Tag Archives: X1

February 27, 2024 · 11:38 AM

Modern, Targeted ESI Collection Can Cut eDiscovery Costs by Over 90 Percent

By John Patzakis and Chas Meier

eDiscovery can be an expensive and time-consuming process when traditional data collection methods are employed. With legacy processes, it can take weeks for electronically stored information (ESI) collections to finally end up in review. Time is money, and utilizing dated processes can dramatically increase costs as well as risk. One of the biggest drivers of excessive eDiscovery costs is over-collection of irrelevant or unnecessary information. This in turn leads to a larger amount of data entering the processing and initial review funnel.

In fact, old school manual collection efforts require employing multiple tools, data copies, and manual steps into your litigation workflow. The majority of ESI processing consists of data culling and filtering, deduplication, text extraction, metadata preservation, and then staging the data for upload into a review platform, often in the form of a load (DAT) file. Some ESI processing solutions require deployment of non-integrated on-premise hardware appliances that further increase costs and add time delays. Manual collections, multiple generations of data duplication, and disjointed handoffs exponentially increase costs and risk while significantly delaying documents being available for review.

If you are still using stand-alone processing tools, you are doing it wrong and subjecting your clients to extensive costs and time delays. Modern collection technologies combine targeted collection with in-place processing of data which is automatically collected, processed, and uploaded into a review platform such as Relativity in one fell swoop.

The graph below established that the cost for collection, processing and first month hosting under a traditional preservation process can be upwards of $12,000 per custodian:

Properly targeted preservation initiatives are favored by the courts for purposes of civil eDiscovery and enabled by next generation software to search data sources quickly and effectively in-place throughout the enterprise. The value of targeted and proportional preservation is recognized in the Committee Notes to the recent FRCP amendments, which urge the parties to reach agreement on the preservation of data, keywords, and other metadata to identify responsive materials. See also, In re Genetically Modified Rice Litigation, (“Preservation efforts can become unduly burdensome and unreasonably costly unless those efforts are targeted to those documents reasonably likely to be relevant or lead to the discovery of relevant evidence.”)

X1 Enterprise Collect significantly streamlines the eDiscovery workflow with integrated culling and deduplication, thereby eliminating the need for expensive and cumbersome ESI processing tools. That way, the ESI can be populated straight into Relativity from an X1 collection without multiple hand offs, extensive project management and inefficient data processing.

The ability to directly and transparently collect data from custodian laptops, desktops, Microsoft 365 and other cloud sources into a RelativityOne / Relativity workspace is a game-changer that enables Attorney’s to begin review in hours rather than weeks.

The second chart shows how this streamlined approach, based upon a detailed ROI analysis, reduces eDiscovery costs by over 90 percent:

So, in terms of the big picture, X1 Enterprise Collect provides a complete platform to implement a properly targeted preservation strategy in the enterprise enabling organizations to save a lot of time, save a lot of money, and be able to make faster and better decisions.

When you accelerate the speed to review and eliminate over-collection and inefficient processing, you gain much better early insight into your data and can increase efficiencies on many levels.

Finally, the calculations represented in the charts were generated from a customizable ROI cost calculator created by Chas Meier, based upon his more than 20 years’ experience in eDiscovery service provider roles. If you would like a copy of this ROI calculator, please contact Chas at CMeier@x1.com.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Management, Preservation & Collection

Tagged as , , , , , , ,

June 13, 2023 · 10:14 AM

Law Firms Are Demanding Native, Post-Level Collection of Social Media Evidence to Support Standard Review and Analytics Workflows

By John Patzakis

Two months ago, X1 launched version 7 of our X1 Social Discovery social media and web collections solution. This major upgrade features a new cutting-edge Instagram connector, along with our revamped Facebook support, where all our users now have native post-level collection and parsing to ensure accuracy, key metadata collection, court authentication, and evidentiary completeness of the collected data. As stated by X1 CEO Larry Gill: “Nothing short of those capabilities is acceptable and that is why I can confidently say that X1 Social Discovery is the only solution in the industry capable of delivering all those requirements.”

