If you’re a litigator and you’ve dealt with discovery, you’ve probably heard the term “metadata” associated with electronic evidence. But do you know what metadata is? And do you know the importance of metadata in eDiscovery and why you need it to fully understand and authenticate that evidence? Let’s take a look at what metadata is and why it’s important to your case.
Metadata is literally defined as “data about data”. It’s the information that is used to classify, organize, label and understand your electronic evidence, making sorting and searching for that evidence much easier.
We use metadata to organize electronic files (i.e., structural metadata, such as page numbers, chapters, etc.), to preserve and establish intellectual property right to electronic files (i.e., administrative metadata, such as a Creative Commons license) and to describe the electronic files themselves (i.e., descriptive metadata, such as title and author).
The importance of metadata in eDiscovery stems from the fact that it provides so much additional information about the evidence. Imagine reviewing a printout or image of an Excel workbook and not being able to see the formulas that have been used to calculate the numbers. Those formulas are key metadata necessary to fully understand those Excel workbooks.
Typical analysis of file metadata by a digital forensics computer expert tends to be used to help put together a timeline of events. How and when an individual interacts with a computer program to create, modify, print or copy documents can often be pivotal evidence when this information is considered with all other events that happened across a device. For instance, on an employee’s last few days of employment, it may be extremely important on how they interacted with the files on their work computer.
Metadata even serves to help authenticate electronic evidence or help identify when evidence has been falsified. Here are three examples of recent cases where metadata (or lack thereof) identified potentially questionable evidence:
Electronic evidence without metadata is, at best, incomplete and, at worst, could be tampered with or falsified. It’s important to understand metadata and work with a professional who can advise you on what metadata is important to your case. Don’t underestimate the importance of metadata in eDiscovery – the outcome of your case could depend on it!
Next time, we’ll provide examples of metadata for given file types. You won’t believe how much metadata is available regarding your electronic evidence!