containers – the ability to index, search and collect all email in place on the custodian’s computer or the corporate Exchange server without the need to migrate the entire container or full account is a strong and unique capability. With X1’s remote collection, once users target the specific files and emails they need, they can immediately collect and process that information. Once collected and processed, enterprise users have the option of creating standard load files or sending text, metadata and native files directly to RelativityOne.

Practical Details of POC

To test and vet the software, D4 built a mini-cloud environment, consisting of five custodian machines; one enterprise server; and one client server meeting the specs listed below:

Server 1

  • OS: Microsoft Server 2012 R2
  • CPU: 2.6 GHz minimum 8 processors
  • Memory: 16 GB RAM
  • Disk: 180 GB free hard disk space (software)
  • Disk 2: 1TB for collected data (or available network drive)

Server 2

  • OS: Microsoft Server 2012 R2
  • CPU: 2.6 GHz minimum 8 processors
  • Memory: 32 GB RAM
  • Disk: 180 GB free hard disk space (software)

Testing Desktop: (QTY 5)

  • OS: Microsoft Windows 7, 8 or 10
  • CPU: 1.8 GHz minimum 2 processors
  • Memory: 8 GB RAM

On each custodian machine we placed a mix of email and non-email data. From these data sets we ran a series of tests from which we collected data.

Although X1 Insight and Collection provides a variety of workflows allowing for a complex collection strategy, for the purposes of this proof-of concept, the collection was limited to a simple Boolean query of common football related terms across Enron data. We made two separate collections of email data: a collection to disc with load files and a collection direct pushed to RelativityOne. The terms used in the POC were: “football OR game OR trade OR QB OR league OR cowboys OR longhorns OR thanksgiving OR player.” Following the collections, the results of the load file export were test loaded to Relativity and the results of the dataset published direct to RelativityOne were evaluated in that workspace.

Test Results

The testing process considered four main areas: documenting search results; documenting upload/download times; metadata validation; and reports and exception handling. To test the search results the loaded data was indexed, and searches run to confirm the results. In both load formats, the search results remained the same as shown below.

It is important to note that in Relativity only the text was searched while in X1 all metadata was also included in the search. This is a common difference between review platforms and collection tools, as collection tools are able to search all components of the file, while review is limited to extracted metadata fields only.

Additional tests were performed to document search and exports speeds. One of the components of X1 Insight and Collection is its collection module which sits on the client server and manages the collection from a central location. In the initial test, we chose to export the files to disc and create a load file, while in the second test we leveraged X1s integration with RelativityOne and upload data to Relativity’s cloud instance via the Relativity API.

In both cases, the results proved that X1 is incredibly powerful. Each time the system executed saved searches on five separate machines, pulled the data to the client server, extracted text and metadata and then either generated a load file or sent the deliverable straight to the cloud and into Relativity – all within minutes. The results, shown below, are amazing. In both cases the system completed all steps in under 13.5 minutes. Additional tests were performed to document search and exports speeds.

One of the components of X1 Insight and Collection is its collection module which sits on the client server and manages the collection from a central location. In the initial test, we chose to export the files to disc and create a load file, while in the second test we leveraged X1s integration with RelativityOne and upload data to Relativity’s cloud instance via the Relativity API. In both cases, the results proved that X1 is incredibly powerful. Each time the system executed saved searches on five separate machines, pulled the data to the client server, extracted text and metadata and then either generated a load file or sent the deliverable straight to the cloud and into Relativity – all within minutes. The results, shown below, are amazing. In both cases the system completed all steps in under 13.5 minutes.

Further testing showed that while X1 gets the essential metadata components extracted from the data, there are some features we are used to seeing in established eDiscovery processing tools that are lacking in this product. We also found the exception reporting to be lacking. In our RelativityOne tests, we found 40 files were excluded from upload, yet when reviewing the available exception reporting we had trouble seeing what caused those file failures. These issues notwithstanding, the POC proved successful. X1 Insight and Collection proved to be a powerful search engine and collection tool, capable of collecting over 6,000 documents from five separate machines and uploading those files to RelativityOne in less than fifteen minutes!

Conclusion

X1 Insight and Collection offers multiple benefits to the enterprise user looking to take control of the eDiscovery life cycle. By simplifying the course of an eDiscovery project, X1 limits the number of touch points in the traditional vendor-driven process. Internal users can search and vet terms in real-time before collection. This not only mitigates the opportunity for error, but it greatly reduces the time to review, which is what this solution really seems to be all about. X1 seems to have been designed with the internal investigation in mind. Offering a light tagging feature, X1 gives users a light ECA option that with a couple mouse clicks becomes a collection and processing tool that connects directly to all the features of RelativityOne. When combined with Relativity ECA, Analytics and Active Learning, this might be all the solution the typical enterprise would need.

