Digital Forensic Preservation vs. Collection: A Practical Guide

Forensic preservation and collection are crucial steps in any investigation or litigation. The choices legal teams make in these early stages not only determine what kind of a legal strategy they could put together, but also how burdensome it is to put that strategy together, and what kinds of audibles they can call downstream if that’s necessary.  

Collection Does Not Equal Preservation

So what exactly do “data collection” and “data preservation” mean and why is it important to keep the ideas separate?
Forensic preservation = making sure data remains intact in case it’s needed.
Forensic collection = taking data into custody for actual investigation.  

Think of your data population as a grocery store. It doesn’t make sense to buy the entire grocery store to make one dish because maybe you might need those ingredients. It makes far more sense to read your recipe, make a shopping list of ingredients you’ll need, and only buy the ones required.

When you collect every potentially relevant piece of data, you’re effectively buying the whole grocery store. This is usually going to end up being needlessly expensive, and make other processes downstream needlessly burdensome. By preserving data, you keep the grocery store intact and can always go shopping again if your first collection doesn’t pan out the way you want. In some cases, data preservation could be as simple as checking a few boxes on the backend of Microsoft 365. This distinction allows legal teams to benefit from more economical, tailored forensics techniques without leaving important evidence on the table. Preserving data means that you’ll have the option to make a Plan B (or C or D or E!) without the added, costly burden of collecting everything.

So Why Is Forensic Data Preservation Necessary? Isn’t Data Stored Anyway?

For a long time, conventional wisdom was that anything you write on the internet is there forever, but that’s not as true as it once was. Now, most of the technology we use in our day-to-day lives is cloud based, and people are generating so much new data that old data has to go somewhere. Automated deletion has become par for the course in most organizations.

Luckily, data preservation is not always that complicated. It could be as simple as disabling some of those automated deletion functions, and even simple preservation practices can still have a profound impact. More and more organizations are realizing the importance of such strategic data retention. By automating the deletion of redundant or obsolete data, organizations save on data storage, while still ensuring that important data remains available if further investigation is necessary. Forensics technicians can advise you on such policies, and how to organize the data you want to keep.  

When investigations do happen, these data preservation measures can help things run more smoothly, and can set you up to make contingency plans if need be. If it comes out later that crucial data could’ve been preserved but wasn’t, you could face adverse consequences such as sanctions. In a recent antitrust litigation, Google was sanctioned after courts determined a failure to preserve important information.

The important thing here is not to neglect data preservation because you’re assuming data is preserved by default. A digital forensics expert can work with you and your IT team to determine what is and isn’t being preserved already, and what changes to make if any are warranted.

So How Do I Determine What Data To Collect?

Once we let go of the idea that every potentially relevant piece of data needs to be collected as long as it’s preserved, that begs another question: what DO we collect?

Well… it depends.

What are you actually hoping to find during your investigation? Knowing that can guide your forensics team in the right direction. While it’s understandable to want all the information before you’re too committed to a strategy, James Whitehead, Associate Director of Digital Forensics at Contact Discovery, says that’s not always the best order of operations.

“As digital forensics experts, we often bring the most value when legal teams have some idea of what information they’d like to find, and where that information is most likely to live,” James says. “We can control costs and save time if we’re able to narrowly tailor our forensics approach to what’s most likely to prove helpful.”  

Oftentimes, that reluctance to have a more targeted approach stems from a fear of leaving important data behind. By making sure you’re preserving, you’re able to be a little more calculated with collection while still hedging your bets.  

By approaching these two related, yet different forensic processes with the appropriate strategies, legal teams can have their cake and eat it too: effective, efficient investigations without too much clutter in their dataset, while still protecting themselves against spoliation and a lack of contingency options.      

Disclaimer: This content is for general information purposes only, was not written by an attorney, and does not constitute legal advice.

Managed Review vs. Unmanaged Review: Which One’s Right For You?

Complex litigation cannot happen without some form of document review, whether that’s managed review or not. Document review cannot happen without reviewers. This raises a lot of questions that most lawyers never learned about in law school: Which reviewers do you hire? What parts of review can be trusted to technology, and what parts absolutely have to be done by humans? What work requires actual attorneys, and what work is better left to other litigation support professionals? 

There’s a myriad of considerations that go into these decisions depending on the case at hand and the capabilities of that particular legal team. One of those decisions is “who should make all the other decisions?” When legal teams are either spread too thin or simply want someone with a different realm of expertise, managed review services can be great for attorneys and their clients.

What eDiscovery Review Teams Do vs. What Lead Attorneys Do

Lawyers are good at a lot of things. They tend to be good researchers, and good at drawing connections between seemingly unconnected pieces of evidence. Unfortunately, those relevant pieces of evidence don’t just show up at a lawyer’s doorstep all wrapped up with a bow. Usually, they’re hidden somewhere in a massive pile of data.

If your legal case is a jigsaw puzzle, most lawyers could probably put that puzzle together just fine if there are relatively few pieces and they all come in the same box. Now, imagine the pieces of the puzzle that you want to make are in a box with thousands of other pieces that make up less relevant pictures. What happens when you’re not even 100% sure you have all the right pieces to make the picture you want to make? Can you find other pieces along the way that might make other helpful pictures?

It would be impossible for any one person to make their chosen puzzle in such a scenario. Instead, you need a coordinated team of people going through documents and coding them as relevant. These reviewers aren’t usually the ones making calls about big picture legal strategy, but they know what kinds of puzzle pieces to look for so that those other attorneys can actually put a picture together.

Finding the right pieces in that unruly pile is a separate skillset from actually putting the pieces together once you have them. Plenty of lawyers have great experience in both these areas, but it’s not a given, and there’s no shame in asking for outside help when you need it.

How Remote Review Services Can Help

Remote review and managed review services allow for legal teams to scale as needed in order to take on larger, review-heavy matters. Smaller teams who don’t have enough man power internally can staff up for one matter, and then scale back down afterwards.

Document review services aren’t just for when you need more reviewers, but sometimes simply different reviewers. Maybe you have documents in a foreign language that no one on your staff speaks; maybe you have a matter outside your normal realm of expertise, and need reviewers with different legal specialties.

Either way, remote review lets you take better care of your clients without having internal hires for every possible scenario that your clients might throw at you (which isn’t realistic for most law firms.)

