February 3, 2021 · 10:12 AM

The Reddit Evidence Hotbed: Three Important Tips for Reddit Web Investigations

By John Patzakis and Ashley Aranega

Over the past two weeks, stock traders fueled by Reddit message boards have engaged in a classic short squeeze that could involve potentially illegal behavior. Financial crime investigators as well as corporate risk and eDiscovery teams are scouring Reddit to identify and preserve critical evidence. With the stakes high, such investigations must be performed consistent with best practices in order to properly preserve and analyze data within pressing time constraints. Here are three key tips to help investigators to be as complete and efficient as possible.

  1. Automated Web Capture with Native Format Collection is a Must

Financial investigations of this scope require the analysis of thousands if not tens of thousands of social media posts and web pages. Flat file screen grabs will not do the job because they cannot be collected at scale, readily searched, nor organized in a streamlined manner. An investigator must be able to capture a single thread expanded to include up to hundreds of comments per post or crawl an entire publicly available Reddit Account collecting up to thousands of posts by that user on an automated basis. Once captured, the data must be searched, analyzed, and tagged all in line. None of this is possible with a manual print screen effort.

  1. The Investigation Should Include Other Social Media Sources and Web Feeds

Here is a very notable Tweet from Elon Musk:

He is directing people to a Reddit board where speculative investors congregate and plan short squeeze activity. Musk’s ill-advised social media posts have gotten him into previous trouble with the SEC, and this Tweet could be pushing the envelope. It demonstrates why multiple web sources and social media accounts are essential to cross-reference and consolidate as evidence. Your social media investigation and analysis platform should enable you to search, sort, and analyze multiple social media accounts from different sources, all in the same interface. This again is impossible with screenshot based tools and workflows.

  1. Native and Granular Output is Critical

Securities fraud investigations often involve copious amounts of web-based evidence. It is extremely difficult to collect and analyze thousands of Reddit posts without the right technology. It is even more difficult to process and load those items into an attorney review platform if they are simple screenshots. Print screen as a social media evidence collection method only leads to higher costs for many reasons, namely because the resulting output is a truncated, unsearchable, flat image that fails to retain the all-important metadata. As a result, a substantial amount of secondary processing must be done to upload the social media images into a standard attorney review platform. The images must be run through OCR, the various requisite metadata fields must be manually entered, and the truncated screenshots reassembled into context, so they appear and read as they did in their original state. All this will typically cost thousands of dollars in additional processing fees.

Above is a screenshot of key Reddit evidence captured by and displayed in X1 Social Discovery. X1 Social can capture a single thread or crawl an entire Reddit account, collecting up to thousands of posts by individual users on an automated basis. Once captured by X1, the data can be effectively searched, tagged, and exported out to load file or in native format as well as PDF. X1 Social Discovery is the most comprehensive and efficient tool for Reddit collections. Tweets, Reddit posts, and other social media evidence can be exported in one fell swoop into the same deliverable. Simply put, for serious web-based securities investigations, there is no other option.

Leave a comment

Filed under Best Practices, eDiscovery, Preservation & Collection, Social Media Investigations, Social Media Metadata

January 27, 2021 · 10:28 AM

Architecting a New Paradigm in Legal Governance

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

Exponential growth and change in business strategy, risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Gone are the years of simplicity in business operations.

Managing the complexity of business from a legal and privacy perspective, governing information that is pervasive throughout the organization, and keeping continuous business and legal change in sync is a significant challenge for boards, executives, as well as the legal professionals in the legal department. Organizations need an integrated strategy, process, information, and technology architecture to govern legal, meet legal commitments, and manage legal uncertainty and risk in a way that is efficient, effective, and agile and extends into the broader enterprise GRC architecture.

In my previous blog, Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC, I began this discussion, and here I aim to expound on it further from a legal context.

Legal today is more than legal matters, actions, and contracts. Today’s legal organization has to respond to incident/breach reporting and notification laws in a timely and compliant manner, respond to Data Subject Access Requests (DSAR), harmonize and monitor retentions obligations, conduct eDiscovery, manage legal holds on data, and continuously monitor regulations and legislation and apply them to a business context.

In today’s global business environment, a broad spectrum of economic, political, social, legal, and regulatory changes are continually bombarding the organization. The organization continues to see exponential growth of regulatory requirements and legal obligations (often conflicting and overlapping) that must be met, which multiply as the organization expands global operations, products, and services. This requires an integrated approach to legal governance, risk management, and compliance (GRC) with a goal to reliably achieve objectives while addressing uncertainty and act with integrity.[1] This includes adherence to mandatory legal requirements and voluntary organizational values and the boundaries each organization establishes. The legal department, with responsibility for understanding matter management, issue identification, investigations, policy management, reporting and filing, legal risk, and the regulatory obligations faced by the organization, is a critical player in GRC (what is understood as Enterprise or Integrated GRC), as well as improving GRC within the legal function itself.

