Digital Forensic Preservation vs. Collection: A Practical Guide

Forensic preservation and collection are crucial steps in any investigation or litigation. The choices legal teams make in these early stages not only determine what kind of a legal strategy they could put together, but also how burdensome it is to put that strategy together, and what kinds of audibles they can call downstream if that’s necessary.  

Collection Does Not Equal Preservation

So what exactly do “data collection” and “data preservation” mean and why is it important to keep the ideas separate?
Well..  
Forensic preservation = making sure data remains intact in case it’s needed.
 
Forensic collection = taking data into custody for actual investigation.  

Think of your data population as a grocery store. It doesn’t make sense to buy the entire grocery store to make one dish because maybe you might need those ingredients. It makes far more sense to read your recipe, make a shopping list of ingredients you’ll need, and only buy the ones required.

When you collect every potentially relevant piece of data, you’re effectively buying the whole grocery store. This is usually going to end up being needlessly expensive, and make other processes downstream needlessly burdensome. By preserving data, you keep the grocery store intact and can always go shopping again if your first collection doesn’t pan out the way you want. In some cases, data preservation could be as simple as checking a few boxes on the backend of Microsoft 365. This distinction allows legal teams to benefit from more economical, tailored forensics techniques without leaving important evidence on the table. Preserving data means that you’ll have the option to make a Plan B (or C or D or E!) without the added, costly burden of collecting everything.

So Why Is Forensic Data Preservation Necessary? Isn’t Data Stored Anyway?

For a long time, conventional wisdom was that anything you write on the internet is there forever, but that’s not as true as it once was. Now, most of the technology we use in our day-to-day lives is cloud based, and people are generating so much new data that old data has to go somewhere. Automated deletion has become par for the course in most organizations.

Luckily, data preservation is not always that complicated. It could be as simple as disabling some of those automated deletion functions, and even simple preservation practices can still have a profound impact. More and more organizations are realizing the importance of such strategic data retention. By automating the deletion of redundant or obsolete data, organizations save on data storage, while still ensuring that important data remains available if further investigation is necessary. Forensics technicians can advise you on such policies, and how to organize the data you want to keep.  

When investigations do happen, these data preservation measures can help things run more smoothly, and can set you up to make contingency plans if need be. If it comes out later that crucial data could’ve been preserved but wasn’t, you could face adverse consequences such as sanctions. In a recent antitrust litigation, Google was sanctioned after courts determined a failure to preserve important information.

The important thing here is not to neglect data preservation because you’re assuming data is preserved by default. A digital forensics expert can work with you and your IT team to determine what is and isn’t being preserved already, and what changes to make if any are warranted.

So How Do I Determine What Data To Collect?

Once we let go of the idea that every potentially relevant piece of data needs to be collected as long as it’s preserved, that begs another question: what DO we collect?

Well… it depends.

What are you actually hoping to find during your investigation? Knowing that can guide your forensics team in the right direction. While it’s understandable to want all the information before you’re too committed to a strategy, James Whitehead, Associate Director of Digital Forensics at Contact Discovery, says that’s not always the best order of operations.

“As digital forensics experts, we often bring the most value when legal teams have some idea of what information they’d like to find, and where that information is most likely to live,” James says. “We can control costs and save time if we’re able to narrowly tailor our forensics approach to what’s most likely to prove helpful.”  

Oftentimes, that reluctance to have a more targeted approach stems from a fear of leaving important data behind. By making sure you’re preserving, you’re able to be a little more calculated with collection while still hedging your bets.  

By approaching these two related, yet different forensic processes with the appropriate strategies, legal teams can have their cake and eat it too: effective, efficient investigations without too much clutter in their dataset, while still protecting themselves against spoliation and a lack of contingency options.      

Disclaimer: This content is for general information purposes only, was not written by an attorney, and does not constitute legal advice.

Managed Review vs. Unmanaged Review: Which One’s Right For You?

Complex litigation cannot happen without some form of document review, whether that’s managed review or not. Document review cannot happen without reviewers. This raises a lot of questions that most lawyers never learned about in law school: Which reviewers do you hire? What parts of review can be trusted to technology, and what parts absolutely have to be done by humans? What work requires actual attorneys, and what work is better left to other litigation support professionals? 

There’s a myriad of considerations that go into these decisions depending on the case at hand and the capabilities of that particular legal team. One of those decisions is “who should make all the other decisions?” When legal teams are either spread too thin or simply want someone with a different realm of expertise, managed review services can be great for attorneys and their clients.