Remote review is a great option for most law firms, but it comes with challenges of its own. Someone has to decide which reviewers are best suited for your matter. Someone has to decide how many reviewers you need to meet a deadline; those reviewers have to report to someone on a day-to-day basis, and that person needs to have an intimate understanding of the whole case, your overarching legal strategy, and whatever technology you’re using to assist human reviewers. Even after you agree on answers to all those questions, someone should be reevaluating things on a daily basis as new information comes to light. Of course, all these challenges multiply if you’re leveraging remote review for multiple cases.

So that raises a follow-up question…. Who should be that someone?

How Managed Review Can Help

In an unmanaged remote review situation, a client is still on the hook to answer questions from reviewers as they come up; the client needs to clearly communicate to reviewers what they’re looking for, and make sure all these different reviewers are taking a consistent approach to coding documents.

Unmanaged review does cost less money, but there can also be dire consequences if this point person is already spread thin and not able to give review management enough attention. What happens if an attorney gets caught up in court and can’t answer reviewers’ questions? What if they don’t notice that more reviewers are needed until it’s too late? What if they aren’t assessing progress often enough, and don’t realize a pivot in legal strategy is necessary until review is 99% done and there’s still no “smoking gun”?

This is why the biggest law firms that are dealing with complex litigation on a regular basis typically hire dedicated discovery project managers apart from their regular attorneys. They know that discovery can require near constant attention, and oftentimes it’s just not possible to give it that attention while dealing with all the other demands of being a lawyer: writing briefs, going to client meetings, court dates, etc. Such firms also know mismanaging discovery can have dramatic impacts downstream. Therefore, investing in constant vigilance at every step of the process will pay dividends later.

Managed review means you are not only temporarily hiring reviewers, but someone to manage them. Clients get to meet with one point person, describe their legal strategy and what they’re hoping to find in review. That point person turns around and handles all the other emails and meetings with the review team. Project managers can catch issues early on and bring them to the client’s attention.

How Do I Decide Which One Is Right For Me?

There’s different reasons someone might go the managed review route over unmanaged route. One might be that they simply don’t have attorneys with that discovery project management skillset. With managed review, a firm that cannot justify hiring discovery PMs internally can still have the same level of vigilance as a firm that could.

Another reason is that even if attorneys are perfectly capable of managing review themselves, their current caseload just doesn’t allow them to give it the attention it needs. By letting someone else answer more of the emails and sit in on more of the meetings, that attorney can focus on other things that a discovery PM couldn’t do, such as deposing witnesses or writing briefs.

Of course it’s going to depend on many factors specific to your case which can’t be addressed here, but generally the key factors that should shape your decision are:  

  1. Do you have discovery project managers internally? These could be either dedicated personnel or attorneys who have experience managing review.

  2. Do those people actually have enough room on their plate now to take on the responsibilities of managing this review?

If an unmanaged review situation is likely to result in either a) an attorney not having enough time to give all their matters the attention they deserve or b) review being managed by someone who’s never done it before and may not understand the intricacies of it, the managed review route is often best.

Cloud Forensics Is Here To Stay… But It Has A Dark Side

Data collection has always been an important first step of any legal investigation. Before the digital age, this could mean dusting a crime scene for fingerprints, or finding bits of the perpetrator’s DNA from some stray hairs.

Now, digital forensics technologists are on a never-ending quest to keep up with our ever-evolving digital landscape. Over the course of the 2010s, one technological development cast a bigger shadow than most. You probably know it as “The Cloud.”

It wasn’t that long ago that the cloud seemed like a mystical enigma. Many people were hesitant to make the migration for fear of security risks. Even as more users got accustomed to cloud backups with their personal technology, enterprise technology lagged behind. In more recent years, that’s changed. Anymore, it’s virtually impossible for a legal team to face a case where there isn’t relevant data in the cloud. So how does that reshape that initial data collection phase?

Why The Cloud Is Unavoidable

At one point, the cloud seemed optional. It was a nice bonus feature that allowed you to easily access your data from any device with an internet connection.

Now, the cloud is our default. Unless a user goes out of their way to avoid it, they’re using it. There are several reasons contributing to this.

For one, devices don’t come with the same local storage they used to. Anymore, a new laptop has less local storage than a new mobile device.

To make matters worse, we’re also creating more data. According to Statista, the total amount of data created, captured, copied, and consumed globally reached 64.2 zettabytes in 2020 (approximately 58.4 billion TB). In 2011, it was just 5 zettabytes.

That’s a 1,284% increase in data vs. when Apple first rolled out iCloud, a staggering figure considering we’re already talking about units as large as zettabytes. According to Statista’s projections, the number is expected to climb up to 181 zettabytes by 2025.

10 years ago, we communicated almost exclusively through email and text messaging. Now, we also have numerous social media channels, collaboration platforms like Slack and Teams, and other direct messaging apps such as WhatsApp, all of which exist alongside conventional texting and email. Many of these platforms make it easier than ever to send larger files such as photos and videos. As our communication channels multiply and multimedia messages become second nature, our need for data storage skyrockets.

The cloud has become the tech industry’s way of doing more with less. Users still get all the data storage they need to account for their changing habits without having to remember which of their six flash drives they saved that last document to. As James Whitehead, Contact Discovery’s Associate Director of Digital Forensics points out, the cloud has also reshaped user expectations.

“Anymore, we require access to our data at a moment’s notice on the device of choice,” Whitehead says. “The cloud allows for that but it also blurs the line between data ownership, and raises questions about what activities we can attribute to which users.”

Cloud usage has also become less dependent on a user’s preferred devices.

“Apple mobile devices were considered low hanging fruit with the multiple methods of backup and fairly easy collection workflows,” says Whitehead. “Androids on the other hand are an unwieldly bunch where the model, chipset, and encryption state affect what if any data can be collected from the device. Enter GoogleOne, Goolge’s answer to iCloud, which provides similar backup functionality to iCloud for Androids!”

With Apple, Microsoft, and Google all following a similar trajectory of essentially forcing users onto the cloud, it’s hard to imagine anyone participating in our modern digital world while opting out of the cloud. That means legal teams can’t opt out either.

