Watch it on demand by clicking here.
One of the unanticipated consequences of the COVID-19 pandemic and the ensuing shift of office employees being forced to work from home, is the impact on counsel who must continue to direct forensically defensible collections for ediscovery, investigations, and regulatory response scenarios. As employees adjust to remote work, they are increasingly commingling personal data sources, home networks, and corporate data, which in turn creates a wealth of new data sources that will need to be collected as potentially-relevant ESI.
In my recent webinar, I discussed this significant shift to the “new normal” of digital forensics and how information governance policies and IT security practices should be proactively extended to remote employees, as well as ways to mitigate future complications around forensic collections that will now need to be almost exclusively remote. Here are a few of the most important aspects to consider on how working from home impacts digital forensics, and practical workflow strategies for handling remote ESI collections.
Working from Home: The Digital Forensics Impact
There’s a behavioral impact that automatically comes with working entirely from home, with less delineation between the workday and home life, and subsequently more temptation to use your work laptop for personal reasons. This behavioral impact is also mirrored in the reverse scenario where personal devices become more convenient to use for work. Although we were already seeing quite a bit of intermingling of data pre-COVID-19, this habit is dramatically increasing as home has quickly become the only workplace and there hasn’t been time for organizations to adopt new IT policies to tackle these issues.
With the advent of this new remote workplace era, data (mis)management will remain with us for future matters and there will be a permanent impact on collections going forward. Among the top adjustments that need to be made is custodian questionnaires must be enhanced to scrutinize whether any relevant work-related data or communications reside on the custodians’ home devices. The same scrutiny will need to be applied to personal data potentially residing on work laptops as the opportunities for this type of data intermingling or “contamination” will undoubtedly continue to increase.
ESI Collections: Practical Workflow Strategies
Even though we’re currently not able to travel onsite to acquire device and data source evidence, we can continue collections by relying on sound and defensible forensic remote strategies that are already in place. Collections from the Cloud are status quo and conducted remotely by definition, but for other ESI sources, we will favor targeted and logical collections over full physical forensic images.
For remote collections on premise at an office that’s closed, if there’s a skeleton IT crew in place, screen sharing can be utilized to mimic the exact scenario of a forensics professional being onsite to help load a hard drive or provide access into a server. For custodians sitting at home, the same process can apply and technical guidance can be provided remotely. If shipping is a safety concern, data can be uploaded by secure encrypted file transfer protocol (FTP) using software that can resume broken uploads or by utilizing fast data transfer solutions such as Aspera. Whether figuring out a safe way to transport encrypted hard drives back and forth or using remote data transfer technology, we’ll need to plan for increased turnaround times due to varying upload speeds from home and/or decontamination procedures that are implemented for shipping protocols.
Key Takeaways
As company and personal custodian data commingling grows during COVID-19, a permanent shift is happening in digital forensics and ediscovery. From a legal standpoint, it’s settled that company-related communication on personal devices is subject to discovery, thus custodian interviews and other information-gathering techniques to identify the relevant scope of a collections effort must be enhanced. And although data preservation and evidence acquisition tasks may take longer to conduct when onsite collections is not an option, the technology is already in place to ensure forensically sound and defensible remote collections now and in the future.
To discuss this topic further, please feel free to reach out to me at JBui@lighthouseglobal.com.
