Why Post-Level Parsing is Critical for Effective Social Media Evidence Collection

By John Patzakis

As succinctly noted by The Florida Bar Association in its publication, Florida Law Journal: “Social media is everywhere. Nearly everyone uses it. Litigants who understand social media–and its benefits and limitations–can immeasurably help their clients resolve disputes…it is inevitable that the social media accounts of at least one person involved in a dispute will have potentially relevant and discoverable information.“ “Social Media Evidence: What You Can’t Use Won’t Help You” Florida Law Journal, Volume 88, No. 1.

The high volume of relevant social media evidence means that lawyers are under an ethical duty of competence to address and account for it in their litigation and compliance matters. For this reason, there has been a strong demand for social media evidence collection software and services. However, Facebook, the most widely used social media platform, rolled out a completely new interface and data format in the latter part of 2020 for all their 2.4 billion users. This broke every social media evidence tool on the market, causing a major disruption of eDiscovery and compliance workflows. In response, social media evidence collection tools either exited the market, changed their model to services, or provided flat file screen shots as their output.

Flat file screen shots of social media are of limited value, as what they generally entail is a screenshot image file without metadata, other than what is visible on the image itself. This is problematic as there are many important but hidden metadata fields associated with social media posts that need to be parsed and populated into the appropriate fields associated with the post. Also, flat images do not enable effective text extraction, and it is impossible to cull, process, display, and apply analytics to flat file outputs in attorney review platforms such as Relativity. Associated comments to a post are not collected, or at best are truncated and not displayed in line.

Conversely, post-level native collection of social media is ideal, because it enables the collection of the social media post as a parent item with all associated metadata and comments preserved and displayed inline. This will enable the automated generation of robust load files that include date stamps and other key metadata, extracted text for searching, family post identification and associated comments. Additionally, post-level hash values can be readily generated at the point of collection and verified to establish evidentiary authentication.  All this enables a very fluid and scalable workflow that dramatically reduces downstream processing and review platform upload costs.

With the recent release of version 5.12, X1 Social Discovery is the only eDiscovery solution to provide post-level parsing for Facebook timeline posts in the new Facebook format, as well as for Twitter feeds. To learn more about this important functionality, watch the webinar.

Leave a comment

Filed under Uncategorized

Full Disk Imaging Not Required for eDiscovery Collections

In Fact, Courts and Legal Commentators Disfavor the Practice

By John Patzakis[1]

The collection and preservation of Electronically Stored Information (ESI) in the enterprise remains a significant and costly pain point for organizations. Leading industry research firm Gartner notes that eDiscovery collection and preservation processes “can be intrusive, time consuming and costly.”[2]  And recent court decisions imposing sanctions on corporate litigants who failed to meet their ESI preservation obligations are symptomatic of these pain points.[3]

A key issue regarding collection is that many in the eDiscovery services community standardized on full disk imaging as their default collection practice.  This is problematic for several reasons. For one, full-disk imaging is burdensome because the process often involves service providers traveling out to the individual custodians, which is very disruptive to employees, not to mention time consuming. Additionally, as eDiscovery processing and hosting fees are usually calculated on a per-gigabyte basis, costs are increased exponentially. In a word, this is overkill, with much more effective and efficient options now available.

Full disk images capture every bit and byte on a hard drive, including system and application files, unallocated space and a host of irrelevant user-created data. While full disk images may be warranted in some limited situations, the expense and burden associated with the practice can be quite extensive, particularly in matters that involve multiple custodians.

It is established law that the duty to preserve evidence, including ESI, extends only to relevant information[4]  The vast majority of ESI on a full disk image will typically constitute irrelevant information. As stated by one court, “imaging a hard drive results in the production of massive amounts of irrelevant, and perhaps privileged, information.”[5] The highly influential Sedona Conference notes: “Civil litigation should not be approached as if information systems were crime scenes that justify forensic investigation at every opportunity to identify and preserve every detail.”

And that: “Forensic data collection requires intrusive access to desktop, server, laptop, or other hard drives or media storage devices.”  While noting the practice is acceptable in some limited circumstances, “making a forensic copy of computers is only the first step of an expensive, complex, and difficult process of data analysis . . . it should not be required unless circumstances specifically warrant the additional cost and burden and there is no less burdensome option available.”[6]

This disfavoring of forensic imaging is also reflected in the increased emphasis of proportionality under recent amendment to Federal Rule of Civil Procedure 26(b)(1). The over-arching theme from case law and the Federal Rules is that ESI preservation efforts should be reasonable, proportionate, and targeted to only relevant information, as opposed to being overly broad and unduly burdensome.