The Dark Side = Automated Data Management

As the cloud has taken over, so has something else: Automated Data Management. Rather than nagging users to go through their devices and decide what to delete, devices can just… delete stuff themselves. Users don’t mind because hey, everything’s still on the cloud, ready to be re-downloaded at a moment’s notice if the user so desires. We love that we don’t have to remember to back our devices up, and we love not having to make tough choices about which of our 1,392 dog pictures is cute enough to earn our precious local storage.

As a new automatic cloud backup is created, old ones are overridden. That makes it harder for forensics practitioners to hash out what was done by humans and what was done by machines.

“The algorithms are more efficient in finding stuff to override,” Whitehead says, pointing out that forensics teams often can only access the most recent backup, but not earlier backups. That makes it harder to pinpoint when exactly a particular piece of data was deleted, and what motive a user might’ve had for that deletion.

“Generally we want to attribute an action to a human, i.e. they deleted this data to obscure the investigation,” says Whitehead. “With automated management, data is routinely deleted by the system during normal use. This process is fairly rapid, and the more someone uses their phone, the faster these deletions happen.”

In other words, not only does automated data management make it harder to find that proverbial needle in a haystack, it means that failing to find a needle doesn’t necessarily implicate anyone the way it would if ALL data deletions were human choices.

So What Does All This Mean For Me?

In short, that you must act fast. One of the biggest challenges of our new cloud-based digital ecosphere is that it essentially turns our data into ticking time bombs. At a physical crime scene, you have to dust for prints before the maid comes. Otherwise, the case goes cold. Well, automated data management features mean now we have digital maids that routinely come in and clean up our data. If we want that data, we have to collect it before it’s gone.

Remember those 64.2 zettabytes from 2020? That same study also reports that just 2% of the data produced and consumed in 2020 was saved and retained into 2021. If you do think there’s valuable information out there, you can’t just assume it’ll be there forever.

The good news is that most of these automated features can be disabled, and a good litigation hold protocol will ask parties to do just that. By looping in forensics staff early on in an investigation, you can make sure that all IT teams at all relevant organizations have disabled any automated deletion features that could sabotage your investigation downstream.

The Festivus Airing of Grievances: eDiscovery ALSP edition

“I’ve got a lot of problems with you people and now, you’re gonna hear about it!”

So said Frank Constanza in an episode of the NBC sitcom, Seinfeld. Over the last couple decades since this famous episode, wherein Frank revives the holiday he invented called “Festivus,” we can’t help but think maybe Frank was onto something.

Sure, the Festivus “airing of grievances” isn’t quite as cheerful as hanging up stockings or drinking eggnog, but sometimes it needs to be done. This is particularly true in the field of eDiscovery and Alternative Legal Service Providers (ALSPs).

Over the last decade, eDiscovery has been through a period of rapid growth. As more and more savvy entrepreneurs see the profit potential of the industry, the more we see clients that have been burned by other service providers who cared more about their bottom line than their clients.

We have a bone to pick with those companies. There’s absolutely no reason why making money has to come at the cost of the clients, and we don’t want attorneys thinking they should just accept it.

Grievance #1: Not billing based on actual time.

Some service providers bill based on how much they anticipate a job should take rather than long a job actually took. You might even think “gee, that’s nice! I don’t have to pay extra when my vendor takes more time than a task should take.”

The flip side of this is that if your service provider estimates a job should take 3 hours but it only takes 30 minutes, they’re pocketing the rest. The client is quite literally paying for hours of labor that never actually happened. Therein lies our grievance. If the party that’s in charge of deciding how long a job “should” take also stands to profit from overestimating, that’s not exactly a system of checks and balances.

Another issue here is the increments of time vendors use. Some won’t break down their billables into anything smaller than an hour, meaning that tasks taking 31 minutes are sometimes billed as a full hour. Do that enough times over a large complex matter, and it adds up to a huge sum of money that once again, is for work that never really happened. For this reason, Contact bills in 15-minute increments to ensure the time our clients pay for lines up with the time the job actually took.

Do the work. Be honest with your clients about how long that work took and bill accordingly. Is that so hard?

Grievance #2: Overcollection

Collecting all the data under the sun is a great way for vendors to pad their check. So much so that they sometimes go ahead and do this even when there’s a miniscule chance that all the extra data will help their client’s case.

In eDiscovery, the amount of data that makes it through each stage of the EDRM affects how much money the client spends on the next step. If your vendor collects a lot of data, then your vendor can charge more for hosting and processing; if the vendor doesn’t narrow down THAT population of data, you continue to spend even more on review. Because collection is one of the earlier steps in the process, there’s huge profit potential for unscrupulous vendors who collect unnecessary data and move it further downstream even when the client will likely never see any ROI.  

For example, does it really make sense to collect a custodian’s iPhone AND their iPad when the devices likely hold similar information that can also be collected remotely from an iCloud backup? Some vendors might know darn well that the majority of what they collect will be redundant, yet they’ll still charge a client to do the collection and bill them for the hours it took to dedupe everything.

Like any other aspect of a legal case, the collection approach is going to vary. Sometimes it does just make sense to collect a lot of data; however, a good vendor with a strong forensics department will weigh the costs and potential rewards of collecting different sources and build a cost-effective strategy. They may even be able to steer you towards data sources you didn’t think of collecting that are more likely to hold relevant information you’re looking for, allowing you to reduce the total amount of data you collect.

Grievance #3: Collecting/elevating bulky files for no real reason

Oftentimes, service providers charge their clients on a per-GB basis. Naturally, some file formats are going to take more GB than others. Photos take more data than text files; audio files take more data than photos; video files take more than audio; there are also many other industry-specific file formats that fall outside the realm of pdfs and jpegs.

As mentioned above, every case is different and sometimes bulky files (i.e. expensive to host and process) just come with the territory. However, bulky files also provide a convenient way for money-grubbing ALSPs to charge clients more without providing more value.

Sometimes those files hold irrelevant information that could be eliminated from the data population. Other times, the same information can be converted to smaller file sizes that would save the client money, but the service provider chooses not to because they care more about a short-term profit than building a long-term relationship with their client.

Grievance #4: Not caring enough about their cases’ outcomes

Attorneys need to create positive outcomes for their clients. Sure, no attorney can feasibly deliver the outcomes that clients want 100% of the time, but they need a high-enough success rate to build and maintain a good reputation and keep their business alive.