Leave a comment

Filed under Best Practices, Case Study, compliance, eDiscovery, Enterprise eDiscovery, Information Governance, reviewing

Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

The dark web is a component of the World Wide Web that is only accessible through special software or configurations, allowing users and website operators to remain anonymous or untraceable. The dark web forms a small part of the deep web, which is the part of the Web not indexed by web search engines. The dark web has gained more notoriety over the past few years and several large criminal investigations have resulted in seizures of both cryptocurrencies and dark web pages and sites. Criminal enterprises involving counterfeiting, hacking, ID and IP theft, narcotics, child pornography, human trafficking, and even murder for hire seek a haven in the mist of encrypted communications and payment, such as Bitcoin, to facilitate their nefarious schemes. dark web

While mining the dark web is critical for many law enforcement investigations, we are also seeing increased focus on this important evidence in civil litigation. Fero v. Excellus Health Plan, Inc., (Jan. 19, 2018, US Dist Ct, NY), is one recent example. Fero arises out of a data breach involving healthcare provider Excellus Health Plan, Inc. According to the complaint, hackers breached Excellus’s network systems, gaining access to personal information millions of individuals, including their names, dates of birth, social security numbers, credit card numbers, and medical insurance claims information. The Plaintiffs brought a class action asserting claims under various federal and state laws.

Initially, the court dismissed the plaintiffs’ case, citing a failure to establish damages and actual misuse by the hackers who allegedly stole their information. However, after conducting a more diligent investigation, the plaintiffs submitted with their motion for reconsideration evidence that the plaintiffs’ PII was placed on the dark web.  This evidence was summarized in an expert report providing the following conclusion:  “it is my opinion to a reasonable degree of scientific certainty that PII and PHI maintained on the Excellus network was targeted, collected, exfiltrated, and put up for sale o[n] DarkNet by the attacker for the purpose of, among other things, allowing criminals to purchase the PII and PHI to commit identity theft.”  Fero, at 17.  Based on this information, the court granted the motion for reconsideration and denied the defendant’s motion to dismiss. In other words, the dark web evidence was game-changing in this high-profile class action suit.

Cases like Fero v. Excellus Health Plan illustrate that dark web evidence is essential for criminal and civil litigation matters alike. Dark Web investigations do require specialized knowledge and tools to execute. For instance, X1 Social Discovery can be easily configured to conduct such dark web investigation and collections.

Recently, Joe Church of Digital Shield led a very informative and instructive webinar on this topic. Joe is one of the most knowledgeable people that I’m aware of out there on dark web investigations, and his detailed presentation did not to disappoint. Joe’s presentation featured a concise overview of the dark web, how its used, and how to navigate it. He included a detailed lesson on tools and techniques needed to search for and investigate key sources of evidence on the dark web. This webinar is a must see for anyone who conducts or manages dark web investigations. Joe also featured a section on how to specifically utilize X1 Social Discovery to collect, search and authenticate dark web evidence. You can review this very informative 30 minute training session (no sign in required) by visiting here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, Cloud Data, dark web, eDiscovery, Preservation & Collection, Social Media Investigations, Uncategorized

SEARCH REVEALS HUNDREDS OF IMPROPER JUROR SOCIAL MEDIA POSTS PER DAY (PART 2)

In response to our post two weeks ago identifying widespread social media abuse by jurors that could quite possibly lead to mistrials, a frightened prosecutor and others have inquired about how exactly juror’s social media data should be collected and what the various techniques are. So this follow-up post discusses the mechanics of proactively monitoring jurors that are both empaneled and potential members of your pool.

First and foremost, it is important to understand what not to do. Do not fire up Twitter.com and start following jurors. They will receive a notice that they’re being followed, which is improper under various legal ethics rules. Also, it is not effective technically, as you cannot access or search past tweets very effectively (which are often just as important as ones in real time), and it is very difficult to monitor up to several dozen jurors in your pool.

The right software will allow you to employ several techniques and methods, which are most effective when used in conjunction to comprehensively and ethically search for all publicly available juror social media.