Courts do require that ESI be collected in a forensically sound manner, which does not mean a full forensic disk image is required, but generally does entail that metadata is not altered and a documented chain of custody is maintained. More advanced enterprise class technology can accomplish remote searches across multitudes of custodians that are narrowly tailored to collect only potentially relevant information while preserving metadata at the same time. This process is better, faster and dramatically less expensive than manual disk imaging.

In fact, The Sedona principles do outline such an alternative to forensic disk imaging: “Automated or computer-assisted collection involves using computerized processes to collect ESI meeting certain criteria, such as search terms, file and message dates, or folder locations. Automated collection can be integrated with an overall electronic data archiving or retention system, or it can be implemented using technology specifically designated to retrieve information on a case-by-case basis.”

This language maps directly to the capabilities of X1 Distributed Discovery (X1DD), which enables parties to perform targeted search and collection of the ESI of up to thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). This method is sound from an evidentiary standpoint as the collected data is preserved in its native file format with its metadata intact. X1DD features a solid chain of custody and robust logging, tracking and reporting.

And in line with the concepts outlined in the revised Sedona Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. 


NOTES:

[1]John Patzakis is the Chief Legal Officer of X1.

[2] “Market Guide for E-Discovery Solutions” Gartner, June 30, 2016

[3] (Matthew Enter., Inc. v. Chrysler Grp. LLC, 2016 WL 2957133 (N.D. Cal. May 23, 2016). (Imposing severe evidentiary including allowing the defense to use the fact of ESI spoliation to rebut testimony from the plaintiff’s witnesses and payment of attorney’s fees incurred by the defendant) Internmatch v. Nxtbigthing, LLC, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016), a U.S. District Court imposed similar sanctions based upon the corporate defendant’s suspect ESI preservation efforts.

[4] Hynix Semiconductor Inc. v. Rambus Inc., 2006 WL 565893 (N.D.Cal. Jan. 5, 2006) at *27. (“The duty to preserve evidence, once it attaches, does not extend beyond evidence that is relevant and material to the claims at issue in the litigation.”)  As noted by the Zubulake court, “Clearly [there is no duty to] preserve every shred of paper, every e-mail or electronic document, and every backup tape…Such a rule would cripple large corporations.”  Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2004) (“Zubulake IV”).

[5] Deipenhorst v. City of Battle Creek, 2006 WL 1851243 (W.D.Mich. June 30, 2006) at *3.  In noting that the “imaging of computer hard drives is an expensive process, and adds to the burden of litigation for both parties,” the Deipenhorst court declined to require the production of  full disk images absent a strong showing of good cause. See also, Fasteners for Retail, Inc. v. DeJohn et al., No 1000333 (Ct. App.Ohio April 24, 2014).

[6] The Sedona Principles, Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production, 19 Sedona Conf. J. 1 (2018).

Leave a comment

Filed under Authentication, Best Practices, ECA, eDiscovery, ESI, Preservation & Collection

Moving Beyond Litigation Support

By Sonam Sharma, Senior Manager, X1
(Originally published on ILTAnet.org, February 19, 2021)

The age-old adage of change being the only constant has never been truer than in today’s times. With pandemic induced disruptions fast-tracking an already burgeoning impact of technology in day-to-day proceedings of your business and having a likewise impact in the lives of our clients, the ability to manage and react to this change must make all the difference between the longevity of your business and ensuring that you stay ahead of the market.

Over the last decade, a lot of energy has been spent towards understanding the pain points of the lawyers while constantly examining ways to reinvent to stay ahead of the competitors of varying scale, capabilities, and customer base. Change is inevitable but the transformation is a conscious choice. To navigate through a highly fluctuating market, we are witnessing law firms embracing change and revisiting their litigation support services and strategies to develop a unified and client-centric approach for their organizations. A focus on operational efficiency is becoming more about survival and excellence rather than a good-to-have organization priority.

So, what is this change that we are talking about?

The Legal industry is a fast pace world. Clients are rapidly outgrowing conventional models, largely as a result of how they are using technology in their everyday lives. As the expectations of the clients are ever-evolving, legal professionals need to find ways of delivering more seamless and client-centered experiences.

