Category Archives: law firm

October 4, 2022 · 9:49 AM

Flawed Collection Methods Prevent TAR and Other Applications of Analytics on Social Media Evidence

By John Patzakis

Every litigator and eDiscovery practitioner is aware of the critical importance of analytics as a tool to support their cases. AI-driven analytics supercharges compliance investigations, data security, privacy audits, and Technology Assisted Review (TAR) of documents, emails, social media and other web-based items. AI machine learning employs mathematical models to assess enormous datasets to gain deep insights into key information. This enables the identification of discrete and hidden patterns in thousands of emails, social media posts and other electronic files to categorize and cluster documents by concepts, content, or topic.

However, it is important to understand that such a powerful capability requires the extracted text and metadata of the subject documents, emails and social media posts. So when examiners resort to screenshots, including flat file PDF image captures, this prevents the use of game-changing analytics in your case. Screenshots do not natively preserve the subject text or metadata and are useless if fed into analytics engines. This is a major disconnect with many eDiscovery practitioners who may not fully understand that by utilizing print screen, they are forfeiting their clients’ ability to utilize otherwise game-changing analytics on the social media and other web-based data they are collecting.

Bobby Malhotra, eDiscovery team co-lead at Munger Tolles highlighted this point in a recent webinar addressing the importance of native file collection for social media evidence: “If you are on a matter that is going to be very data intensive in terms of collecting voluminous amounts of data from social media sites, and you are going to need to mine through that data to understand what happened and get the relevant context (with an AI engine) the only way to really do that is to collect the full text and metadata, and so, screenshots will not suffice.” Malhotra emphasized that this is a “really critical point regarding the analytics process as a lot of people don’t think about that.”

In fact, not only will screenshots omit text and metadata, the screenshot will create a false record if introduced into the review and analytics workflow as the metadata of the screenshot itself will be completely different that the metadata of the original native object. For these reasons, it is important under an attorney’s duty of competency related to eDiscovery technology, to understand the implications of not collecting social media and web based evidence in native format, and strongly consider utilizing best practices technology to properly collect and preserve this critical source of evidence.

Leave a comment

Filed under Authentication, Best Practices, Data Audit, eDiscovery & Compliance, ESI, law firm, Preservation & Collection, Social Media Investigations, Social Media Metadata

Tagged as , , , , ,

April 5, 2022 · 12:22 PM

ILTA eDiscovery Survey Highlights Targeted ESI Collection as the Preferred Methodology

By John Patzakis


The International Legal Technology Association (ILTA) recently published a very informative and comprehensive law firm eDiscovery practice survey, “2021 Litigation and Practice Support Survey.” ILTA received responses from litigation support professionals from 82 different law firms ranging in size from medium to large, on a variety of subjects, including eDiscovery practice trends and software tool usage. While the survey addresses a variety of aspects of legal tech and litigation, the survey reveals a couple of very notable insights regarding ESI collection in the enterprise.

The first important insight reflects that targeted ESI collection is the clear preferred method over forensic collection for litigation support purposes. Fifty-nine percent of respondents preferred “targeted collection (non-forensic)” as their standard methodology, while 13 percent still preferred forensic imaging. Forensic collection is rightfully on the decline as a method of ESI collection, as legal counsel seeks to leverage proportionality concepts that greatly reduce cost, time and risk associated with otherwise inefficient eDiscovery.

However, attaining the benefits of targeted collection requires the ability to operationalize workflows as far upstream in the eDiscovery process as possible. For instance, when you’re engaging in data over-collection, which in turn runs up of a lot of human time and processing costs, the ship has largely sailed before you are able to perform early case assessments and data relevancy analysis, as much of the discovery costs have already been incurred at that point. The case law and the Federal Rules provide that the duty to preserve only applies to potentially relevant information, but unless you have the right operational processes in place, you’re losing out on the ability to attain the benefits of proportionality. That is why we see forensic imaging, the epitome of data over-collection, on a steep decline.