What eDiscovery Review Teams Do vs. What Lead Attorneys Do

Lawyers are good at a lot of things. They tend to be good researchers, and good at drawing connections between seemingly unconnected pieces of evidence. Unfortunately, those relevant pieces of evidence don’t just show up at a lawyer’s doorstep all wrapped up with a bow. Usually, they’re hidden somewhere in a massive pile of data.

If your legal case is a jigsaw puzzle, most lawyers could probably put that puzzle together just fine if there are relatively few pieces and they all come in the same box. Now, imagine the pieces of the puzzle that you want to make are in a box with thousands of other pieces that make up less relevant pictures. What happens when you’re not even 100% sure you have all the right pieces to make the picture you want to make? Can you find other pieces along the way that might make other helpful pictures?

It would be impossible for any one person to make their chosen puzzle in such a scenario. Instead, you need a coordinated team of people going through documents and coding them as relevant. These reviewers aren’t usually the ones making calls about big picture legal strategy, but they know what kinds of puzzle pieces to look for so that those other attorneys can actually put a picture together.

Finding the right pieces in that unruly pile is a separate skillset from actually putting the pieces together once you have them. Plenty of lawyers have great experience in both these areas, but it’s not a given, and there’s no shame in asking for outside help when you need it.

How Remote Review Services Can Help

Remote review and managed review services allow for legal teams to scale as needed in order to take on larger, review-heavy matters. Smaller teams who don’t have enough man power internally can staff up for one matter, and then scale back down afterwards.

Document review services aren’t just for when you need more reviewers, but sometimes simply different reviewers. Maybe you have documents in a foreign language that no one on your staff speaks; maybe you have a matter outside your normal realm of expertise, and need reviewers with different legal specialties.

Either way, remote review lets you take better care of your clients without having internal hires for every possible scenario that your clients might throw at you (which isn’t realistic for most law firms.)

Remote review is a great option for most law firms, but it comes with challenges of its own. Someone has to decide which reviewers are best suited for your matter. Someone has to decide how many reviewers you need to meet a deadline; those reviewers have to report to someone on a day-to-day basis, and that person needs to have an intimate understanding of the whole case, your overarching legal strategy, and whatever technology you’re using to assist human reviewers. Even after you agree on answers to all those questions, someone should be reevaluating things on a daily basis as new information comes to light. Of course, all these challenges multiply if you’re leveraging remote review for multiple cases.

So that raises a follow-up question…. Who should be that someone?

How Managed Review Can Help

In an unmanaged remote review situation, a client is still on the hook to answer questions from reviewers as they come up; the client needs to clearly communicate to reviewers what they’re looking for, and make sure all these different reviewers are taking a consistent approach to coding documents.

Unmanaged review does cost less money, but there can also be dire consequences if this point person is already spread thin and not able to give review management enough attention. What happens if an attorney gets caught up in court and can’t answer reviewers’ questions? What if they don’t notice that more reviewers are needed until it’s too late? What if they aren’t assessing progress often enough, and don’t realize a pivot in legal strategy is necessary until review is 99% done and there’s still no “smoking gun”?

This is why the biggest law firms that are dealing with complex litigation on a regular basis typically hire dedicated discovery project managers apart from their regular attorneys. They know that discovery can require near constant attention, and oftentimes it’s just not possible to give it that attention while dealing with all the other demands of being a lawyer: writing briefs, going to client meetings, court dates, etc. Such firms also know mismanaging discovery can have dramatic impacts downstream. Therefore, investing in constant vigilance at every step of the process will pay dividends later.

Managed review means you are not only temporarily hiring reviewers, but someone to manage them. Clients get to meet with one point person, describe their legal strategy and what they’re hoping to find in review. That point person turns around and handles all the other emails and meetings with the review team. Project managers can catch issues early on and bring them to the client’s attention.

How Do I Decide Which One Is Right For Me?

There’s different reasons someone might go the managed review route over unmanaged route. One might be that they simply don’t have attorneys with that discovery project management skillset. With managed review, a firm that cannot justify hiring discovery PMs internally can still have the same level of vigilance as a firm that could.

Another reason is that even if attorneys are perfectly capable of managing review themselves, their current caseload just doesn’t allow them to give it the attention it needs. By letting someone else answer more of the emails and sit in on more of the meetings, that attorney can focus on other things that a discovery PM couldn’t do, such as deposing witnesses or writing briefs.

Of course it’s going to depend on many factors specific to your case which can’t be addressed here, but generally the key factors that should shape your decision are:  

  1. Do you have discovery project managers internally? These could be either dedicated personnel or attorneys who have experience managing review.