The first method is to set a geo-fence around the courthouse and immediate area. This will collect tweets and Instagram posts in real time, as well as going back several days if needed, to collect any tweet that is geo-located in that area. Here is an example of such an effort:geo fence

Another advantage of this method is that it will capture any geo-located social media posts by not only jurors at the courthouse but also by opposing counsel or witnesses, which happens more often than you would think. Expert witnesses in particular can be prolific on social media as they promote their services and their personal brand. They also often Tweet and share approvingly links to industry articles and blog articles, which can then be considered to be part of their opinion record.

The second method is to set keywords such as #juryduty or “jury duty” across the public feed of social media sites. This will cast a wider net, returning posts from all over the country if not the world. But with the right tools you can quickly be able to filter out the ones that are within your geographical location. This will also capture posts that are not Geotagged by the user.  If your case has any media attention, even just locally or within industry media verticals, it is a very good idea to set up keywords that can identify any mention of your case in public feeds.

And just for fun, here are the top 5 controversial juror posts from just the past few days:

bad tweets

And finally, once you have identified an impaneled juror or a member of the potential pool, and have their social media profile names,  you can quickly and anonymously collect all their past and ongoing public social media content through special software such as X1 Social Discovery. This also has the advantage of instantaneous and unified search across all available social media streams from multiple jurors. You also can set up email alerts so that if a juror or other person of interest posts anything, you will immediately be alerted to that post. This is also an effective technique when following opposing counsel or key witnesses. And it’s often a good idea to your monitor your own clients as well.

For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

1 Comment

Filed under Best Practices, Case Study, Legal Ethics & Social Media, Social Media Investigations, Uncategorized

Search Reveals Hundreds of Improper Juror Social Media Posts Per Day

The Federal Judicial Center (“FJC”) recently published a report surveying 952 federal district court judges to identify the scope of jurors’ improper use of social media during trial and how the courts are addressing the problem. The FJC’s report, Jurors’ Use of Media During Trials and Deliberations, reflects that despite various prevention efforts, jurors continue to use Facebook, Twitter, Google and other sites in several, and that the courts continue to struggle to detect such usage. According to the survey results, 30 judges identified incidents of improper juror social media usage,

Such misconduct can easily result in a mistrial or even reversal of judgement. In State v. Smith, Sept. 10, 2013, the Tennessee Supreme court vacated a first degree murder conviction on the sole grounds that one of the jurors communicated with a prosecution witness during trial via Facebook. The court lamented that Internet and social media “has exponentially increased the risk….of extra-judicial communications between jurors and third parties.” This decision is but one example of this common occurrence of juror misconduct through social media use, requiring attorneys and jury consultants to engage in on-going passive monitoring of publicly available social media information.

In fact we recently did our own search of the Twittersphere with X1 Social Discovery, and uncovered several hundred improper Juror tweets in a single day (1/13/2016). Here is a small sampling:

juror tweets

 

 

 

 

 

 

 

 

 

 

 

 

 

(click to enlarge)

It is thus no surprise lawyers are increasingly using Twitter to investigate and monitor potential and impaneled jurors. However, this type of monitoring activity can lead to serious attorney ethics violations if direct or even indirect communications are sent to the juror as a result of such monitoring activities. (See e.g. New York County Law Association Formal Opinion No. 743, May 18, 2011). Proxies hired by attorneys, including eDiscovery service providers, investigators and jury consultants are subject to these restrictions, which can also apply to social media communications with witnesses or opposing parties who are represented by counsel.

For this reason, X1 Social Discovery features a specialized “public follow” feature that enables access to all the past Tweets of a specified user (up to 3200 past tweets) and any new Tweets in real-time without generating a formal “follow” request with the resulting problematic communication.. These legal ethics rules concerning indirect social media communications underscores the importance of employing best practices technology to search and collect social media evidence for investigative and eDiscovery purposes.

Collecting evidence in a manner that prevents, or at minimum, does not require that attorneys and their proxies directly or indirectly communicate with the subjects from whom they are collecting social media evidence is a core requirement for solutions that truly address investigative and eDiscovery requirements for social media. In addition to preserving and authenticating social media evidence in a proper manner, X1 Social Discovery provides fast and comprehensive searching of the data in a manner unmatched by any other technology.

It can even potentially prevent a possible mistrial through early detection of a juror’s improper Tweets or Facebook postings.

UPDATED:  Attorney Ignatius Grande, co-chair of the New York State Bar Committee on Social Media, contacted me in response to this post, to point to the Committee’s recently published Social Media Jury Instruction Report. The report describes the scope and challenges from juror social media use during voir dire and trial, as well as proposed amendments to standard jury instructions address such juror misconduct.

 

Leave a comment

January 27, 2016 · 6:12 PM