ELECTRONIC Discovery (or E Discovery) refers, simply, to the examination of electronically-held information. It may include computer-held databases, email stores or mobile phone text messages.
It was not too long ago that when authorities raided a company’s premises, vans had to be hired to remove dozens of filing cabinets. The investigating organisation, meanwhile, had to make space in their premises for a huge volume of paper-based records.
While the paperless office today remains only a concept for many, it is far more likely that the records which need to be examined will be in a digital format.
Accordingly, E Discovery poses new challenges as well as opportunities for lawyers, accountants and their technical advisers.
Many years ago, a university lecturer inspired me with the subtleties of structured query language and database architecture. But, while E Discovery often applies to the reconstruction and examination of structured databases, it also applies to many other types of unstructured data.
Databases
Unfortunately, having recovered the data from a computer system or backup tape, it is not always possible to search the data by using a forensic tool as the data may be held in a proprietary format and needs a particular application for it to be read.
The database may have stored records in a format where examination of just one file produces gobbledegook. It is only when a number of files are read together, and links and associations are restored, that the data makes any sense. This often does not entail simply importing the data into a common desktop application, as the data such common applications can read is limited.
On one E Discovery exercise involving the insolvency of a packaging manufacturer, the database system used was a DOSbased application that was pretty much unheard of. To further complicate matters, the data had been password-protected and the password was not available. After some research, the author of the relevant application was located, and he was able to produce a back-door method of entry so that the data could be viewed and interrogated.
In another case, we had to obtain and rebuild a database application so that the data could be imported and then exported into a version that made sense to the client.
Where is that message?
E Discovery is not just about retrieving data from databases. It can also, of course, involve email and web-hosted applications.