Version 7 has been a huge success, with record sales seen since its release. In fact, in speaking recently with several attorneys at top law firms, it’s very clear both how important such native post-level collection is in order to support standard attorney review and data analytics workflows, and that there is a disconnect with some practitioners who are utilizing alternative web plug-in based screen shot generation tools that do not support these now basic but essential requirements.

It is very important to understand the unique ability of X1 Social Discovery to perform post-level native collection of each social media post. This means that the social media post is collected in its native format and parsed so that it has its own associated metadata, photos, indexed text and in-line comments. This allows for the individual Facebook or Instagram posts, Tweets, etc. to be searched, filtered, tagged, and exported individually at the post-level with all associated metadata and comments inline. The ability with X1 to tag, sort, authenticate (with individually associated hash values), and upload individual posts by up to thousands at a time without manual processing into an attorney review platform is essential for an efficient and scalable workflow. And X1 is the only solution that can deliver this critical functionality.

In contrast, the web plug-in tools generate flat file image PDFs as its final output. So, if there are 30 posts that are in a feed, a single monolithic image PDF will be generated as the collection output. These bulk screenshots are of very limited value as they are not collected in native format, retain no post-level metadata, and are not searchable (absent a secondary and inferior OCR process). This output is practically useless for a review platform (as the entire output is one object).

Additionally, as we all know, AI-based analytics is a game-changing capability that is now a standard feature of the leading eDiscovery review platforms. However, ESI must be properly collected in order to support such AI. Semantic AI engines ingest and analyze the extracted text and metadata of individual emails, electronic documents, social media posts and web pages. Only X1 Social Discovery collects full text & post-level metadata and performs and maintains the collection at the individual object-level, all of which is necessary to support upstream AI analysis. Using the web plug-in tools is a decision to not use AI on your case for social media and website evidence.

Another key differentiator is that X1 Social Discovery is a robust software application that can be installed on a computer, including virtual cloud servers. This enables X1 to take advantage of the full CPU and RAM resources available to address heavy workloads as needed with multi-threading capabilities. As a result, X1 can run multiple collections at the same time, auto-expand and auto-scroll across thousands of posts, and collect posts with thousands of comments. For instance, a web crawl collection, a Facebook collection, and a YouTube collection can be run at the same time. Data can be reviewed and analyzed immediately as it populates.

Further, social media collections often involve thousands of posts with hundreds of associated comments and multiple images. This requires adequate resources to perform auto-expanding and auto-scrolling of pages, comments, and images. X1’s architecture provides for such a scalable workflow.

In contrast, the web plug-in tools are web browser plug-ins that face very limiting performance ceilings and functionality constraints inherent to any such plug-in. Many users report limitations beyond capturing a few dozen posts at a time at best, with an inability to capture all comments when they number in the hundreds or numerous clustered images in thumbnail format. For this reason and many others, the web plug-in tools are generally considered a low market tool for one-off small collections.

Additionally, the legal evidentiary defensibility provided by X1 Social Discovery is in a class by itself. This is because X1 captures over a dozen unique item-level metadata fields, including the URL of the individual post (not bulk feed), User ID, Post ID, date stamps and other key metadata. Importantly, each post, which is an individual object, has its own hash value generated at the time of collection. So, when thousands of individual posts, YouTube videos, and web pages are collected into a case, and there is then a need to provide a subset of those items into a review platform or produced in discovery, the hash value and post-level metadata for each item remains intact.

The web plug-in tools only record general URLs of the bulk collection, a hash of the entire “all or nothing” bulk PDF export containing up to dozens of individual posts, with no individual hash values or metadata fields specific to any of those posts. There is an important distinction here between object-level metadata (i.e. each post) and metadata associated with the bulk feed image. If the web plug-in tools capture 50 posts in a single image feed, and the client may only want 4 of them moved into a review platform for further review, there is no way to do that except for taking secondary Snagit-type screenshots, rendering the chain of custody broken and the hash value inapplicable.

Finally, the court in Edwards v. Junior State of America Foundation, No. 4:19-CV-140-SDJ, (US Dist. CT, E.D. TX 2021), specifically ruled that only HTML or JSON social media collections are defined as “native file collection.” Flat PDFs are not.