A successful legal management information architecture will be able to connect information across risk management and business systems. This requires a robust and adaptable legal information architecture that can model the complexity of legal information, discovery, transactions, interactions, relationship, cause and effect, and the analysis of information, which can integrate and manage a range of business systems and external data. Key to this information architecture is a clear data inventory and map of information that informs the organization of what data it has, who in the organization owns it, what regulatory retention obligations are attached to it, and what third parties have access to it. This is a fundamental requirement for applying process and effectively operationalizing an organization’s GRC activities, as detailed in the previous blog.

There can and should be an integrated technology architecture that extends GRC technology and operationalizes it in a legal and privacy context. This connects the fabric of the legal processes, information, discovery, and other technologies together across the organization. This is a hub of operationalizing GRC and requires that it be able to integrate and connect with a variety of other business systems, such as specialized legal discovery solutions and integrate with broader enterprise GRC technology.

The right technology architecture choice for an organization involves the integration of several components into a core enterprise GRC and Legal GRC architecture – which can facilitate the integration and correlation of legal information, discovery, analytics, and reporting. Organizations suffer when they take a myopic view of GRC technology that fails to connect all the dots and provide context to discovery, business analytics, objectives, and strategy in the real-time that a business operates in. 

Extending and operationalizing GRC processes and technology in context of legal and privacy enables the organization to use its resources wisely to prevent undesirable outcomes and maximize advantages while striving to achieve its objectives. A key focus is to provide legal assurance that processes are designed to mitigate the most significant legal issues and are operating as designed. Effective management of legal risk and exposure is critical to the board and executive management, who need a reliable way to provide assurance to stakeholders that the enterprise plans to both preserve and create value. Mature GRC enables the organization to weigh multiple inputs from both internal and external contexts and use a variety of methods to analyze legal risk and provide analytics and modeling.

[1] This is the OCEG definition of GRC.

Leave a comment

Filed under Best Practices, CaCPA, eDiscovery & Compliance, GDPR, Information Governance, Information Management, Uncategorized

January 6, 2021 · 10:43 AM

eDiscovery Collection of Large File Shares: An Unaddressed Major Pain Point

By John Patzakis

One of the major unaddressed challenges for eDiscovery and other digital investigations involves very large file servers that host shared documents. The data volumes for these file shares is typically 10 to 20 Terabytes but can be much higher. Nearly every company and government agency maintain such large file shares, sometimes hundreds of them, depending on the size of the organization. The main purpose of a file share server is to enable multiple users to access the stored files and storage space on the file repository. These servers operate as the ubiquitous central storage place of internal company files for both collaboration and data archiving purposes. As such, they are heavily used and invariably contain numerous documents with highly relevant or otherwise important information.

Traditional eDiscovery collection methods fail to efficiently address these large file shares, due to significant logistical challenges. The data cannot simply be searched in place by traditional forensics tools or other crawling methods. Consequently, the data is typically copied in bulk and then migrated to another location for processing, where the data is finally indexed and then searched and culled. There are many problems with this approach.

First, it is very time-consuming and expensive. The process involves the over-collection of a massive amount of data, and it typically takes weeks for the copying and transfer of many terabytes of data to occur. Additionally, file shares are where companies’ most sensitive data typically resides. These repositories are often rife with trade secrets, intellectual property, and sensitive personal information. There is substantial risk in having such data copied in bulk and then shipped out of the company’s possession to a third party for eDiscovery processing.

A solution to these challenges is the utilization of index and search in-place technology. Indexing and search in-place in this context means that a software-based indexing technology (as opposed to an expensive and cumbersome stand-alone hardware appliance) is deployed directly onto the file server or an adjacent computing resource. This indexing occurs without a bulk data transfer of the data. Once indexed, the searches are performed in a few seconds, with complex Boolean operators, metadata filters and regular expression searches. The searches can be iterated and repeated without limitation, which is critical for large data sets.

Recently X1 released unique and unprecedented support for large file shares to address this exact eDiscovery workflow. X1 can be deployed directly onto a large file share in question, or to a virtual machine in near proximity to the target file servers or multiple file servers. Searches can be directed to a lone file server, or federated across multiple file servers and other endpoints, including those in different geographic locations across the enterprise. This functionality can be deployed remotely, on demand without physical access being required. This is essential for geographically diverse organizations including sensitive matters overseas. Once a targeted and responsive data set is identified through this in-place search and analysis process, the data can be exported directly to Relativity or a load file generated for upload to another review platform.

As mentioned, the searching can be full-text (including regular expression) or metadata only. In a recent matter involving over 100 Terabytes of data, X1 first generated a metadata and hash value only index, which allows for immediate de-duplication, file type filtering, and culling by date range and other parameters. This facilitated the culling of the data set by 70 percent as a first step, which then allowed for the full indexing of the data subset. This capability supports both eDiscovery and data governance and privacy workflows.

X1 large file share indexing service can be deployed on premise, or in the cloud. It can also address large volumes of cloud based data on service such as Dropbox and OneDrive.  This support of large file shares is an extension of the X1 Distributed Discovery Platform.

For more information about this unique capability, please contact us for a demonstration.

