Evidence in Legal Discovery Revolves Around Emails

A major portion of important electronic evidence in legal discovery revolves around emails – it’s still the primary way that we communicate with all business partners and colleagues, both internal and external.  Email is the first and foremost source of “who said what when” and what work product did they share as part of those communications.  Because every email is date and time stamped, it even helps self-document a chronology of events in the case!

The Pitfalls of Self-Collection

If you’re a litigator and you need to collect email from your custodians, it can be tempting to have them collect their own email.  But that approach can cause problems and even lead to sanctions.

Rule 26(g) of the Federal Rules of Civil Procedure require the attorney to certify the results of the discovery response and clause 26(g)(3) calls for sanctions for improper certification of the discovery response.  Here are links to two recent cases where Rule 26(g) violations occurred because counsel didn’t properly certify the production (the only reason that sanctions weren’t assessed in one of the cases is that there was still five months remaining before the discovery cut-off for the defendant to address the deficiencies).  Similar rules exist for various state and local jurisdictions as well.

So, the attorney needs to be involved in collection and, unless that attorney knows how to collect ESI in a sound forensic manner, he or she needs the help of an expert to ensure proper forensic collection of the email.

Forensic email collection is the acquisition of email directly from the server holding the data or from a client that entirely syncs with it. The importance for a forensically sound email collection is that the electronic evidence is collected in a way that allows it to be self-authenticated. This means that when the records were collected from the original source, it can be proven: 1) what scope of data was collected, 2) how it was collected, 3) who it was collected by, 4) that there are log records included for any errors or exceptions, and 5) that there are generated native files with original metadata.

What Can Go Wrong When Self-Collecting Email

There are several pitfalls to having custodians self-collect emails or even having their IT departments handle the self-collection, including:

  • Forwarding an Email: As we discussed in this post about the importance of metadata in discovery, the metadata of a forwarded email can be changed/altered and not verified for evidence submission.

  • Emails Produced as a PDF with No Backup: In that same post, we discussed (and provided an example) that emails converted to PDF can be edited. Even if you produce emails converted to PDF or TIFF, collecting the original native copy in a forensically sound manner will allow for the authenticity of an email to be verified in case of a challenge.

  • Custodian Self Selection: While a custodian can help identify important key documents, they will likely not be able to reliably identify all relevant data that would be required for disclosure. Forensic expertise here will help ensure a more complete collection.

  • Custodian Self Searching: Individual custodian or employees are likely not familiar with how to effectively search for emails archived that are stored on their computer or network drive. Not only that, but most email clients don’t have the robust searching capabilities needed to pinpoint specific responsive emails, so it’s better to have the forensic expert collect more broadly and assist the attorney within an eDiscovery solution designed for robust searching to provide a more granular result.

  • IT Personnel Searching Emails: While IT personnel may be familiar with email server software such as MS Exchange server, they typically only search what is within the email server. There are likely PST email archives or individual MSG messages located on a custodian’s computer or network share that are not considered or searched by the IT person that are not available to the email server.

Conclusion

As you can see, a lot can go wrong when it comes to self-collection of email and the results can be disastrous in terms of sanctions.  Next time, we’ll discuss the advantages of using a qualified forensic expert to ensure a forensically sound collection.

For more information about Forensic Discovery’s Computer Forensics services, click here.

Categories: eDiscovery /

Subscribe To Receive The Latest Resource Article

Get notifications when we add articles to our knowledge base.

Learn more about our Privacy Policy.

keurigdrpepper
Fortinet Logo
Ogletree Deakins logo
lb logo
GDC Logo blue
moye white us 24367

Related Posts

What Should You Collect for eDiscovery Start with What Your Business Uses What Should You Collect for eDiscovery Start with What Your Business Uses

What Should You Collect for eDiscovery? Start with What Your Business Uses

November 4th, 2021
Heres a Cyberattack That Shows the Weakest Link for Many Organizations Heres a Cyberattack That Shows the Weakest Link for Many Organizations

Here’s a Cyberattack That Shows the Weakest Link for Many Organizations

October 27th, 2021
ESI Protocols Are Your Chance to Get Your Case Off on the Right Track ESI Protocols Are Your Chance to Get Your Case Off on the Right Track

ESI Protocols Are Your Chance to Get Your Case Off on the Right Track

August 11th, 2021
Hash Values are the DNA of Digital Evidence Hash Values are the DNA of Digital Evidence

Hash Values are the DNA of Digital Evidence

August 4th, 2021