The second notable takeaway was that network file shares and “loose files” were the most common form of collection data sources, even outpacing email. Network file shares are a significant challenge with data volumes, typically 10 to 20 terabytes, but can be much higher. Nearly every company and government agency maintains such large file shares, sometimes hundreds of them, depending on the size of the organization. Large network file shares can be found on premise or in a company’s cloud environment.

Traditional eDiscovery collection methods fail to efficiently address these large file shares, due to significant logistical challenges. The data cannot simply be searched in-place by traditional forensics tools or other crawling methods. Consequently, the data is typically copied in bulk and then migrated to another location for processing, where the data is finally indexed and then searched and culled. This approach does not enable the targeted, proportional collection methods preferred by law firms, as noted above.

To accomplish the goals of both targeted collection and addressing large file shares, index and search in-place technology should be utilized. Indexing and search in-place in this context means that a software-based indexing technology (as opposed to an expensive and cumbersome stand-alone hardware appliance) is deployed directly onto the file server or an adjacent computing resource. This indexing occurs without a bulk data transfer of the data. Once indexed, the searches are performed in a few seconds, with complex Boolean operators, metadata filters and regular expression searches. The searches can be iterated and repeated without limitation, which is critical for large data sets.

These capabilities supporting targeted and proportional collection of loose files, emails, and large network file shares are uniquely provided in the X1 Enterprise Platform.

1 Comment

Filed under Best Practices, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, law firm, Social Media Investigations

February 15, 2022 · 11:13 AM

How X1 Social Discovery Uniquely Meets the Challenge of Social Media Evidence Collection

By John Patzakis

Social media and other web-based data is relevant to nearly every legal case and investigation. The high volume of relevant social media evidence means that lawyers are under an ethical duty of competence to address and account for it in their litigation and compliance matters. For this reason, there has been a strong demand for social media evidence collection software and services. However, Facebook, the most widely used social media platform, rolled out a completely new interface and data format last year for all of their 2.4 billion users. This broke every social media evidence tool on the market, causing a major disruption of eDiscovery and compliance workflows. In response to this major technical disruption, all other social media evidence collection tools either exited the market, changed their model to services, or provided flat file screen shots as their output…except for X1 Social Discovery.

X1 put in the work and R&D investment, so that its users would have post-level collection and parsing to ensure accuracy, key metadata collection, court authentication, and evidentiary completeness of the collected data. Nothing short of those capabilities are acceptable.

Flat file screen shots of social media are of limited value, as what they generally entail is a screenshot image file without metadata, other than what is visible on the image itself. This is problematic as there are many important but hidden metadata fields associated with social media posts that need to be parsed and populated into the appropriate fields associated with the post. Also, flat images do not enable effective text extraction, and it is impossible to cull, process, display, and apply analytics to flat file outputs in attorney review platforms such as Relativity. Associated comments to a post are not collected, or at best are truncated and not displayed in line.

Conversely, post-level native collection of social media is ideal, because it enables the collection of the social media post as a parent item with all associated metadata and comments preserved and displayed inline. This will enable the automated generation of robust load files that include date stamps and other key metadata, extracted text for searching, family post identification and associated comments. Additionally, post-level hash values can be readily generated at the point of collection for evidentiary authentication. All this enables a very fluid and scalable workflow that dramatically reduces downstream processing and review platform upload costs.

The importance of this distinction was clearly underscored by the court’s decision in Edwards v. Junior State of America Foundation, No. 4:19-CV-140-SDJ, (US Dist. CT, E.D. Texas April 23, 2021), which applied the best evidence rule to social media evidence. The plaintiffs’ had sought to offer screenshots as evidence of the Facebook communications instead of the deleted native files. The court ruled that the metadata and full context of the native files were essential to satisfy the Best Evidence Rule. The court held that screenshots were not an output that accurately reflected the substance and context of the native file, since they could not show that the messages were authentic, nor could they “be used to prove that (the Plaintiff) sent the Facebook Messages contained in the screenshots.” Failure to produce the native files prejudiced the Defendants “of the ability to substantiate or refute the authenticity of the alleged Messages.” In a key passage the court states:

Here, the screenshots will not suffice as an “original” because the screenshots are not an “output” that “accurately” reflect the information. Only native files can ensure authenticity. Additionally, although the Best Evidence Rule allows for an original “photograph” to prove the contents of the photograph, this does not mean that the screenshot here can be used to prove that Harper sent the Facebook Messages contained in the screenshots.

