<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=513385&amp;fmt=gif">

By Debora Motyka Jones, Esq.

Published on Fri, May 14, 2010

All posts by this person

Co-authored by David Rostov

There is a fair amount of confusion regarding collections of client data.  To help guide your approach to collections, we have provided an overview of the top five questions and their answers.

How should collections be performed?

· All data collections should be performed in a forensically sound manner. This means that the collection should done using sound, defensible manner using industry accepted tools and procedures. The collection should produce an accurate representation of the source evidence.


Targeted Collection versus Full Forensic Collection?

· A targeted collection includes only active files deemed relevant to the case (e.g. emails and Microsoft office documents).

    • Reduces cost and time due to faster collection time and less data.
    • It does not preserve deleted data.
      • Some additional spoliation risk.
      • The methodology may be easier to challenge in court.

· A forensic collection is a bit-for-bit copy of the entire hard drive including all active files, deleted files, file fragments and blank space.

    • Preserves all data reducing the risk of spoliation.
    • Has greater legal defensibility.
    • However, it is more expensive.

If files are deleted, what can be recovered?

· When the content of the file remains on the drive AND

o Files are in the Windows Recycle Bin;

o Files have not been overwritten by a new file;

o Files are partially overwritten.

· When the content is in a PST AND

o The damaged/corrupted files, “Deleted Items” files and partially overwritten files are identified and recovered into a new PST file.


If files are deleted, what cannot be recovered?

· Files that were completely overwritten with new files.

· Drives that were “wiped” using wiping software.

· Drives that were physically damaged and cannot be repaired
(even in a lab environment).


What are the leading industry software tools for collection?

· EnCase and FTK Imager for forensic collections.

o This is the “gold” standard used by law enforcement as well.

· Paraben’s Device Seizure for cell phone collections.

· Microsoft ExMerge for Exchange server collection.

· Microsoft Robocopy often used for Targeted Collections.

· Microsoft NTBackup for backup files (.bkf).

· Symantec Norton Ghost for backup and recovering files.

About the Author
Debora Motyka Jones, Esq.

Senior Advisor, Market Engagement and Operations

Debora has been with Lighthouse since 2009 and has made a significant impact on the company’s growth and business strategy during her tenure. With a background in litigation from practicing at law firms in both Washington D.C and Washington State, her expertise and deep understanding of complex ediscovery matters enabled her to create a resonating brand and architect the innovative products and services that keep Lighthouse at the forefront of the ediscovery market. She led the execution and implementation of the company’s rebranding in 2012 and developed the marketing department from the ground up. In addition, she has been instrumental in spearheading the company’s strategic technology partnerships, driving the formation of Lighthouse’s product strategy, and the evolution of Lighthouse’s SmartSeries. She also instituted and continues to maintain a client advisory board to ensure strong alignment with market demands. Finally, in 2015, Debora lead the company’s expansion to the eastern seaboard by managing the development the New York office and team, as well as expanding upon the company’s current set of services and clientele.

Prior to joining Lighthouse, Debora was a Complex Commercial Litigation Associate at Weil, Gotshal & Manges LLP in Washington, D.C. where she worked on matters such as the WorldCom and Enron bankruptcies. Her practice also included multi-million-dollar commercial and securities litigation, and internal investigations. While at Weil, Debora was recognized three times for her dedication to pro bono service. Debora also practiced as a litigation Associate at McNaul Ebel Nawrot & Helgren PLLC. Her practice included commercial, employment, and securities litigation, as well as legal malpractice defense.

Debora received a B.A. in Psychology from the University of Washington where she graduated magna cum laude. She received her law degree from The George Washington University Law School in Washington, D.C. She is admitted to practice law in New York State, the District of Columbia (inactive membership), and Washington State. Debora is Level II Pragmatic Marketing Certified. Debora is actively involved in the legal community as the former Director of Women in eDiscovery, as a mentor with Mother Attorneys Mentoring Association of Seattle, as an Advisory Board Member for the Organization of Legal Professionals, as the former Chair of the Association of Corporate Counsel (ACC)'s New to In-House Committee, and as a former board member of the Washington Women Lawyers (WWL). Debora was also recognized for her contribution to the ACC and was named 2012 WWL Board Member of the Year. Debora is a frequent speaker on eDiscovery strategy, a former instructor for the Organization of Legal Professionals, and a regular Lighthouse blog contributor.