Tag Archives: X1 Discovery

December 16, 2025 · 9:13 AM

AI Without Data Movement: X1’s Webinar Reveals the Future of Secure Enterprise AI

By John Patzakis

X1’s recent webinar announcing the availability of true “AI in-place” for the enterprise was both highly attended and strongly validated by the audience response. The session did more than introduce a new feature; it articulated a fundamentally different architectural approach to enterprise AI—one designed explicitly for security, compliance, and scalability in complex, distributed environments. Our central message was simple: enterprise AI adoption has been constrained not by lack of interest, but by architectural and security requirements that existing platforms have failed to address.

That reality was most powerfully captured in a quote shared on the opening slide from a Fortune 100 Chief Information Security Officer, which set the tone for the entire discussion:

“Normally AI for infosec and compliance use cases is a non-starter for security reasons, but your workflow and architecture is completely different. This allows us – all behind our firewall — to develop our own models that are trained on our own data and customized to our specific security and compliance use cases and deployed in-place across our enterprise.”

This endorsement crystallized the webinar’s core insight: AI becomes viable for the most sensitive enterprise use cases only when it is deployed where the data already lives, rather than forcing data into external or centralized systems.

The technical foundation that makes this possible is X1’s micro-indexing architecture. Unlike traditional platforms built on centralized, resource-intensive indexing technologies, X1 deploys lightweight, distributed micro-indexes directly at the data source. This allows enterprises to index, search, and now apply AI analysis without mass data movement. As emphasized during the webinar, centralized indexing is not just expensive and slow—it is fundamentally misaligned with how modern enterprise data is distributed across file systems, endpoints, cloud platforms, and collaboration tools.

The session then highlighted how this architectural distinction resolves a long-standing problem in discovery, compliance, and security workflows. Legacy platforms require organizations to collect and centralize data before they can analyze it, introducing delays, high costs, and significant risk exposure. X1 reverses that workflow. By enabling visibility and AI-driven classification before collection, organizations can make informed, targeted decisions—collecting only what is necessary, remediating issues in-place, and dramatically reducing both risk and operational overhead.

The discussion also demystified large language models (LLMs), explaining that while model training is compute-intensive, models themselves are increasingly commoditized and portable. Critically, LLMs require extracted text and metadata— processed from native files—to function. This aligns perfectly with X1’s existing capability, as text and metadata extraction are already integral to our micro-indexing process. AI models can therefore be deployed alongside these indexes, operating in parallel across thousands of data sources with massive scalability.

The conversation then connected this architecture to concrete, high-value use cases. In eDiscovery, AI in-place enables faster early case assessment and proportionality by analyzing data where it resides. In incident response and breach investigations, security teams can immediately scope exposure across distributed systems without waiting months for data exports. For compliance and governance, AI models can continuously identify sensitive data, enforce retention policies, and surface risk conditions that were previously impractical to monitor at scale.

In addition to a live product demo showcasing this new capability, we concluded the webinar with several clarifying points and announcements. First, we emphasized that X1 does not access, monetize, or host customer data. Also, AI in-place is not an experimental add-on but an enhancement to a proven, production-grade platform. And notably, there is no additional licensing cost for the AI capability itself—customers simply deploy models within their own environment. With proof-of-concept testing beginning shortly and production deployments targeted for April 2026, the webinar made clear that AI in-place is not a future vision, but an imminent reality for the enterprise.

You can access a recording of the webinar here, and to learn more about X1 Enterprise, please visit us at X1.com.

Leave a comment

Filed under Best Practices, Corporations, Cybersecurity, Data Audit, Data Governance, ECA, eDiscovery, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, ESI, Information Governance

Tagged as , , , , , , , , , , ,

February 21, 2013 · 1:35 PM

Live Social Media Evidence Capture from Today’s Vegas Strip Shooting

Unfortunately, a tragic event transpired this morning in Las Vegas leaving three people dead and at least three others injured after a shooting and fiery six-vehicle crash along the Strip. According to reports, at about 4:20 a.m. someone in an SUV opened fire into a Maserati that had stopped at a light. The Maserati moved into the intersection at Flamingo Road and collided with a taxi, starting a chain of crashes that involved four other vehicles. Our thoughts and prayers are with the victims and their families.