Edwards demonstrates that the collection and preservation of full native social media posts is vital to both that evidence’s authentication and obtaining the full context and substance of the posts under the Best Evidence Rule. The court found that screenshots, which truncate social media posts and omit key metadata, do not suffice. As a result, attorneys should be aware that courts are unlikely to find that screenshots alone are sufficient to authenticate a social media post and will likely insist on the native files.

X1 Social Discovery is the only eDiscovery solution to provide post-level parsing for Facebook timeline posts in the new Facebook format, as well as for Twitter feeds. To learn more about this important functionality, please contact us for more information.

Leave a comment

Filed under Authentication, Best Practices, Case Law, Data Audit, eDiscovery & Compliance, ESI, law firm, Preservation & Collection, Social Media Investigations, Social Media Metadata

November 30, 2021 · 10:47 AM

Case Law Update: Social Media Screenshots Held Inadmissible Under the Best Evidence Rule

By John Patzakis

The most important case of 2021 so far concerning social media evidence is arguably Edwards v. Junior State of America Foundation, No. 4:19-CV-140-SDJ, (US Dist. CT, E.D. Texas April 23, 2021). We blogged about this case earlier this year, with a focus on the spoliation issues and important positive mention of X1 Social Discovery in the court opinion, but the unique application of the best evidence rule to social media evidence is also a critical component of the ruling, and should be highlighted further as it is a very important development.

Edwards is a civil litigation matter involving the intentional destruction (spoliation) of social media evidence. The plaintiff had deleted his Facebook account resulting in lost evidence critical to the case. The court cited an affidavit submitted by an eDiscovery expert witness who noted that when X1 Social Discovery was used to collect from the Plaintiff’s Facebook account, key evidence that existed prior to the litigation was missing because it had been deleted by the Plaintiff prior to the X1 Social Discovery collection.

As a result of the spoliation established in large part by the X1 Social Discovery examination, the Court imposed severe evidentiary sanctions on the plaintiff, including the exclusion of evidence and claims related to the destroyed Facebook data, and adverse jury instructions. 

The plaintiffs’ had sought to offer screenshots as evidence of the Facebook communications instead of the deleted native files. The court ruled that the metadata and full context of the native files were essential to satisfy the Best Evidence Rule. The court held that screenshots were not an output that accurately reflected the substance and context of the native file, since they could not show that the messages were authentic, nor could they “be used to prove that Harper sent the Facebook Messages contained in the screenshots.” Failure to produce the native files prejudiced JSA, in part, because it deprived Defendants “of the ability to substantiate or refute the authenticity of the alleged Messages.” In a key passage the court states:

Here, the screenshots will not suffice as an “original” because the screenshots are not an “output” that “accurately” reflect the information. Only native files can ensure authenticity. Additionally, although the Best Evidence Rule allows for an original “photograph” to prove the contents of the photograph, this does not mean that the screenshot here can be used to prove that Harper sent the Facebook Messages contained in the screenshots.

Edwards demonstrates that the collection and preservation of full native social media posts is vital to both that evidence’s authentication and obtaining the full context and substance of the posts under the Best Evidence Rule. The court found that screenshots, which truncate social media posts and omit key metadata, do not suffice. As a result, attorneys should be aware that courts are unlikely to find that screenshots alone are sufficient to authenticate a social media post and will likely insist on the native files. To ensure this data is collected defensibly, attorneys should work with best practices software and methods to preserve and collect social media evidence and underlying metadata so that they can be properly authenticated and admitted in court.