This isn’t necessarily true for eDiscovery vendors. For many ALSPs, the outcomes of cases don’t affect the bottom line as much as you might think they would. Assuming a company handles data in a timely manner without any spoliation issues, they can still make a pretty good buck and keep their reputation alive, even with a “losing record” in terms of those actual cases. Too many service providers are content to keep chugging along with this profitable, but lazy model.

Some are content to only return documents that match up with the specified keywords, even if there are others that might help win the case. ALSPs can play defense too. If they turn up documents that undermine their attorney’s current strategy, they can warn the attorney about that vulnerability while there’s still enough time to adapt. The best ALSPs can even help future matters run more smoothly.

 OR they could do none of this and just say “welp, we did our job, here’s your invoice.”

As an ALSP, your client gets paid to win. Ergo, if your services aren’t helping them win, how helpful are you?

What are your legal tech “grievances” this year? Let us know in the comments!

Kyle Rittenhouse Trial Highlights Importance of Technology Expert Witnesses

Earlier this week, a jury heard closing arguments in the trial of Kyle Rittenhouse. Rittenhouse rose to national prominence in August 2020 after allegedly shooting three people at a Wisconsin protest, two of whom died, the third injured. Now, he stands trial for those alleged crimes.

One unexpected curveball: whether or not the prosecution should be allowed to use an iPad to zoom in on footage that allegedly shows Rittenhouse at the scene of the crime. The defense argued that when one uses the pinch-to-zoom feature available on Apple devices, it alters the footage:

“It uses artificial intelligence, or their logarithms, to create what they believe is happening,” said defense attorney Mark Richards. “So this isn’t actually enhanced video, this is Apple’s iPad programming creating what it thinks is there, not what necessarily is there.”

NOTE: Many publications that have published this quote allege that the defense meant “algorithms” rather than “logarithms.”

Prosecution insisted such alterations don’t happen, and that zooming is no different than putting a magnifying glass over a printed photograph. Judge Bruce Schroeder initially said the prosecution would have to bring in an expert to confirm this, otherwise they’d have to use the raw footage taken from a wider angle.

James Whitehead is the Associate Director of Digital Forensics at Contact Discovery and has served as a digital forensics expert witness on forensic issues.

“I think as we see AI evolve, a new breed of validation questions may arise as the computer begins to generate life like images of events and people that do not exist,” says James Whitehead, Contact Discovery’s Associate Director of Digital Forensics, who has testified as an expert witness in other trials. “There’s an entire industry of applications… that leverage or skew the underlying digital photography [so we can] create panda face versions of ourselves.”

While the panda face apps might be an extreme example, Whitehead was also quick to clarify that the fact these apps exist doesn’t automatically mean the raw data is unreliable.

 “These apps function because the underlying digital image is trustworthy as is the underlying technology,” he said. It’s perhaps paradoxical that as technology gets better, it almost becomes harder for people to trust it.

In court, Judge Schroeder admitted to not having a very good understanding of technology. “I know less than anyone in the room here I’m sure about all this stuff,” he said.

It’s easy for people who live and breathe tech to think that pinch-to-zoom is a standard feature that everyone is familiar with, but then… should that matter? How often laypeople use certain technology isn’t necessarily a good standard for whether or not that technology should be admissible in court.

If a judge knows they don’t understand a topic as Schroeder admits he doesn’t understand pinch-to-zoom technology, it does make some sense to err on the side of caution. Once a jury has seen evidence, the judge can’t change that if they later learn that evidence was unreliable. When judges know they’re out of their depth, deferring to experts before they make a call is quite reasonable.

“The fact finders are a diverse group of individuals,” says Whitehead.  “We must remember that education of the fact finder isn’t a factor to be lightly regarded. The rules of evidence have evolved over the years as has the evidence. It’s still good practice to explain what you are leveraging and why it matters. If evidence or story is technical in nature, [it’s best to] have an expert on standby who can assist with the explanations.”

At the end of the day, criminal trials aren’t about what the Twitterverse thinks; they’re about what judges and juries think. Whether or not the prosecution should need an expert to confirm the validity of pinch-to-zoom footage is beside the point if a judge says they do.

Later in the trial, Judge Schroeder had a change of heart and said the jury could consider the enlarged footage, however he wasn’t shy about expressing his skepticism for it.

 “You’re basing this extremely important segment of the evidence on something that I’m really queasy about,” Schroeder said. “I’m not going to give an instruction on it, but I’ve made my record on the high risk that I think it presents for the case.”

So what can other legal teams learn from this ruling?

For one, that just because technology seems commonplace, that doesn’t mean a judge will understand the ins and outs of the technology well enough to confidently make a ruling on its admissibility. Whitehead says people might be surprised at how often judges expect expert testimony for technology end-users might consider commonplace.

“Technology is wasted on the young, like naps and kindergarten,” he said. “Judges are often removed from the [supposedly] commonplace setting for which our matter may hinge.”

Be ready to defend any part of your case involving technology, and yes, that may even mean expert testimony when you don’t agree expert testimony is needed. In this case, Schroeder initially put the burden of proof on the party that presents that evidence, not the party trying to disqualify evidence. Could that open the door for other teams to cast doubt on opposition’s evidence even if they don’t have their own experts? After this tech debate in such a highly publicized trial, some attorneys that would’ve otherwise thought they can’t get evidence thrown out might try anyway. Even if evidence is ultimately admitted, a drawn out debate about its reliability could still shape jurors’ perceptions of that evidence. Having expert testimony at the ready can potentially prevent such a debate.

Another thing most legal teams know, but this case reinforces: don’t be overly reliant on one “smoking gun” if you can help it. Perhaps the prosecution will be able to get a conviction based on evidence besides their pinch-to-zoom footage. Only time will tell. The one constant of the legal world is that as much as we try to predict it, it remains unpredictable. You never know which evidence could be disqualified, so finding multiple “smoking guns” makes for a stronger case.

How Custom Software Helps Everyone (Even People Who Don’t Need Custom Software!)

“Custom” can be a scary word in legal tech.

It sounds expensive.

It sounds hard to implement.

It sounds like there will be longer turnaround times compared to ready-made solutions.

