Strange Exchange E-mail Addresses in e-Discovery

By | Articles

If you are involved in the production or review of electronic evidence, you might have seen e-mail addresses that look a bit different than usual. For example:

/O=EXAMPLE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USERNAME

Have you ever wondered what these values are? The two scenarios we run into most frequently are as follows.

Read More

Transferring Electronic Evidence in File Containers

By | How-to

A vast amount of electronic evidence is being transmitted everyday via electronic file transfers among corporations, law firms and e-Discovery service providers. Most of these transfers involve compressing the evidence into a file archive (ZIP, RAR, 7z etc.) and transferring the resultant archive(s) over the internet. While this is usually a straightforward process, it is critical to make the right decisions and use the right tools to avoid trouble down the road.

Read More

Frequently Asked Questions About De-Duplication

By | Articles

De-duplication is used extensively in digital forensics and e-Discovery as a way of culling documents. While the process itself is simple, de-duplication can be performed in numerous ways which affect review time, cost and your understanding of the custodians. Here are some questions that frequently come up while we discuss de-duplication options with clients.

Read More

Time Zones in e-Discovery

By | Articles

Date/time information extracted from e-mails and electronic documents is a major aspect of electronic evidence. In order to interpret and display the extracted timestamps correctly, most digital forensics and e-Discovery software require the end user to specify a time zone. The selected time zone can have numerous effects such as the appearance of timestamps on printed e-mails or whether or not certain documents fall within the relevant time frame during culling. Especially in cases that involve multiple time zones, it is critical to determine how time zones should be handled in order to avoid potential problems down the road.

Read More

Validating Copy Results Using md5deep

By | How-to

Robocopy is a great tool for copying files, but it does not offer an option to hash the source and destination files. While this may not be necessary for casual personal use, being able to confirm that the output files are identical to the source files using cryptographic hashes is crucial when working with electronic evidence.

There are commercial off-the-shelf file copy tools which have this functionality built-in, but they usually lack the flexibility that Robocopy offers. If you are a Robocopy fan, and do not mind a little bit of command line work, follow along and we will show you how to validate Robocopy results using the freely available software package md5deep.

Read More

Embedded Objects in e-Discovery

By | Articles

We believe that discussing project specifications at the onset of a project and getting clear and complete instructions is the first step in completing an e-Discovery project successfully. One of the questions we regularly ask is whether or not embedded objects should be extracted. Over the years, we have found that most of our new clients require an explanation of what embedded objects are and the pros and cons of extracting them.

We typically recommend extracting all compound documents. However, we feel it is important that what this really means is understood clearly and an informed decision is made based on case requirements. We have come up with a few points for you to consider when making such a decision that will hopefully help you determine which route you should take.

Read More

Robocopy in e-Discovery

By | Software

Most legal professionals regularly handle electronic evidence in one form or another. Even if you are not an e-Discovery or computer forensics expert, there are steps you can take to make sure you are not spoliating electronic evidence.

Read More
Create Database CPL

Create Database CPL – Create Concordance DCB from Load File

By | Software

LexisNexis Concordance® is currently one of the most popular discovery management software and many service providers and legal departments deal with Concordance Load Files on a regular basis. In some cases, the Concordance load file is received without an accompanying database structure. Unless there is an existing database that the load file will be imported into, the person performing the import has to create a Concordance Database (DCB).

The above scenario is usually not an issue as long as the load file contains only a few fields. However, manually creating an e-Discovery database to accommodate a 100+ field Concordance Load File can be a tedious task. To make things a bit easier, we have created a Concordance program called “Create Database CPL” using the Concordance Programming Language (CPL). The CPL reads the header row of a Concordance load file (DAT), extracts the field names and creates a Concordance Database (DCB) with matching fields. It requires that your load file starts with a header row which contains the field names.

Read More