Asia (Other)

Screenshot 2020-01-31 at 2.57.56 PMFor multinational firms, there are a number of challenges during collections including staff in different countries or data stored in centres across the globe or in the cloud. These all present difficulties accessing data so it’s critical to ensure data is collected efficiently.

The important concept is effective collection. Data can be collected efficiently, but if relevant data is not collected then the case will not come together.

There are a few ways to ensure effectiveness. Firstly, run comprehensive interviews with relevant organisational staff, starting with the Legal Team, to get an understanding of the scope. These discussions inform the conversation with IT who will know the most about the data and how it is stored. Next, understand the organisation’s policies around data and how employees handle data, including whether they use personal devices for work. For example, if they use a personal mobile phone to access work emails and are then investigated, they may be required to surrender their personal mobile phone.

The aim is to prepare multi-dimensional metrics linking the employees to the data sources and how best to collect them.
By the end of the interviewing process, the organisation may only have 10 or 20 employees relevant to the investigation. From that group, there may be 100GB of data that needs to be collected.

Personal devices create intricacies around collections. The main concerns of an individual during investigation is how long will they be without their personal device and whether their personal data be viewed.

The next challenge is scheduling. Collections performed on shared resources need to be conducted with least disruption. This is more difficult with people travelling or if the collection needs to be performed covertly.

The data collection plan is essential as there is only one chance to collect a device in a forensically sound manner. The contents of an employee’s computer today may be very different tomorrow. If they receive notification of the collection through their device, the employee can wipe everything and nothing can be recovered.

How is this addressed? To ensure relevant data is retained, a Document Preservation Notice is sent. It could be an email or memo notifying relevant employees that the organisation is putting a litigation hold on their devices, not to delete any of their data and to back up everything. The auto-deletion process is disabled and the custodian of the data is told what to do to preserve the data.

Measures need to be put in place so that if someone tries to release the data, it can be recovered. The organisation may not know every method to preserve all the different types of data as they generally won’t have forensic training.

What sorts of data would be collected? Typically, data is divided broadly into two groups — structured and unstructured. Unstructured data is day to day data such as emails and documents. An example of structured data is a database, eg Client Relationship Management system, Document Management System or HR database. Structured data can create complications as it needs to be exported and you may need to allow extra weeks or months to get the relevant data ready for discovery and engage the assistance of the external system provider. For unstructured data, a backup or forensic collection can be performed quickly depending on data volume.

Data must be preserved when exported, eg document creation date, when it was last modified and by whom, document owner and what happened to the document. If you know the criteria, depending on relevance, keyword searches can be performed and searches run to produce the relevant data. These keyword searches may be possible within the system that houses the data or may require processing into an eDiscovery platform.

Regarding investigations, sexual harassment matters, victimisation and bullying where it’s likely that data will be deleted, the only way to recover deleted data is through forensic imaging and data carving. Data carving means any deleted data could potentially be recovered.

Throughout the process, contemporaneous notes are completed by all members of the Team so every element is documented. These notes will ensure chain of custody of devices is maintained, methods utilised to perform the collections, any issues faced whilst onsite and any limitations faced are recorded. These notes ensure admissibility of the evidence collected and provide the information required to give thorough statements on the overall collection process.


Law In Order is a leading provider to the legal profession of eDiscovery and legal support services including forensic data collection, information governance, managed document review, and virtual arbitration or mediation services. We provide a secure, flexible and responsive outsourced service of unparalleled quality to law firms, government agencies and inhouse corporate legal teams. The Law In Order team is comprised of lawyers, paralegals, system operators, consultants and project managers, with unparalleled knowledge and experience in legal technology support services.


By David Kerstjens



Screen Shot 2019-04-12 at 3.34.17 PME:

Related Articles by Firm
Data collection and early case assessment for investigations
Data collection and analysis for investigations is very different to collection for discovery or review. This article discusses the differences; how Early Case Assessment (ECA) can assist and the benefits of using review technology ...
Spotlight on eDiscovery
Many people are still confused about what electronic discovery encompasses ...
Will we see the end of Keywords in eDiscovery?
With the advances in Technology Assisted Review (TAR), it raises questions as to whether keywords still have a place in eDiscovery ...
Information Governance: Preserving Data and Being Prepared for Investigation
Organisations need to ensure their rules around information governance are being enforced. Many US organisations have an information governance officer in their IT, legal ...
How to speak IT
Ideally, everyone should have a basic understanding of the company’s IT infrastructure, not least because as more companies digitise, the risk of cyber threats increases. A cyberattack can come from anywhere ...
Computer Forensics and the Rise of the Drone
With more people being confined to their homes in different parts of the globe, hobbyists will be finding new uses for their drones ...
Redactions? How to Ensure There are no Nasty Surprises
With recent headlines highlighting the damage and embarrassment that can be caused by poorly redacted documents, it is no wonder many firms and corporates are turning to legal document management specialists to secure their redactions ...
Self-Collection Risks
When digital evidence is required at the start of a matter, it’s easy to get swept up in the moment and start rushing to gather the evidence but this is a key time to step back, take a moment ...
What Happens After the Dawn Raid?
The dawn raid has led to the forensic collection of 100,000 documents, now safely secured on a hard drive. What is the process from here? It’s important to plan your strategy in advance to minimise downtime, extract relevant documents and ...
Bringing eDiscovery In-House? Four Tips to Get You Started
With an increase in litigation and in costs for document review, more and more companies are considering bringing parts, if not all, of the eDiscovery process in house ...
A Lawyer’s Future is Looking Sharp with Electronic Hearings
The benefits of running an efficient collection and forensic process extends all the way to the hearings room ...
Forensic investigations, the role of corporate counsel and the rise of information governance
Head of Forensics – Erick Gunawan, discusses the Role of Corporate Counsel in the context of litigation or investigation and the increasing importance of information governance ...
Forensic investigations and cross-border matters
What are the current trends in forensic investigations for cross-border matters? Head of Forensics - Erick Gunawan, looks at the constant evolution in data types and volumes, and the ever-tightening data privacy laws and regulatory intervention ...
Adopting eDiscovery for internal investigations
In-house counsel are often called on to manage an internal investigation. How can you effectively plan for and manage these investigations? We explore how electronic discovery (eDiscovery) tools help you mitigate risk and achieve your fact-finding mission.
The evidence collector that’s always with you
It is an integral part of our life these days and an item that is rarely further than arm’s reach ...
Related Articles
Related Articles by Jurisdiction
Innovating internal investigations in today’s hyperconnected world
Data visualisation tools have emerged as a powerful resource for internal investigations ...
When disaster strikes – seven lessons in handling a cyber attack
Proper preparation and planning can help organisations set out a clear path for responding to a cyber breach ...
3rd annual Representing Corporate Asia survey, including Firms of the Year, 2009
The issues affecting in-house counsel’s choice of external counsel, and a full list of the winning firms as voted by our in-house counsel community ...
Latest Articles