It sounds untested, and unproven. (We all know how much lawyers love unnecessary risk!)

It sounds that way because well… a lot of times it’s true.

For these reasons, it’s understandable that a lot of people shopping for legal technology just don’t want anything “custom.” There’s peace of mind in knowing that other people are already using the same solution and getting great results.

At Contact, we tout our custom software development capabilities a lot, but we still understand and sympathize with this line of thinking. Unfortunately, it often leads to another line of thinking that can be dangerous:

“I don’t need custom software development, so it doesn’t matter if my vendor can do it or not.”

Sure, there are definitely service providers who can do great work without building custom software. Buyers also need to be wary of vendors of the other end of the spectrum. That is, the service provider who’s constantly trying to sell custom solutions to people who don’t need them.

However, we truly believe in our heart of hearts that our ability to build custom software benefits all our clients… even the ones who have no interest in having us build custom software. Here’s why.

Open Communication Between Specialties = More Knowledgeable Team

The eDiscovery industry is dependent on many different professionals, but a lot of them fall into one of two broad categories. In one group, we have developers who build new technology that moves the industry forward. In the other, we have project managers and ops professionals who work on real cases with real teams every day. They have enough working knowledge to get the job done, but not necessarily the skillset it takes to reinvent how work gets done.

The best service providers create a harmonious relationship between these two groups. Some have software development staff internally. Others have trusted vendors that can that do development work as needed and good communication between those vendors and their internal project managers. This symbiotic relationship means technological advances are informed by practical knowledge of real-world challenges. It also means end users aren’t limited to commonplace solutions that might not be the right fit.

On the flip side, if there are too many degrees of separation between developers and the end-users, it’s easy for things to get lost in translation. Sometimes well-meaning developers reinvent a wheel that was working just fine while neglecting bigger pain points.

Even if your vendor isn’t doing any kind of custom build for you, project managers that are dipping a toe into development world semi-regularly often prove more helpful than those who aren’t. They understand what’s “on the menu” when it comes to technology, and tend to be good at communicating it to less tech-savvy personnel. They usually can troubleshoot issues faster, and if they can’t then the people who can are just a short phone call away.

A Company That’s Customizing Regularly Is Learning Things That Others Aren’t.

Believe it or not, you are not your vendor’s only client (mind blowing, isn’t it?) However, this can be a feature, not a bug. Every time your vendor solves a problem for someone else, they’re in a better position to solve a similar problem for you. That can be an enticing prospect for any client that’s scared to be the guinea pig for a new piece of technology. 

The kinds of problems that your vendor solves for their other clients inevitably affect the way they’ll approach yours. If most of your vendor’s other matters can be serviced with old standby methods and technology, they’ll probably be more likely to apply those same tried-and-true solutions to your matters.

That’s not necessarily bad. As the old adage goes, if it ain’t broke, don’t fix it. However, there’s a difference between choosing more traditional techniques because you’ve made an informed decision that they’re your best option, and choosing them because your vendor doesn’t have a very big comfort zone. Too often, the vendors that are clinging to obsolete methods aren’t choosing that path because they’re simply bad service providers; instead, it’s because their client base isn’t challenging that vendor to take on newer obstacles that require updated solutions.

If you want to work with someone who has lots of experience tackling large, intricate, uniquely challenging matters, ask yourself where clients are likely to take those kinds of matters. Odds are they’re going somewhere that has software development on the menu. Even if your case doesn’t fit that bill, teams that are working on those kinds of projects are learning things they can apply to more “by-the-book” matters.  

We like to think we have the best staff in the business, but as knowledgeable as they are they still learn new things with every new project. The more outside-the-box that matter is, the more they learn. The more they learn, the better equipped they are to deal with the next client who brings us a similar challenge.

Custom Doesn’t Always Mean What You Think It Means

Customization isn’t a binary so much as a spectrum. The question at hand should never be “do I need custom software?” so much as “to what extent does my software need to be customized?”

On one extreme you have fully pre-made. This is more like a pre-made sandwich you get from the grab-n-go section of a convenience store. Taking ingredients away or adding other ones isn’t really an option. On the plus side, your sandwich is already made, no wait times.

On the next wrung of the customization ladder, let’s imagine a sandwich shop that has a set menu, but still makes their sandwiches to order. It’s relatively easy to say “hey can you hold the tomato?” or “can you swap that swiss cheese for cheddar?” However, you’re still mostly bound to the menu as written. There’s only so many modifications you can make to your chosen menu item before it just isn’t that practical anymore.

On the next step in line, you have the assembly-line sandwich place. It’s relatively painless to go down the line and specify what ingredients you want and which ones you don’t. That’s a much better experience than saying you want X menu item and then listing 10 different modifications you want to make. However, you’re still limited to the ingredients that shop has on hand.

Finally, you have the most customizable option of all: making your own sandwich at home. You get to use your favorite ingredients that you purchased from whatever store you like. However, it’s more time and effort on your part. Sometimes you’re in a rush and you just want the convenience of someone else making a sandwich for you.

eDiscovery works in a similar way. Sometimes “custom” means building something new from the ground up. It can also mean making relatively minor tweaks to an existing product. Think of a program like Excel. It can work magic if configured the right way for the purpose at hand, but that configuration might not be immediately obvious to a novice user. Such is the case with the most advanced eDiscovery platforms. 

 In our experience, clients are often pleasantly surprised by how far they can get with a little bit of customization to solutions they already have. Sometimes clients that think they need to invest in new tech learn that they don’t have to. On the other side of things, clients that were initially intimidated by the idea of a “custom solution” learn that it doesn’t have to be as cumbersome of a process as they feared.

When you hire a company that is used to customizing on a regular basis, they’ll understand these nuances. They might be able to present slight adaptations to current workflows that are much more workable than the big scary “Custom Solution” you were trying to avoid.

Even if your matter doesn’t require custom software development (and many don’t), it’s a good option to have in your back pocket in case things ever change. Perhaps even more importantly, the teams that are capable of custom software development can take a more holistic approach to any challenge. That’s good for everyone.

How eDiscovery ALSPs Can Build a Better Future for Clients

For better or worse, eDiscovery ALSPs are playing an increasingly important role in complex litigations. That means the choice of who you pick for an eDiscovery vendor is becoming increasingly important too.