  2. Do those people actually have enough room on their plate now to take on the responsibilities of managing this review?

If an unmanaged review situation is likely to result in either a) an attorney not having enough time to give all their matters the attention they deserve or b) review being managed by someone who’s never done it before and may not understand the intricacies of it, the managed review route is often best.

The Festivus Airing of Grievances: eDiscovery ALSP edition

“I’ve got a lot of problems with you people and now, you’re gonna hear about it!”

So said Frank Constanza in an episode of the NBC sitcom, Seinfeld. Over the last couple decades since this famous episode, wherein Frank revives the holiday he invented called “Festivus,” we can’t help but think maybe Frank was onto something.

Sure, the Festivus “airing of grievances” isn’t quite as cheerful as hanging up stockings or drinking eggnog, but sometimes it needs to be done. This is particularly true in the field of eDiscovery and Alternative Legal Service Providers (ALSPs).

Over the last decade, eDiscovery has been through a period of rapid growth. As more and more savvy entrepreneurs see the profit potential of the industry, the more we see clients that have been burned by other service providers who cared more about their bottom line than their clients.

We have a bone to pick with those companies. There’s absolutely no reason why making money has to come at the cost of the clients, and we don’t want attorneys thinking they should just accept it.

Grievance #1: Not billing based on actual time.

Some service providers bill based on how much they anticipate a job should take rather than long a job actually took. You might even think “gee, that’s nice! I don’t have to pay extra when my vendor takes more time than a task should take.”

The flip side of this is that if your service provider estimates a job should take 3 hours but it only takes 30 minutes, they’re pocketing the rest. The client is quite literally paying for hours of labor that never actually happened. Therein lies our grievance. If the party that’s in charge of deciding how long a job “should” take also stands to profit from overestimating, that’s not exactly a system of checks and balances.

Another issue here is the increments of time vendors use. Some won’t break down their billables into anything smaller than an hour, meaning that tasks taking 31 minutes are sometimes billed as a full hour. Do that enough times over a large complex matter, and it adds up to a huge sum of money that once again, is for work that never really happened. For this reason, Contact bills in 15-minute increments to ensure the time our clients pay for lines up with the time the job actually took.

Do the work. Be honest with your clients about how long that work took and bill accordingly. Is that so hard?

Grievance #2: Overcollection

Collecting all the data under the sun is a great way for vendors to pad their check. So much so that they sometimes go ahead and do this even when there’s a miniscule chance that all the extra data will help their client’s case.

In eDiscovery, the amount of data that makes it through each stage of the EDRM affects how much money the client spends on the next step. If your vendor collects a lot of data, then your vendor can charge more for hosting and processing; if the vendor doesn’t narrow down THAT population of data, you continue to spend even more on review. Because collection is one of the earlier steps in the process, there’s huge profit potential for unscrupulous vendors who collect unnecessary data and move it further downstream even when the client will likely never see any ROI.  

For example, does it really make sense to collect a custodian’s iPhone AND their iPad when the devices likely hold similar information that can also be collected remotely from an iCloud backup? Some vendors might know darn well that the majority of what they collect will be redundant, yet they’ll still charge a client to do the collection and bill them for the hours it took to dedupe everything.

Like any other aspect of a legal case, the collection approach is going to vary. Sometimes it does just make sense to collect a lot of data; however, a good vendor with a strong forensics department will weigh the costs and potential rewards of collecting different sources and build a cost-effective strategy. They may even be able to steer you towards data sources you didn’t think of collecting that are more likely to hold relevant information you’re looking for, allowing you to reduce the total amount of data you collect.

Grievance #3: Collecting/elevating bulky files for no real reason

Oftentimes, service providers charge their clients on a per-GB basis. Naturally, some file formats are going to take more GB than others. Photos take more data than text files; audio files take more data than photos; video files take more than audio; there are also many other industry-specific file formats that fall outside the realm of pdfs and jpegs.

As mentioned above, every case is different and sometimes bulky files (i.e. expensive to host and process) just come with the territory. However, bulky files also provide a convenient way for money-grubbing ALSPs to charge clients more without providing more value.

Sometimes those files hold irrelevant information that could be eliminated from the data population. Other times, the same information can be converted to smaller file sizes that would save the client money, but the service provider chooses not to because they care more about a short-term profit than building a long-term relationship with their client.