Client-facing services roles such as litigation support, legal assistants, and paralegals are the first points of contact for the commencement of legal work. These professionals play an important role in ensuring case proceedings go as smoothly as possible. However, due to the lack of synergies and functional silos between these groups the operational model can become obsolete/misaligned. “Over time, to maintain the efficiency of teams, it is important to focus on communications and the improvement of processes and procedures,” said Ardian Triantoro, Practice Support Manager, Schulte Roth & Zabel LLP.

To mitigate risks arising from process inefficiencies and to overcome organizational barriers, law firms need to bolster their capabilities by combining teams dealing with legal operations (such as clerks, paralegals, attorneys, and technical support).  and develop communication strategies between them. The goal is to streamline the legal operations workflow to provide a connected experience to the client.

There’s no better time to start the transformation than now!

The more progressive law firms are methodically building and systematically delivering work in-house. Leveraging a base of existing skills, experience, and vendor relationships, organizations have merged their Litigation Technology Support and operational support teams into the Practice Support department to deliver value to customers.

Leading law firms such as Kirkland & Ellis, Latham & Watkins, Baker & McKenzie, Schulte Roth & Zabel, LLP have implemented new ways to approach critical back-office operational functions. “For the law firms, it is not just about implementing the technology but to shift the focus from commoditized services to high-value expertise to recalibrate a more predictable pricing model that generates a cost-effective outcome of the case,” said Jared Michael Coseglia, Founder & CEO of award-winning legal staffing firm TRU Staffing, Inc.

So where can you start?

To prepare for the future, you should begin with a focus on the following areas:

  • Process: Strategize the ebbs and flows! Develop a communication map to help attorneys and staff members better understand the firm’s operating functions and how it fits together. Design effective processes that drive transparency and have a clear description of tasks and outcomes.
  • People: A starting point for assessing the firm’s capabilities is to determine skills, competencies, the talent available and create a capability map. Align skills with the evolving business needs and identify partnership opportunities with a focus on enabling attorneys to focus on long-term strategic decision-making; and
  • Technology: Understand the business needs and align the technology with the law firm organizational framework so that it is supporting the firm’s overall business objectives. It is about using technology to improve the old ways of working.

The more things change, law firms will see increased benefits from…

  • Seamless Client Service: Today, clients expect effortless experience from start to finish. It is critical to serving as a team member to the clients. By streamlining the processes internally, the practice support department acts as an all-in-one suite that law firms can leverage to build a repeatable and defensible process for optimal service delivery.
  • Efficiency Across Legal Ecosystem: Litigation professionals are masters in their field and have worked with a multitude of attorneys on countless cases over time. By utilizing in-house expertise, law firms can establish robust business practices to allow for quick and effective decision-making.
  • Reduced Costs: Staying on top of technology and constantly building expertise enables law firms to design custom-tailored solutions designed for cost efficiency and operational excellence.

Key Takeaway:  The problem is that this is easier said than done, but the actual mantra is not perfection; it is an iterative progression!

Leave a comment

Filed under Best Practices, eDiscovery, Information Management, law firm, Uncategorized

Meeting Modern Discovery Demands with RelativityOne Collect and X1

By John Patzakis

As we’ve all heard time and again, 2020 was a transformative year—and in our space, it has had a huge impact and really changed the way people work.

With widespread teams, evolving data types, growing data volumes, and deadlines getting shorter—well, the entire e-discovery process has the potential to spiral out of control.

But not for those who are well prepared to meet these modern challenges.

Here at X1, we’ve been working hard on giving modern organizations the technology they need to get data identified, collected, and ingested with maximum effectiveness for years. Now, with X1 integrated into RelativityOne via RelativityOne Collect, users of the industry-leading SaaS e-discovery platform can accomplish this in more targeted and faster ways than ever before.

Let’s take a look at what this integration means, and why it offers non-negotiable capabilities to today’s legal teams.

A Remote Workforce

Work from home has rapidly accelerated and will likely not dramatically reverse in the foreseeable future. Many of us will continue to work remotely for months to come—or perhaps permanently.

These trends were already ramping up, but 2020 hammered the accelerator on telecommuting and remote working. According to Global Workplace Analytics, before the COVID-19 pandemic, just 3.6 percent of US workers worked from home multiple days a week. That number is now estimated at 25-30 percent.

This may be a boon for work-life balance, but it poses big complications for data collection in response to litigation and investigations. Historically, this process has required disk imaging or other methods that often prompted collections to be performed in person. In a shared office, that might be easy to accomplish (in fact, it might be too easy, resulting in vast over-collections of data in many cases). But with everyone working from home and confronted by concerns about social distancing, travel restrictions, and possible quarantines, it quickly became untenable last year.