Given the criminal investigation and civil liability implications of this event, we wanted to demonstrate the new important capabilities of X1 Social Discovery to immediately identify, preserve and display geolocated Tweets (and often Instagram posts) at or near the scene immediately before, during and after the incident. X1 Social Discovery is now able to map a given location, such as a city block or even a full metropolitan area, and search the entire public Twitter feed to identify any geolocated tweets that have been made in the past three days (sometimes longer) within that designated area, as well as to capture any new tweets within that area going forward. As illustrated below, this capability is extremely useful for law enforcement, corporate security and civil litigators.

When we learned of the Vegas incident, we mapped the general area of the strip  and within seconds, all the recent Tweets from the past several hours were populated within the grid and collected within X1 Social Discovery.

Accident 4

From there, we were able to sort those tweets within the interface and identify some key Tweets made immediately after the incident, such as this post:

Accident 5

Accident 2

We are able to sort and identity the exact time (in GMT) of the posts in question as well as associated metadata.

Accident 3

Here is another post below. Both this example and the one above contain notable intel in the comments, suggesting the possible identity of one of the victims, as well as a reference to another posted picture on Instagram. This reflects the utility of X1 Social Discovery’s ability to collect not just the social media post, but the comments thereto in real-time.

Accident 1

This feature can also be employed proactively, to map an area around a school, an embassy, an oil drilling facility overseas, or other critical infrastructure assets to collect and store any geolocated tweets in real time. But of course in order to take full advantage of this ability to gather key evidence such as the evidence, posted above, you need to own the software at the time of the incident.

2 Comments

Filed under Social Media Investigations

Tagged as , , , , , , , , , , , , ,

September 25, 2012 · 8:19 PM

National White Collar Crime Center Launches Certified Training for X1 Social Discovery

This past month, the National White Collar Crime Center (NW3C), an internationally recognized leader in education and support in the prevention and prosecution of high-tech crime, announced a strategic partnership with X1 Discovery to provide training and support to local, state and federal law enforcement agencies worldwide, as well as to legal, corporate discovery and risk professionals. The partnership will focus on promoting best practices and advanced techniques for website and social media evidence collection and analysis, based upon the X1 Social Discovery software.

Training and certification on a computer investigation process is very important to help bolster the qualifications of a testifying witness. A great example of this is the “on point” case of State v. Rossi, where an Ohio appellate addressed the issue of authentication of social media evidence and involved the expert testimony of a police detective, where the defense unsuccessfully challenged his qualifications as a computer forensics expert. Here is the key quote from the court:

“Det. Roderick testified that he received forensic computer training from the FBI and National White Collar Crime Center. Accordingly, the trial court did not err by
allowing Det. Roderick to testify as an expert in forensic computer investigations.” (Emphasis added)

As State v. Rossi tackles social media evidence, best practices for its collection (which were not followed by the defense), the issues of training, expert testimony, and the credibility of NW3C, the case serves as “Exhibit A” for the importance of the NW3C and X1 Discovery relationship.

NW3C has now posted their first schedule of classes online, available here. The classes are open to both law enforcement and private sector professionals. The training curriculum will provide best practices and new methods to collect, search, preserve and manage social media evidence from social media networking sites and other websites in a scalable, instantaneous and forensically sound manner. Participants will learn about specific cases involving critical social media data; find out how to collect and index thousands of social media items in minutes; understand and identify key metadata unique to social media; learn how to better authenticate social media evidence in a safe and defensible manner; and more. Attendees who complete the course will received a certificate of authorized training on the X1 Social Discovery software, which is designed to effectively address social media content from the leading social media networking sites such as Facebook, Twitter and LinkedIn. In addition, it can crawl, capture and instantly search content from any website.

The cost of the 1-day training is $595, which is a great investment in your credentials and career as an expert witness and computer investigation professional.


 > Learn more about this “hands-on” training in our live webinar

Leave a comment

Filed under Best Practices, Social Media Investigations

Tagged as , , , , , , , , , , , , ,

August 30, 2012 · 12:47 PM

Police Embrace Social Media as Crime-Fighting Tool (CNN Article)

Recently, CNN published an article illustrating how law enforcement agencies are using social media to help solve their cases.  CNN reporter Heather Kelly, states, socialpolice“leveraging Facebook is just one of many ways law enforcement officials are gleaning evidence from social media to help them solve crimes.”  According to a recent survey performed by LexisNexis on federal, state and local law enforcement officials who use social media, 4 of 5 used social media to gather evidence during investigations. Kelly states, “Half said they checked social media at least once a week, and the majority said social media helps them solve crimes faster.”