To see this critical and unique functionality in X1 Social Discovery v7, please watch our product tour on-demand. Alternatively, we would welcome the opportunity to brief you and your colleagues directly. Please contact us to speak with a member of the X1 Team.

Leave a comment

Filed under Authentication, Best Practices, eDiscovery, ESI, law firm, Preservation & Collection, Social Media Investigations, Social Media Metadata

Tagged as , , , , ,

November 1, 2022 · 11:42 AM

Proportionality in eDiscovery is Ideal, but Difficult to Realize Without an Optimized Process

By John Patzakis

(Originally published October 24, 2022 by JD Supra and EDRM)

Image: Kaylee Walstad, EDRM

Proportionality-based eDiscovery is a goal that all corporate litigants seek to attain. Under Federal Rule of Civil Procedure 26(b)(1), parties may discover any non-privileged material that is relevant to any party’s claim or defense and proportional to the needs of the case. Litigants that take full advantage of the proportionality rule can greatly reduce cost, time and risk associated with otherwise inefficient eDiscovery.

While there is a keen awareness of proportionality in the legal community, realizing the benefits requires the ability to operationalize workflows as far upstream in the eDiscovery process as possible. For instance, when you’re engaging in data over-collection, which in turn incurs extensive labor and processing costs, the ship has largely sailed before you are able to perform early case assessments and data relevancy analysis, as much of the discovery costs have already been incurred at that point. The case law and the Federal Rules provide that the duty to preserve only applies to potentially relevant information, but unless you have the right operational processes in place, you’re losing out on the ability to attain the benefits of proportionality.

However, traditional eDiscovery services typically involve manual collection, followed by manual on-premises hardware-based processing, and finally manual upload to review. These inefficiencies extend projects by often weeks while dramatically increasing cost and risk with purposeful data over-collection and numerous manual data handoffs. The good news is that solutions and processes addressing the first half of the EDRM involving collection and processing are now far more automated than they were even a few years ago.

Recently EDRM hosted a webinar addressing these issues – “Operationalizing your eDiscovery Process to Realize Proportionality Benefits” – and more specifically, as the title reflects, explored how to operationalize your eDiscovery process to achieve lower costs, improve early case strategy, realize faster time to review and reduce overall legal risk.

Here are some key takeaways from the webinar:

  • A detailed legal analysis was provided highlighting the case of Raine Group v. Reign Capital, (S.D.N.Y. Feb. 22, 2022), which applied proportionality at the point of identification and collection, not just production. The court endorsed the use of detailed and iterative keyword searches to identify and preserve potentially relevant ESI.
  • A demonstration was shown on how to enable detailed and proportional search criteria, applied in-place, at the point of collection. Such a capability is key to realizing the blueprint for targeted and proportional ESI collection outlined in Raine Group.
  • The speakers also discussed how organizations should move upstream to focus on information governance to reduce the data funnel as soon as possible. The new generation of eDiscovery technology in the areas of collection, identification, analytics, and early data assessment, enables enterprises to operationalize proportionality principles.

The webinar culminated with the notion that an optimized process that applies proportionality upstream at the collection and identification stage reduces the data volume funnel by as much as 98 percent from over-collection models, yet with increased transparency and compliance. A link to the recording from the webinar can also be accessed here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, ECA, eDiscovery, Enterprise eDiscovery, ESI, Preservation & Collection, proportionality

Tagged as , ,

September 20, 2022 · 10:46 AM

The Traditional Workplace is Not Coming Back, with Major Implications for eDiscovery

By John Patzakis

The world has in many ways returned to life as it was prior to the pandemic. Restaurants and hotels are packed again. Children are all back in their classrooms. Rock bands and philharmonics are playing in front of full audiences. But this is not so for the office.

Only about a third of knowledge workers are back in the office more than once a week, but, according to CNN, only 5 percent of employers are requiring in-office attendance five days a week. And it doesn’t look like these trends are going to change dramatically any time soon. In fact, the trend toward remote work should continue as office leases continue to expire. The vast majority of knowledge workers prefer some form of hybrid or remote work, and executives are increasingly coming to accept that reality. Remote and hybrid work is here to stay. And this has major repercussions for eDiscovery practices.

