By Jerry Bui

Published on Fri, April 10, 2020

All posts by this person

Watch it on demand by clicking here.

One of the unanticipated consequences of the COVID-19 pandemic and the ensuing shift of office employees being forced to work from home, is the impact on counsel who must continue to direct forensically defensible collections for ediscovery, investigations, and regulatory response scenarios. As employees adjust to remote work, they are increasingly commingling personal data sources, home networks, and corporate data, which in turn creates a wealth of new data sources that will need to be collected as potentially-relevant ESI.

In my recent webinar, I discussed this significant shift to the “new normal” of digital forensics and how information governance policies and IT security practices should be proactively extended to remote employees, as well as ways to mitigate future complications around forensic collections that will now need to be almost exclusively remote. Here are a few of the most important aspects to consider on how working from home impacts digital forensics, and practical workflow strategies for handling remote ESI collections.

Adopting a Compliant Defensible Remote Collections Strategy

Working from Home: The Digital Forensics Impact

There’s a behavioral impact that automatically comes with working entirely from home, with less delineation between the workday and home life, and subsequently more temptation to use your work laptop for personal reasons. This behavioral impact is also mirrored in the reverse scenario where personal devices become more convenient to use for work. Although we were already seeing quite a bit of intermingling of data pre-COVID-19, this habit is dramatically increasing as home has quickly become the only workplace and there hasn’t been time for organizations to adopt new IT policies to tackle these issues.

With the advent of this new remote workplace era, data (mis)management will remain with us for future matters and there will be a permanent impact on collections going forward. Among the top adjustments that need to be made is custodian questionnaires must be enhanced to scrutinize whether any relevant work-related data or communications reside on the custodians’ home devices. The same scrutiny will need to be applied to personal data potentially residing on work laptops as the opportunities for this type of data intermingling or “contamination” will undoubtedly continue to increase.

ESI Collections: Practical Workflow Strategies

Even though we’re currently not able to travel onsite to acquire device and data source evidence, we can continue collections by relying on sound and defensible forensic remote strategies that are already in place. Collections from the Cloud are status quo and conducted remotely by definition, but for other ESI sources, we will favor targeted and logical collections over full physical forensic images.

For remote collections on premise at an office that’s closed, if there’s a skeleton IT crew in place, screen sharing can be utilized to mimic the exact scenario of a forensics professional being onsite to help load a hard drive or provide access into a server. For custodians sitting at home, the same process can apply and technical guidance can be provided remotely. If shipping is a safety concern, data can be uploaded by secure encrypted file transfer protocol (FTP) using software that can resume broken uploads or by utilizing fast data transfer solutions such as Aspera. Whether figuring out a safe way to transport encrypted hard drives back and forth or using remote data transfer technology, we’ll need to plan for increased turnaround times due to varying upload speeds from home and/or decontamination procedures that are implemented for shipping protocols.

Key Takeaways

As company and personal custodian data commingling grows during COVID-19, a permanent shift is happening in digital forensics and ediscovery. From a legal standpoint, it’s settled that company-related communication on personal devices is subject to discovery, thus custodian interviews and other information-gathering techniques to identify the relevant scope of a collections effort must be enhanced. And although data preservation and evidence acquisition tasks may take longer to conduct when onsite collections is not an option, the technology is already in place to ensure forensically sound and defensible remote collections now and in the future.

To discuss this topic further, please feel free to reach out to me at JBui@lighthouseglobal.com.

About the Author
Jerry Bui

Executive Director of Digital Forensics

As Executive Director of Digital Forensics within Lighthouse’s Advisory group focused on governance, risk, and compliance issues, Jerry provides expert witness and strategic consulting services to law firms and corporations in the areas of computer forensics, investigations, electronic discovery, and litigation support. Jerry brings over 15 years of experience in digital forensics, ediscovery, automated risk assessments, compliance monitoring, and investigative analytics to his role as the Forensics lead at Lighthouse.

Prior to this role, Jerry was the U.S. Director of Forensics at Inventus, LLC, where he acted as the national leader of digital forensic services and evidence collection for investigation and litigation matters and was responsible for the development of proactive risk management consulting services. Before joining Inventus, LLC, Jerry served as an independent contractor supporting an OFAC investigation for a large online retailer in response to a regulatory inquiry. Prior to this, Jerry was the Advisory Director of Forensic Technology Services and Investigative Analytics at PwC where he focused on global supply chain fraud and compliance solutions in pharmaceutical life sciences and food trust. He was responsible for advising clients on regulatory affairs and enforcement trends involving the Food and Drug Administration (FDA) and Department of Justice (DOJ) as it related to false claims, anti-bribery and anti-corruption, and food safety. Jerry has also held leadership positions at Ernst and Young, KPMG, and Navigant Consulting.

Jerry received his B.A. in Political Science with a focus on International Relations from UCLA.