Thanks to those circumstances and the increased use of the cloud for data storage, demand for web-enabled collections is up—by a lot.

RelativityOne Collect gives legal teams the ability to index and search on data in place, analyze the contents of a data source, and categorize data quickly to identify what warrants collection and what can be eliminated—all before it’s pulled from the source and brought into a workspace, and from anywhere. Previously, RelativityOne Collect was able to directly connect with Office 365 and Slack sources to perform these remote collections; with the integration of X1’s innovative endpoint technology, Collect can now gather data from additional sources like email and files on laptops, servers, or network locations.

Then, the targeted data is seamlessly imported into Relativity—no extra processing, downloads, uploads, or risky data hand-offs required.

This means a streamlined process that can be performed from anywhere, on multiple custodians at a time, and across many of the most common data sources. Forward-thinking teams are saying goodbye to cumbersome and expensive ESI collection and processing tools in favor of this bright new world.

Proportional Data Decisions

Another trend that began to take hold over the last decade is the move toward targeted collections. Gone are the days when full disk imaging was standard practice. Today’s sources are far too densely packed with data to assume everything needs to be captured for every matter. Over-collecting means not just increased costs for data storage on your matters, but huge amounts of time wasted on reviewing unnecessary documents—and all of this adds up to proportionality violations.

The courts agree: Complete disk imaging is by and large unwarranted in civil litigation. (In particular, see Diepenhorst v. City of Battle Creek.)

Instead, what is needed is a middle ground approach in the form of a targeted, automated, and remote collection that provides documentation for defensibility and an emphasis on speed to review.

With traditional processes, there is an inability to quickly and remotely search across and access distributed unstructured data in-place. e-Discovery teams may end up spending weeks or more collecting data, with traditional workflows taking as long as 30 days to complete before data is available for review.

In addition to putting deadlines and case strategy efforts in jeopardy, these delays can increase the risk of errors and security vulnerabilities as data is moved between systems and team members rush to get things done. With X1 endpoint collections integrated into Collect, data can be accessed, searched upon, culled, and ingested directly into your review workspace with no go-betweens required—so your targeted data sets are defensible and in good hands from start to finish. Oh, and that 30 days is cut down to mere hours.

This enables much needed efficiencies in the e-discovery process in the face of growing data volumes, widespread teams and data sources, and diversified data types, because you can target which data you bring into your workspace before it’s published (and have detailed reports on those decisions to back up your final collection). You’ll see benefits not just in greater speed to review, but also greater speed in review, because you’ve eliminated a lot of inefficiencies from the get-go. Plus, you’re protecting potentially privileged or secret information that doesn’t need to be pulled into a project in the first place.

Process Democratization

Finally, there’s a third evolving trend in the collection space. For a long time, there has been a perception that doing collections is difficult, and requires a lot of specialized training or certifications. With the proliferation of the cloud and new data sources, however, this has started to shift. Most e-discovery cases do not require collection by a certified forensics examiner, especially since not every drive needs to be imaged. Instead, as the industry has moved more toward targeted collections, the accessibility of the process has greatly improved.

Additionally, today’s legal teams are under great pressure to do more with less—less money, less time, and less help. As a result, they need to be empowered to perform some collections themselves even if they don’t have that highest degree of training and expertise. Fortunately, cases using targeted e-discovery collections and collections from cloud sources don’t generally require such extensive training.

When organizations are given the tools to do some of this work internally, they can save forensic resources for when they’re truly needed (on really hairy or dicey matters).

RelativityOne Collect’s easy-to-use interface lets any individual perform those type of targeted e-discovery and cloud collections with minimal training. And as a growing number of organizations are experiencing a greater need to remotely collect from computer endpoints as well, Relativity and X1 have partnered to build an integration to help in-house teams do that, too. 

So, while numerous courts have held that custodian self-collection is simply not defensible, capable and well-equipped legal teams can and do collect data from custodians in a defensible and secure manner. Then, those same team members can take what they’ve learned from this at-a-glance view of the origins of their data sets, and bring that knowledge to the rest of the e-discovery or investigation project.

The result is streamlined, end-to-end e-discovery in a single, secure, and easy-to-use platform.

And we will be demonstrating this integration live on our February 24 joint webinar with Relativity: “RelativityOne Collect and X1: Streamlining the Global Collection Process.” Please join us by registering here.

This blog post is also prominently featured on the Relativity blog site here.

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery, Information Management, law firm, Preservation & Collection