On paper, most vendors are essentially the same. They’re all offering to do the same work. Oftentimes price is the main thing differentiating Litigation Depot from Discovery Warehouse. That makes choosing harder, yet it’s still too important a decision to take lightly.

Since oftentimes the question of “can this vendor do the work I need done?” ends up as a draw, it’s important to look at other factors as well. One of the questions we like to raise at Contact is “how will this vendor’s work leave me better off than I was before?”

The way eDiscovery ALSPs approach their work can affect the way legal teams approach matters in the future. Yes, even matters where that client doesn’t re-hire the same service provider. Today, we wanted to give a general overview of the things that future-oriented service providers do differently compared to those that are only focused on one specific matter.

1. Spot vulnerabilities

Every case is different. That means the kind of data that is relevant can vary from case to case. Most vendors will rightfully start by looking for information that is relevant for the case they were actually hired for.

But… what about all those other cases that may or may not have happened yet? A vendor that is too laser-focused on the matter at hand might miss vulnerabilities that could be exploited later. Oftentimes, if you’re going through large chunks of data for one particular matter anyway, it’s more efficient to look for other potential vulnerabilities while you’re at it vs. two totally separate searches for two totally separate matters.

2. Establishing deletion & retention policies

One of the most important pieces of any information governance program is a consistent policy for deletion and retention. If your team does spot vulnerabilities, what do you do next? Deleting data that might be needed later could have disastrous consequences. Retaining literally everything could make future matters just as difficult to manage as this one, if not worse. It can also lead to privacy concerns and potential issues of non-compliance as more and more jurisdictions pass personal data protection laws.

A good eDiscovery service provider can help you make those calls, and give you the insight you need to keep making them later. By helping you delete the things you can, you’re better able to organize the data you do have to retain. Sometimes, the right deletion policies can even prevent future litigations from happening in the first place. 

3. Make data more accessible to the people who need it

One of the reasons legal teams might choose to a hire a vendor in the first place is because they simply don’t have access to the data. This is especially true in cases with a large forensics component, where deleted data needs to be recovered. The nice thing about such a case is once that data is made reviewable once, it doesn’t need to be made reviewable again (at least if you’re doing it right!)

Another challenge can be clients who are overly reliant on outside counsel or other eDiscovery vendors to handle their data. The data exists, but the client wouldn’t know where to find it. Some of the more unscrupulous vendors of eDiscovery like it that way. However, a future-oriented vendor will work to make sure the right people can access their data and easily find the data they actually want while still accounting for all the necessary privacy and security challenges.

4. Standardize workflows

Complex litigation can be overwhelming. Quite frankly, it’s usually still pretty overwhelming even when you do have a good vendor at your side. However, knowing there’s a standard operating procedure whenever major litigation comes up can make a world of difference.

While it is true that every case is different, it’s also true that a few basic fundamentals of discovery rarely, if ever change. Knowing where to start and who’s responsible for what can go a long way.

By having data that’s well organized and accessible to the right parties, it’s much easier to hit the ground running when a litigation comes up. You can quickly and easily check to see if any of the relevant data from prior cases is going to be relevant this time around; you might have a list of places to check for ESI that isn’t immediately accessible; perhaps a shortlist of what vendors to call for what type of work.

This means that your organization can maintain consistency even as employees leave and new ones come on board.

What do you wish more ALSPs would help you with future eDiscovery matters? Let us know in the comments!

What Do You Do When eDiscovery Tech Support Isn’t Enough?

There’s a pressing legal matter at hand. Deadlines are fast approaching. The last thing you want is to be stuck waiting on a response from tech support. Unfortunately, this is becoming an all-to common issue with eDiscovery platforms.  

Too often, software companies overstate the simplicity of their products. While it may be perfectly true that an end user finds a program intuitive and easy to use, that doesn’t necessarily equate to easy maintenance behind the scenes. When legal teams are too quick to buy these allegedly silver bullet solutions without anticipating that extra maintenance, it can lead to friction that slows down discovery.

Naturally, legal teams look to their tech support at whatever company made the software. Oftentimes, support staff is doing the best they can, but they can only do so much. If a software company is pouring money into sales and marketing efforts, but not scaling IT support at a fast enough pace to accommodate those extra users, it usually leads to frustration all around. As more and more venture capital flows into eDiscovery from people who don’t actually have any real experience in discovery, that industry-wide growing pain is unlikely to go away anytime soon.

eDiscovery vendors have an important role to play here. By bridging the gap between end users and software companies, service providers can help alleviate some of the strain on tech support, making it more helpful to those who do need it. Meanwhile, legal teams can increase the functionality of their existing software, solving their problems for (usually) far less money than investing in new software.

But why isn’t this program as easy to use as the salesperson said it would be?

Different people mean different things when they say “easy.” A lot of the latest eDiscovery solutions are far more intuitive than ever before, which is great! That tends to be what most companies will focus on in their sales and marketing efforts.

However, ease of use doesn’t automatically translate to ease of maintenance.

For example, my brother and I own two different cars, specifically a 2007 Honda Accord (me)  and a special edition Toyota 86 (my brother). My brother’s car handles really well. He can make tight turns at high speeds in a way I can’t. He can accelerate faster. The driving experience is all-around better in his car than mine (presuming you can drive a stick shift of course).

There’s a flip side to this. My brother has to put premium gas in his car; mine takes unleaded. It’s easier for me to find mechanics who keep the parts my car needs in stock. If my brother has an issue, it’s more likely that his mechanic would have to special order the part he needs, thus keeping his car in the shop longer. So while the “user experience” in his car is better, my car is easier and cheaper to maintain. Sometimes ease of use and ease of maintenance coexist, sometimes they don’t. It’s just important to recognize that they’re not the same thing, and one does not necessitate the other.

eDiscovery is an ever-changing field, which means many software programs require regular updates. The more intricate the software is, the more intricate those updates are likely to be, and they can take a while to install. How do you get them done while still making sure a discovery environment is ready to go when reviewers need it? In some cases, the Contact team will run patches at midnight, if that’s what it takes to avoid disruptions to our clients’ regular workflows. By providing crucial, ongoing support to a discovery environment, service providers can step in and offer ease of maintenance to compliment the software’s ease of use.

Why would I need an eDiscovery vendor if I can do most discovery in-house?