Grievance #4: Not caring enough about their cases’ outcomes

Attorneys need to create positive outcomes for their clients. Sure, no attorney can feasibly deliver the outcomes that clients want 100% of the time, but they need a high-enough success rate to build and maintain a good reputation and keep their business alive.

This isn’t necessarily true for eDiscovery vendors. For many ALSPs, the outcomes of cases don’t affect the bottom line as much as you might think they would. Assuming a company handles data in a timely manner without any spoliation issues, they can still make a pretty good buck and keep their reputation alive, even with a “losing record” in terms of those actual cases. Too many service providers are content to keep chugging along with this profitable, but lazy model.

Some are content to only return documents that match up with the specified keywords, even if there are others that might help win the case. ALSPs can play defense too. If they turn up documents that undermine their attorney’s current strategy, they can warn the attorney about that vulnerability while there’s still enough time to adapt. The best ALSPs can even help future matters run more smoothly.

 OR they could do none of this and just say “welp, we did our job, here’s your invoice.”

As an ALSP, your client gets paid to win. Ergo, if your services aren’t helping them win, how helpful are you?

What are your legal tech “grievances” this year? Let us know in the comments!

Why Mobile Data eDiscovery Is Different Than Email eDiscovery

It’s 2021, which means it’s highly unlikely that this is the first blog post you’ve read saying you need a mobile data eDiscovery plan. Most of us get that by now.

However, you can’t always take the same technology and approaches you’re currently using for email and superimpose them on mobile data. It just doesn’t work that way. Unfortunately, it can be hard to wrap your head around just how different texting and email really are until you’re neck deep in a project.

Today, we wanted to walk through some of the main things you need to account for while collecting, processing, and reviewing mobile data. By understanding the differences between these channels, you can not only ensure that you’re including mobile data in your eDiscovery strategy, but that you’re doing it right.

“Texting” is actually 3 different things that LOOK like 1 thing.

Generally speaking, emails are emails. After the initial collection, it doesn’t really matter much if those emails came from Macs or PCs, or if the company ran their emails through Microsoft 365 or Google Drive. Emails can be imported into a review platform, and reviewers don’t really have to care that much about where they initially came from.

What a layperson thinks of as “texting” is actually a combination of as many as three different types of communications: SMS, MMS, or iChat. We act like they’re the same thing because generally, our phones make them look like one thing. I don’t have a separate app for sending SMS messages vs. MMS messages. My phone doesn’t yell at me when I reach the character limit for an SMS, it just automatically converts it without me having to think about it.

During data processing, these messages that seem identical on the front end often get sorted out into different buckets on the back end. That means that if custodians were iChatting, lost wifi, and then switched to SMS, that single conversation may get ripped apart and reviewers have to piece it back together.

When you’re identifying potential sources of data, it’s important not to just ask about “texts.” If possible, try to figure out how texts break down into SMS, MMS, and iChat. The best mobile data eDiscovery technology can thread these messages together, and depending on how many phones you’re collecting, it might be worth that investment. At the very least, making sure you know how texts break down into SMS, MMS, and iChats helps you better assess how long review should take.

Mobile Communication Has No “Subject Line” 

Most work emails have a subject line; generally, emails in that same conversation also have that subject line. Sure, sometimes conversations naturally flow away from that initial subject, but at least it’s a valuable starting point that helps discovery teams understand what messages belong together, and which ones might be duplicates; this is the basis of how review platforms utilize email threading.

Not only does texting lack a “subject line,” it’s also a place where users simply don’t even try to sort their conversations out into multiple threads the same way. Earlier today, I frantically texted my mother about a jacket I left at her house, and within minutes she was asking me to text her a recipe for banana cake.

Those two conversations coexisted in the same thread, with messages right on top of each other. That’s just how a lot of us text. I pity any review team that would have to go through my phone and find messages relevant to their case with so many less relevant messages randomly scattered across my conversations. (On the bright side, they might get a nice banana cake recipe out of it!)

Threading messages into conversations is one of the most important things that any good review platform does for reviewers; it’s even more important when users aren’t naturally “threading” their conversations together by default.

Mobile Communication Usually Requires More Redactions

On a related note, professional communication is more likely to co-mingle with personal communication in text messages compared to email. That’s especially true in companies where employees still use their personal device for company business. With email, we tend to have a dedicated work account apart from our personal email account. Users understand that there’s no reasonable expectation of privacy in their work emails. That’s not always true in mobile, particularly at companies that don’t issue company-owned phones or have clear Bring-Your-Own-Device (BYOD) policies.