Read complete CNN article

Visit X1 DISCOVERY

Leave a comment

Filed under Best Practices, Case Law, Social Media Investigations

Tagged as , , , , , ,

August 7, 2012 · 4:23 PM

The Global De-Centralized Enterprise: An Un-Met eDiscovery Challenge

Enterprises with data situated within a multitude of segmented networks across North America and the rest of the world face unique challenges for eDiscovery and compliance-related investigation requirements. In particular, the wide area networks of large project engineering, oil & gas, and systems integration firms typically contain terabytes of geographically disparate information assets in often harsh operating environments with very limited network bandwidth. Information management and eDiscovery tools that require data centralization or run on expensive and inflexible hardware appliances cannot, by their very nature, address critical project information in places like Saudi Arabia, China, or the Alaskan North Slope.

Despite vendor marketing hype, network bandwidth constraints coupled with the requirement to migrate data to a single repository render traditional information management and eDiscovery tools ineffective to address de-centralized global enterprise data. As such, the global decentralized enterprise represents a major gap for in-house eDiscovery processes, resulting in significant expense and inefficiencies. The case of U.S. ex rel. McBride v. Halliburton Co. [1]  illustrates this pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once. [2]

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase instead of culling, filtering and searching the data at the point of collection drove up the costs.

Despite the burdens associated with the electronic discovery of distributed data across the four corners of the earth, such data is considered accessible under the Federal Rules of Civil Procedure and thus must be preserved and collected if relevant to a legal matter. However, the good news is that the preservation and collection efforts can and should be targeted to only potentially relevant information limited to only custodians and sources with a demonstrated potential connection to the litigation matter in question.

This is important as the biggest expense associated with eDiscovery is the cost of overly inclusive preservation and collection. Properly targeted preservation initiatives are permitted by the courts and can be enabled by adroit software that is able to quickly and effectively access and search these data sources throughout the enterprise. The value of targeted preservation is recognized in the Committee Notes to the FRCP amendments, which urge the parties to reach agreement on the preservation of data and the key words, date ranges and other metadata to identify responsive materials. [3]  And In re Genetically Modified Rice Litigation, the court noted that “[p]reservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.” [4]

However, such targeted collection and ECA in place is not feasible in the decentralized global enterprise with current eDiscovery and information management tools. What is needed to address these challenges for the de-centralized enterprise is a field-deployable search and eDiscovery solution that operates in distributed and virtualized environments on-demand within these distributed global locations where the data resides. In order to meet such a challenge, the eDiscovery and search solution must immediately and rapidly install, execute and efficiently operate in a localized virtualized environment, including public or private cloud deployments, where the site data is located, without rigid hardware requirements or on-site physical access.

This is impossible if the solution is fused to hardware appliances or otherwise requires a complex on-site installation process. After installation, the solution must be able to index the documents and other data locally and serve up those documents for remote but secure access, search and review through a web browser. As the “heavy lifting” (indexing, search, and document filtering) is all performed locally, this solution can effectively operate in some of the harshest local environments with limited network bandwidth. The data is not only collected and culled within the local area network, but is also served up for full early case assessment and first pass review on site, so that only a much smaller data set of potentially relevant data is ultimately transmitted to a central location.

This ground breaking capability is what X1 Rapid Discovery provides. Its ability to uniquely deploy and operate in the IaaS cloud also means that the solution can install anywhere within the wide-area network, remotely and on-demand. This enables globally decentralized enterprises to finally address their overseas data in an efficient, expedient defensible and highly cost effective manner.

If you have any thoughts or experiences with the unique eDiscovery challenges of the de-centralized global enterprise, feel free to email me. I welcome the collaboration.

___________________________________________

[1] 272 F.R.D. 235 (2011)

[2] Id at 240.

[3] Citing the Manual for Complex Litigation (MCL) (4th) §40.25 (2)):

[4] 2007 WL 1655757 (June 5, 2007 E.D.Mo.)

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,