We’ve found that technical maintenance of eDiscovery environments can still be a common stumbling block, even for organizations that are fairly capable of handling most other aspects of discovery. That makes sense if you think about it. Plenty of people can drive a car, but don’t know how to change their own oil.

One of the misconceptions such organizations have about “service providers” is that you only need them if you plan on significant outsourcing. A firm that has their own software license and qualified project managers doesn’t need to spend money on costly vendors unless there’s an abnormally large sum of data at hand.

However, retaining a vendor to manage a discovery environment can be far less expensive than paying a vendor to actually do your discovery work for you. It’s similar to how owning your own car still requires you to pay for gas and upkeep, but you’re not going to spend as much as you would if you took a taxi every time you had to go somewhere.

Most lawyers already know that paying for litigation costs far more than the hours it would take to review contracts and close loopholes before they’re exploited; discovery software maintenance works the same way. It’s more economical to stay on top of updates and patches than it is to put out fires as they happen.

“Tech support can be great for solving one particular problem in the here and now,” says Zack Schanz, Director of Project Management at Contact Discovery Services. “It’s not really built to maintain your environment and prevent problems before they happen. They also don’t have the same knowledge of a client’s environment that we do because we’re in that environment every day.”

“You get a lot of brains for the price of one,” says Scott Keeble, Director of eDiscovery Operations at Contact Discovery. “We have more regular communication between our team members compared to an average tech support line, where maybe Joe is handling this ticket but has no direct communication with Jane who handled your last ticket, just a brief summary in the report. We’re able to quickly reach out to each other and say ‘hey, what did you do last time?’ and get to solutions quicker.”

“Can’t I just have my regular IT team take care of this for me?”

Well, it depends. Yes, technically any IT department could learn to manage an advanced eDiscovery software environment. However, they’re also managing other IT functions too. Your company’s email system; the billing and accounting software; the contract management platform; any other databases your organization needs to function properly; the underlying hosting and internet that all those other things rely on to work.

All of those things need routine updates; All of those things can be potential sources of data breaches if you’re not on top of maintenance. All of those things can become slow and dysfunctional if they’re not supported by the right infrastructure. A good IT team can juggle all those programs and keep technology running smoothly for everyone else.

However, there’s a misconception among non-IT people that once you “work in IT” it’s easy to simply add more programs to your plate. The truth is IT is just like any other job: the longer your list of responsibilities gets, the harder it can be to do all of them well.

We recommend consulting your IT department before any major commitment to a new discovery platform (or any software solution for that matter). They’ll know what they can and can’t handle, what resources they might need for implementation, and they’ll be able to better predict how steep the learning curve will be.

If your internal IT people are already spread pretty thin, a vendor can help. A team of dedicated discovery professionals that are focused on your review software frees up your regular IT department to stay on top of all their other responsibilities. Plus, they can apply their discovery experience with other clients to your technology in a way more generalized IT personnel can’t.

Still Have Questions About How Service Providers Can Keep Your Discovery Programs Up and Running? We’re all ears.

6 Document Review Metrics Every Lawyer Should Know

Document review can oftentimes be one of the most cumbersome parts of discovery. Separating the relevant from the irrelevant in a timely manner not only requires humans with specialized legal expertise, but someone at the helm who can keep track of it all. Whether you’re managing review internally or paying for outside managed review services, there are certain numbers regarding a matter’s progress that the attorney in charge should know at any given time.

1. How many documents do I have?

Yes, this seems pretty obvious but it’s still worth mentioning. The total number of documents in discovery is the metric that all other metrics are measured by. Oftentimes, countless other decisions stem from this number. How much will discovery cost? Should I settle because discovery is too expensive? How many reviewers need to be on this project to meet our deadline? There’s plenty of other variables that come into such equations, but there’s virtually no decision where the total number of documents isn’t part of that equation.

2. How many dupes do I have?

As important as the total number of documents is, it can’t be the only number you look at. That’s largely because it can sometimes be misleading thanks to dupes and near dupes.

A near-dupe dashboard within Contact Discovery’s Vu™ solution

Imagine we collect the phones belonging to both Jack and Jill. If Jack and Jill ever had correspondence with each other, then it’s likely those same threads exist on both devices. It’s a waste of resources to make reviewers read that twice.

Luckily, most eDiscovery platforms have gotten pretty good at recognizing dupes. In some cases, de-duping can make your pile of documents significantly smaller than what you initially thought. Since so many other strategic decisions will hinge on how costly review could be, you need to know this dupe number to have an accurate read on the scope of review.

3. What kinds of documents do I have?

Long gone are the days where discovery strategies were limited to emails and their attachments. Well at least, long gone are the days when good discovery strategies were limited to emails and their attachments.

Nowadays, “documents” can take the form of emails, text messages, Slack threads, and more. Those different communication channels can each pose different review challenges that hinder review progress if you’re unprepared.

For example, reviewing text messages can involve spreadsheets where iChat, SMS, and MMS are broken into different pages, and any attached images are another page. Reviewing communication this way without mobile-specific solutions to help can be significantly more time-consuming than reviewing the exact same conversation in email form.

Now, imagine 60% of your documents that need reviewing are text messages, but you’ve budgeted your time and money as though they were emails. This will cause major problems downstream when review progress isn’t happening at the pace you expected, and perhaps you need to hire a lot of extra reviewers at the last minute to meet your deadline. Your client is mad because the case is costing more than they initially thought. This could’ve been prevented if you’d known what kinds of data you had at the onset and how long it generally takes to review different data types.

4. How many documents are in other languages?

Documents in foreign languages are another curveball that can trip up large review projects. It’s hard enough to find attorneys with the right legal experience to be helpful to your case, but finding that attorney who’s also fluent in another language often proves even more difficult. Any precious time you spend tracking down qualified reviewers is time you could’ve spent reviewing documents.

Maybe non-English documents only make up a tiny portion of your total data, in which case you only need 1-2 reviewers who speak that other language, and the rest of your review team can review the English documents as usual. In other cases, you might need a team composed almost entirely of bilingual attorneys.

It’s also highly dependent on what languages you need your team to know. Reviewers fluent in Spanish are probably going to be easier to find than reviewers fluent in Bulgarian. Either way, the sooner you figure out that you have documents in other languages, the better you can plan for that added challenge and manage your client’s expectations.

