Asia (Other)

Screenshot 2020-11-18 at 5.35.30 PMData collection and analysis for investigations is very different to collection for discovery or review. This article discusses the differences; how Early Case Assessment (ECA) can assist and the benefits of using review technology.

Data collection and analysis for an investigation

Collecting for investigation often involves overcoming many barriers. Analysis faces the added difficulty of reconstructing past events as they occurred.

An example of hidden complexity in an investigation is information about user activities in specific locations or timeframes. Video files may be overlooked but can contain complex hidden information. Studying the metadata (data about the data) such as who created the video and the time it was created, as well as the GPS location of the videos and/or images could be used to indicate when or where the item was recorded which might prove very pertinent.

Mobile phone data is another great data source which may create difficulties if the forensic investigator is not well versed. A Digital Forensics expert can assist if the person being investigated refuses to surrender their mobile phone. One would assume there is no way for the data to be collected. In reality, if the person ever connected their mobile phone to their work device and created a back-up, the forensic investigator can access the user-generated back-up. A large amount of data can be easily recovered using the back-up, including deleted data. This will likely include (but not be limited to) communications, documents and photos.

When it comes to data, ideally recovery should start as soon as possible. The longer the period of time between an incident and investigation, the higher the risk that data will not be recovered.

Our clients are particularly interested in a timeline of events to understand what occurred and allow for the development of the story. This involves reporting on significant dates and relates to when activity was recorded on a particular day. It includes activities such as when documents were created, what was deleted, when something was copied from C: drive to a USB, etc. The aim is to reconstruct these events and understand what happened on a particular day or timeframe.

Screenshot 2020-11-18 at 5.36.05 PM

Early Case Assessment (ECA)

Once all the data is collected, then what is irrelevant needs to be taken out.

Firstly, the level of duplication is checked so duplicates can be removed and the legal team doesn’t have to review the same emails over and over. This involves running initial searches to filter out the rubbish, eg. emails from Yahoo Sport or Google News. It is also possible to sort by custodian, eg. emails going from the company to an external receiver.

This process assists with planning and how data will be reviewed. It is important to examine the metrics for cutting the irrelevant data and capturing what is potentially relevant. The point is to prioritise and find evidence to move the review faster, saving time and money for all parties.

One of the other benefits of ECA is the ability to look at communications between two individuals and the events that happened, and better form an opinion about whether there is a chance in winning the case.

Using the review platform

Once the data is in the review platform and on a timeline, it is possible to click into the timeline using a real-time filter on the data and see all the custodians. Search terms are provided so the data can be searched.

There are two ways to review, by reviewing for what is relevant and by reviewing for what is irrelevant so it can be removed. In other words, are they responsive or non responsive? Or is it a hot document? The document then needs to be tagged. The tags are completely customisable. If the tags have already been decided on, it makes things much easier, particularly if working with a review team or multiple teams.

The review platform allows teams to work together without doubling up over each other, so the review is much faster. Everything is tracked and properly recorded, and it can also be used remotely. Users can log in with Google Chrome or Internet Explorer.

From here, analytics and technology can be used to help refine the review further.


Law In Order is a leading provider to the legal profession of eDiscovery and legal support services including forensic data collection, information governance, managed document review, and virtual arbitration or mediation services.  We provide a secure, flexible and responsive outsourced service of unparalleled quality to law firms, government agencies and inhouse corporate legal teams. The Law In Order team is comprised of lawyers, paralegals, system operators, consultants and project managers, with unparalleled knowledge and experience in legal technology support services.


By David Kerstjens



Screen Shot 2019-04-12 at 3.34.17 PME:

Related Articles by Firm
Spotlight on eDiscovery
Many people are still confused about what electronic discovery encompasses ...
Will we see the end of Keywords in eDiscovery?
With the advances in Technology Assisted Review (TAR), it raises questions as to whether keywords still have a place in eDiscovery ...
How to Make Data Collection More ‘Effective’
Data can be collected efficiently, but if relevant data is not collected then the case will not come together.
Information Governance: Preserving Data and Being Prepared for Investigation
Organisations need to ensure their rules around information governance are being enforced. Many US organisations have an information governance officer in their IT, legal ...
How to speak IT
Ideally, everyone should have a basic understanding of the company’s IT infrastructure, not least because as more companies digitise, the risk of cyber threats increases. A cyberattack can come from anywhere ...
Computer Forensics and the Rise of the Drone
With more people being confined to their homes in different parts of the globe, hobbyists will be finding new uses for their drones ...
Redactions? How to Ensure There are no Nasty Surprises
With recent headlines highlighting the damage and embarrassment that can be caused by poorly redacted documents, it is no wonder many firms and corporates are turning to legal document management specialists to secure their redactions ...
Self-Collection Risks
When digital evidence is required at the start of a matter, it’s easy to get swept up in the moment and start rushing to gather the evidence but this is a key time to step back, take a moment ...
What Happens After the Dawn Raid?
The dawn raid has led to the forensic collection of 100,000 documents, now safely secured on a hard drive. What is the process from here? It’s important to plan your strategy in advance to minimise downtime, extract relevant documents and ...
Bringing eDiscovery In-House? Four Tips to Get You Started
With an increase in litigation and in costs for document review, more and more companies are considering bringing parts, if not all, of the eDiscovery process in house ...
A Lawyer’s Future is Looking Sharp with Electronic Hearings
The benefits of running an efficient collection and forensic process extends all the way to the hearings room ...
Forensic investigations, the role of corporate counsel and the rise of information governance
Head of Forensics – Erick Gunawan, discusses the Role of Corporate Counsel in the context of litigation or investigation and the increasing importance of information governance ...
Forensic investigations and cross-border matters
What are the current trends in forensic investigations for cross-border matters? Head of Forensics - Erick Gunawan, looks at the constant evolution in data types and volumes, and the ever-tightening data privacy laws and regulatory intervention ...
Adopting eDiscovery for internal investigations
In-house counsel are often called on to manage an internal investigation. How can you effectively plan for and manage these investigations? We explore how electronic discovery (eDiscovery) tools help you mitigate risk and achieve your fact-finding mission.
The evidence collector that’s always with you
It is an integral part of our life these days and an item that is rarely further than arm’s reach ...
Related Articles
Related Articles by Jurisdiction
Reducing and removing involvement in modern slavery
The first of four reports from Kroll and Liberty Asia on how to mitigate any hidden compliance and reputational risks relating to human trafficking issues ...
Self-Collection Risks
When digital evidence is required at the start of a matter, it’s easy to get swept up in the moment and start rushing to gather the evidence but this is a key time to step back, take a moment ...
Latest Articles