This is because the legacy manual collection workflow involving travel, physical access and one-time mass collection of custodian laptops, file servers and email accounts is a non-starter for the new era of remote and distributed workforces. Manual collection efforts are expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed, thus substantially driving up eDiscovery costs.

When it comes to technical approaches, endpoint forensic crawling methods are now a non-starter. Network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective, especially with remote workers needing to VPN into a corporate network. Corporate network bandwidth is at a premium, and the last thing a company needs is their network shut down by inefficient remote forensic tools.

For example, with a forensic crawling tool, to search a custodian’s laptop with 20 gigabytes of email and documents, all 20 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least a day or so per computer. So, most organizations choose to force collect all 20 gigabytes. But while this was merely inefficient and expensive pre-pandemic, it is now untenable with the global remote workforce.

Solving this collection challenge is X1 Enterprise Collect, which is specially designed to address the challenges presented by remote and distributed workforces. X1 enables enterprises to remotely, quickly and easily search across up to thousands of distributed endpoints and data servers from a central location. Legal and compliance teams can perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. The key to X1’s scalability is its unique ability to index and search data in place, thereby enabling a highly detailed and iterative search and analysis, and then only collecting data responsive to those steps.

X1 operates on-demand where your data currently resides — on desktops, laptops, servers, or the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. After indexing of systems has completed (typically a few hours to a day depending on data volumes), clients and their outside counsel or service provider may then:

  • Conduct Boolean and keyword searches of relevant custodial data sources for ESI, returning search results within minutes by custodian, file type and location.
  • Preview any document in-place, before collection, including any or all documents with search hits.
  • Remotely collect and export responsive ESI from each system directly into a Relativity or RelativityOne® workspace for processing, analysis and review or any other processing or review platform via standard load file. Export text and metadata only or full native files.
  • Export responsive ESI directly into other analytics engines, e.g. Brainspace®, H5® or any other platform that accepts a standard load file.
  • Conduct iterative “search/analyze/export-into-Relativity” processes as frequently and as many times as desired.

To learn more about this capability purpose-built for remote eDiscovery collection and data audits, please contact us.

Leave a comment

Filed under Best Practices, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Preservation & Collection

Tagged as , , , , , , ,

June 15, 2017 · 8:22 AM

eDiscovery Tech Can Effectively Address Key Cybersecurity Requirements

Organizations spent an estimated 122.45 billion USD in 2016 on cybersecurity defense solutions and services, in a never-ending effort to procure better firewalls, anti-malware tools, and intrusion detection and prevention systems to keep hackers out of their networks. However, recent industry studies clearly demonstrate that threats posed by insiders (whether through malice or negligent conduct) dwarf those from the outside.

In fact, industry experts assert that employees are inadvertently causing corporate data breaches and leaks daily. The Ponemon Institute recently surveyed hundreds of companies in its 2016 Cost of Data Breach Study.  Among 874 incidents, the survey revealed that 568 were caused by employee or contractor negligence; 191 by malicious insiders and only 85 incidents purely attributed to outsiders.

An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and increased sophistication and determination of attackers looking to exploit unwitting and even recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

The most serious and often devastating cybersecurity incidents are usually related to “spear phishing” attacks, which are comprised of targeted and often highly customized electronic communications sent to specific individuals in a business that appear to come from a trusted individual or business. The targeted insider is often tricked into disclosing their passwords, providing highly sensitive information, or installing malware on their computer. These attacks tend to be successful because they are so customized and are designed to evade traditional cybersecurity defenses.

Much of the evidence and other indications of spear phishing and malicious insider incidents are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise. To detect, identify and effectively respond to insider threats, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high user computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of customized spear phishing attacks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations.

Beyond providing enterprise eDiscovery and information governance functionality for an organization, employees benefit from having use of the award-winning X1 Search product to improve their productivity, with the added benefit of allowing the business to address the prevalent cybersecurity gap in addressing spear phishing attacks and other insider threats.

 

Leave a comment

Filed under compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance

Tagged as , , ,