5. How many documents still need to be reviewed?

This is another one that might seem obvious, but it’s not necessarily important for the reasons you might think. “Can I get through X documents by my deadline?” is a pressing question on any lawyer’s mind, but an equally important question is “do I have enough information to make good decisions about what to do next?”

The Master Summary screen within Contact Discovery’s Vu™ solution

Ultimately, the reason we do discovery in the first place is so that lawyers and their clients can reach a positive outcome. What lawyers consider “positive” can vary widely depending on the truth that lies in those discovery documents. Sometimes there’s enough exonerating evidence to win a trial; other times, there’s enough incriminating data that a “positive outcome” is a favorable settlement.

If your team has only gotten through 10% of their documents, it’s probably not wise to make any major decision regarding the case. You just don’t have enough information yet to make a good decision, and you don’t want to close yourself off to other potential strategies that might become evident later.

If you’ve gotten through 80% of the documents, you still don’t have ALL the information, but you might have enough to be a little more strategic about how you approach that last 20%. What other information would be helpful to the case? Can you make educated guesses about which documents might hold that information?

Knowing how many documents still need to be reviewed is a lot bigger than just “Am I on track to meet a deadline?” It’s a number that tells you whether it makes more sense to start building a specific case strategy, or more sense to hang tight and wait for more information before you commit to a strategy.

6. How fast are reviewers getting through documents?

Most lawyers already want to know how many documents are still in review. What not as many lawyers worry about is the pace of specific reviewers. 

It’s important to know the current pace of progress, but it’s also important to know if you should just accept that pace or if other changes could accelerate things. Knowing how many documents one reviewer is getting through on a given day is a massive help for gauging whether or not progress could be happening faster.

There’s all sorts of reasons why Reviewer A might get through 20 documents a day, and Reviewer B might get through 10 documents a day. Maybe one reviewer is dealing with longer documents or that time-consuming mobile data we mentioned above. In that case, there might not be much to change that, your data is what it is.

Maybe Reviewer A is more familiar with the review platform you’re using, and an hour or two of extra training for Reviewer B would have them reviewing their docs just as quickly. Maybe you’ll see that reviewers are doing the best they can, but they’re still not working at a fast enough pace to meet your deadline and you’ll need to expand the review team to make it. It’s hard to glean these kinds of insights if all your vendor is giving you is one collective “documents left to review” number.


Knowing the numbers behind document review affects your ability to make good decisions quickly. Contact Discovery’s solution, Vu™, is designed to put these metrics back in the hands of the attorneys who need them most. You can schedule a demo to learn more.

3 Questions to Help You Get the Most Out of Your eDiscovery Vendor

Like it or not, legal tech vendors are often a necessary part of complex matters. There are different ways to go about engaging a vendor, and some approaches can prove more helpful than others. While it’s easy to get swept up in a major litigation or investigation, we like to think that in-depth conversations with vendors are never a waste of time. At least, it’s not if you’re doing them right.

There are certain topics you may have never thought to bring up with your vendor before, but you might be pleasantly surprised where you end up if only you ask the right questions. In that spirit, we’re spotlighting three questions that will help you get more out of your vendor partnerships and why we think they’re important.

1. How Have You Handled Similar Matters for Other Clients?

It’s common for clients to enter into a vendor contract with certain expectations. One of the issues with this is that a client’s idea of what a vendor should do is oftentimes heavily based on how other vendors have handled those matters in the past. That begs the question… If you were satisfied with how that other vendor did things before, why did you seek out a new vendor for this matter?

Asking your vendor “How have you handled similar matters for other clients?” is a great way to signal that you’re open to other solutions beyond the predictable ones you’re used to. A vendor rightfully won’t reveal any identifying details about those other clients, but they can usually give you a general gist of other options on the table. It also mitigates risk if you know they’ve actually implemented the proposed solution before.

Try not to approach vendors with a preconceived notion of how they should handle your project. Instead, describe the project and your goals in as much detail as possible, and ask them what they think makes the most sense. If they’re worth their salt, you’ll probably find their perspective valuable regardless of whether or not you go with their exact plan.

2. Can You Present Several Approaches to This Matter That Would Still Work?

Oftentimes, there’s no “right answer” in eDiscovery. Good vendors can offer several different plans with different pros and cons and then leave the choice up to you. Maybe Strategy 1 is a prudent strategy that conserves budget while maximizing efficiency and Strategy 2 requires a higher investment but would provide for a more thorough approach.

Sometimes vendors will pitch a discovery plan not because they think it’s the best strategy, but because they think it’s the strategy their client wants to hear. Asking for multiple plans can give your vendor the freedom to strut their stuff and come up with a more innovative,  unconventional approach without the fear of losing a more conservative client. If you let them pitch you the “safe” strategy as well as the unexpected-but-potentially-better strategy, you negate that risk for them. The ultimate choice will still be up to you.

It can also reveal a LOT about a vendor if they’re unable to come up with more than one way to approach a problem. When vendors are consistently looking to their clients for guidance, or trying to fit square peg clients into the same round holes, it calls into the question whether they’re truly “experts” in eDiscovery. On the other hand, a vendor who can give you several possible approaches probably knows how to think creatively about your case, and will be able to quickly adapt to your needs should you decide to switch up your strategy later.

3. How Will Your Plan Help Me With Future Matters?

Truly great discovery work doesn’t just leave you with a positive outcome in this specific case. It also helps you win future cases. When you know which information is most relevant and it’s stored in places where the right people can easily recall it, you don’t have to devote as many resources to discovery if a similar case comes up again.

Some vendors are content to just process your data, give it back to you, then move on to the next client. That’s not exactly wrong, they’ve done everything they agreed to do for you; however, they could’ve done even more and established a plan for the future if only you’d asked.

Some data might not be relevant for the case at hand, but might be helpful in the future. If a vendor knows that planning for future matters is a priority, they can point stuff like that out. You can keep it in a safe place in case anyone tries to bring another suit against you later. Maybe your team can look for potential vulnerabilities and recommend you close them before anyone gets the chance to litigate. All of it begins with you telling your vendor that you want a proactive approach.

What questions do you think case teams should ask their vendors? Let us know in the comments!