Leave a comment

Filed under Uncategorized

December 22, 2020 · 11:14 AM

Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

At its core, GRC is the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE]. GRC is something organizations do, not something they purchase. They govern, they manage risk, and they comply with obligations. However, there is technology to enable GRC related processes, such as legal and privacy, to be more efficient, effective, and agile.

However, too often the focus on GRC technology is limited to the process management of forms, workflow, tasks, and reporting. These are critical and important elements, but the role of technology for GRC is so much broader to operationalize GRC activities that are labor intensive, particularly in the context of legal and privacy. Simply managing forms, workflow, and tasks are no longer enough. Organizations need to start thinking how they can integrate eDiscovery and data/information governance solutions within their core GRC architecture.

What is needed is the ability to search, find, monitor, interact, and control data throughout the business environment. GRC platforms are excellent at managing forms, workflow, tasks, analytics, and reporting. But behind the scenes there are still labor-intensive tasks or disconnected solutions that actually find, control, and assess the disposition of sensitive data in the enterprise. eDiscovery and information governance solutions have been disconnected and not strategically leveraged for GRC purposes. Together, the core GRC platform that integrates with eDiscovery and information governance technologies builds exponential economies in efficiency, effectiveness, and agility.

Specifically, an integrated GRC solution that weds the core GRC platform with eDiscovery and information governance technology delivers full value to an organization that:

  • Discovers the attributes and metadata of data no matter where it lives within the environment as a key component of GRC processes for legal and privacy compliance.
  • Enables 360° awareness to assessments by discovering the information needed to conduct and deliver assessments effectively into the core GRC platform.
  • Delivers a centralized console to interact with data/information and metadata of files on devices across the organization (such as network file shares, OneDrive, and Dropbox data).
  • Automates the ability to interact with downstream endpoints/systems to provide the ability to search the content of records for keywords and perform analysis using regular expressions and classifiers.
  • Controls data wherever it is with the ability to get to the data and analyze it from a centralized console.

An integrated approach that brings together the core GRC platform with eDiscovery and information governance technology enables the organization to discover, manage, monitor, and control data right from the central GRC platform console. It enables the organization to get centralized and accessible insight into where sensitive information is, how it is being used, and what can be done with it.

  • For example. Within the GRC platform I can initiate a search based on key words or patterns (e.g., social security number). The eDiscovery/information governance solution then finds where that information is throughout the enterprise and delivers a list of records back to the GRC platform for analysis and monitoring.

This enables an integrated GRC architecture that brings 360° contextual awareness into information across the enterprise. It delivers enhanced efficiency in time saved and money saved chasing information through disconnected solutions and processes, it provides greater effectiveness through insight and control of information and enables greater agility across a dynamic environment to be responsive to issues of information governance. Together, a GRC platform with eDiscovery/information governance capabilities enables and delivers more complete and accurate data governance and privacy assessments, integrated findings, with the ability to manage remediation tasks from one central place.

Leave a comment

Filed under Best Practices, CaCPA, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management

December 9, 2020 · 10:44 AM

Traditional eDiscovery Processing is Now Obsolete

By John Patzakis

eDiscovery can be a very expensive process and time consuming when traditional methods are employed. With legacy processes, from the time ESI collection starts, it often takes weeks for the data to finally end up in review. Time is money, and this dramatically increases costs as well as risk.

ESI processing is a dedicated and often expensive step in the EDRM workflow. The majority of ESI processing consists of data culling and filtering, deduplication, text extraction, metadata preservation, and then staging the data for upload into a review platform, often in the form of a load (DAT) file.  Using ESI processing methods that involve on-premise hardware appliances that are not integrated with the collection process and do not integrate with review platforms like Relativity significantly increase cost and time delays. This means practitioners have to spend the often several weeks that are required by other cumbersome solutions through manual collections and multiple hand-offs.

However, the latest in collection technologies will now combine targeted collection with these processing steps that are performed “on the fly” and in the background so that the data is automatically collected, processed and uploaded into a review platform such as Relativity in one fell swoop.

The graphic below is an illustration contrasting the challenges associated with traditional eDiscovery processes, with the far more efficient new paradigm. When you engage in manual collection, and then manual on-premise hardware-based processing, and finally manual upload to review, you are extending the process by often weeks, you are dramatically increasing cost and risk with many manual data handoffs.

Providing a contrast to traditional methods, a recent Relativity webinar featured the integration of the X1 Distributed Discovery platform with its RelativityOne Collect solution. A live demonstration performed by Relativity Product Manager Greg Evans highlighted in real time how the integration dramatically improves the enterprise eDiscovery process by enabling a targeted and efficient search and collection process, with full and integrated ESI processing. Within minutes, data collected from endpoints with X1 is populated straight into a Relativity workspace, fully processed and ready for review, without any human interaction once the collection is started.

So in terms of the big picture, this X1/Relativity integration not only streamlines enterprise ESI collection, but it relegates ESI processing to a completely automated background function as an afterthought. That’s what disruption looks like.

A recording of the X1/Relativity integration webinar can be accessed here.

Leave a comment

Filed under Best Practices, collection, eDiscovery, Enterprise eDiscovery, ESI, Uncategorized