Leave a comment

Filed under Authentication, Best Practices, Case Law, law firm, Preservation & Collection, Social Media Investigations, Social Media Metadata

July 14, 2021 · 12:54 PM

Pre-Collection Keyword Searches: Where Angels May Fear to Tread but Not Attorneys with the Right eDiscovery Software

By John Patzakis

One of the key cases involving the principles of proportionality under Federal Rule of Civil Procedure 26(b)(1), is McMaster v. Kohl’s Dep’t Stores, Inc., (E.D. Mich. July 24, (2020).  McMaster generally supports the application of a process that effectively applies proportionality on an operational basis through an iterative exercise to identify relevant custodians, their data sources, applicable date ranges, file types and agreed upon keywords. Such a targeted, automated and proportional collection process can be applied to collect only the data that is responsive to this specific criteria.

However, the main ESI dispute in McMaster was that the attorneys could not agree on a list of search terms and sought a ruling of the courts to decide on which search terms should be used. As noted by the Magistrate Judge in McMaster, “Here is another case in which the Court is called upon to decide whose competing list of search terms is better suited for the search of large amounts of electronically stored information”, citing United States v. O’Keefe, 537 F. Supp. 2d 14, 23–24 (D.D.C. 2008), which stated: “for lawyers and judges to dare opine that a certain search term or terms would be more likely to produce information than the terms that were used is truly to go where angels fear to tread.”  Judge Whalen stated: “I, for one, have no interest in going where angels fear to tread. Therefore, if the parties cannot agree on appropriately limited search terms, they will share the cost of retaining an expert to assist them. If they still cannot agree, then Plaintiff may renew his motion regarding the search terms and will provide the Court with an expert report substantiating his position.”

The parties had been engaged in a Rule 26(f) exercise, which requires the parties’ counsel to “meet and confer” in advance of the pre-trial scheduling conference on key discovery matters, including the preservation, disclosure and exchange of potentially relevant electronically stored information (ESI). A very good authority on the Rule 26(f) eDiscovery conference is the “Suggested Protocol for Discovery of Electronically Stored Information,” provided by then Magistrate Judge Paul W. Grimm and his joint bar-court committee. Under Section 8 of the Model Protocol, the topics to be discussed at the Rule 26(f) conference include: “Search methodologies for retrieving or reviewing ESI such as identification of the systems to be searched;” “the use of key word searches, with an agreement on the words or terms to be searched;” “limitations on the time frame of ESI to be searched;” and “limitations on the fields or document types to be searched.”

Kelly Twigger, one of the best and brightest eDiscovery attorneys in the field in my opinion, commented in a recent webinar that eDiscovery collection capabilities that enable an iterative search and collection process in place would allow her to make more much informed decisions on keyword strategies. Twigger noted that software that provides keyword hits and other analytics on custodian laptops, fileservers and other network and cloud sources prior to collection, would enable her “to be able to define and agree upon the right search terms” with the requesting party. Twigger pointed out that while attorneys and judges rightfully avoid “where angels fear to tread” — agreeing on keywords without any visibility into the data — that concern can be alleviated when the right processes and technology are used.  

And such technology is important, because optimizing the process of developing keyword searches is no easy task. The typical approach of blindly brainstorming a list of terms that may be relevant and running the search on a dataset to be reviewed results in a wide range of inefficiencies. Negotiations over proper usage of search terms may become onerous and contentious. Judges are often tasked with making determinations regarding the aptness of the methodology, and, as we see in McMaster, are very reluctant to do so. Thus, the use of outside expertise and leveraging indexing in place technology is beneficial in building an effective and comprehensive pre-collection search term strategy and enabling you to tread where angels fear to.

1 Comment

Filed under Best Practices, Case Law, eDiscovery, Enterprise eDiscovery, ESI, law firm, Preservation & Collection