What if that thread where two work friends texted about trade secrets also mentioned things like doctors’ appointments or included pictures of their kids? Legal teams need to be able to redact irrelevant personal information in order to protect custodians’ privacy. That irrelevant personal information rarely shows up in emails, so redacting isn’t a concern to quite the same extent.

Some review platforms support redactions more easily than others. A cumbersome redaction process might not be the end of the world when you’re primarily dealing with emails, but it can seriously hinder progress when there’s a lot of mobile communication and redactions are needed more often.


When there’s a lot of mobile data in your eDiscovery project, it’s important to consider how technology and user behavior shapes this data. This is nowhere near an exhaustive list of the reasons why texting and email are different, but we hope it’s enough to get your wheels turning. What kinds of stumbling blocks have are tripping up your mobile data investigations? Reach out today and let us know!

Curious to know more about how Contact Discovery attacks mobile data investigations? Check out MobileRev™!

Contact Discovery’s MobileRev™ solution turns text messages into near-native images for review

What Do You Do When eDiscovery Tech Support Isn’t Enough?

There’s a pressing legal matter at hand. Deadlines are fast approaching. The last thing you want is to be stuck waiting on a response from tech support. Unfortunately, this is becoming an all-to common issue with eDiscovery platforms.  

Too often, software companies overstate the simplicity of their products. While it may be perfectly true that an end user finds a program intuitive and easy to use, that doesn’t necessarily equate to easy maintenance behind the scenes. When legal teams are too quick to buy these allegedly silver bullet solutions without anticipating that extra maintenance, it can lead to friction that slows down discovery.

Naturally, legal teams look to their tech support at whatever company made the software. Oftentimes, support staff is doing the best they can, but they can only do so much. If a software company is pouring money into sales and marketing efforts, but not scaling IT support at a fast enough pace to accommodate those extra users, it usually leads to frustration all around. As more and more venture capital flows into eDiscovery from people who don’t actually have any real experience in discovery, that industry-wide growing pain is unlikely to go away anytime soon.

eDiscovery vendors have an important role to play here. By bridging the gap between end users and software companies, service providers can help alleviate some of the strain on tech support, making it more helpful to those who do need it. Meanwhile, legal teams can increase the functionality of their existing software, solving their problems for (usually) far less money than investing in new software.

But why isn’t this program as easy to use as the salesperson said it would be?

Different people mean different things when they say “easy.” A lot of the latest eDiscovery solutions are far more intuitive than ever before, which is great! That tends to be what most companies will focus on in their sales and marketing efforts.

However, ease of use doesn’t automatically translate to ease of maintenance.

For example, my brother and I own two different cars, specifically a 2007 Honda Accord (me)  and a special edition Toyota 86 (my brother). My brother’s car handles really well. He can make tight turns at high speeds in a way I can’t. He can accelerate faster. The driving experience is all-around better in his car than mine (presuming you can drive a stick shift of course).

There’s a flip side to this. My brother has to put premium gas in his car; mine takes unleaded. It’s easier for me to find mechanics who keep the parts my car needs in stock. If my brother has an issue, it’s more likely that his mechanic would have to special order the part he needs, thus keeping his car in the shop longer. So while the “user experience” in his car is better, my car is easier and cheaper to maintain. Sometimes ease of use and ease of maintenance coexist, sometimes they don’t. It’s just important to recognize that they’re not the same thing, and one does not necessitate the other.

eDiscovery is an ever-changing field, which means many software programs require regular updates. The more intricate the software is, the more intricate those updates are likely to be, and they can take a while to install. How do you get them done while still making sure a discovery environment is ready to go when reviewers need it? In some cases, the Contact team will run patches at midnight, if that’s what it takes to avoid disruptions to our clients’ regular workflows. By providing crucial, ongoing support to a discovery environment, service providers can step in and offer ease of maintenance to compliment the software’s ease of use.

Why would I need an eDiscovery vendor if I can do most discovery in-house?

We’ve found that technical maintenance of eDiscovery environments can still be a common stumbling block, even for organizations that are fairly capable of handling most other aspects of discovery. That makes sense if you think about it. Plenty of people can drive a car, but don’t know how to change their own oil.

One of the misconceptions such organizations have about “service providers” is that you only need them if you plan on significant outsourcing. A firm that has their own software license and qualified project managers doesn’t need to spend money on costly vendors unless there’s an abnormally large sum of data at hand.

However, retaining a vendor to manage a discovery environment can be far less expensive than paying a vendor to actually do your discovery work for you. It’s similar to how owning your own car still requires you to pay for gas and upkeep, but you’re not going to spend as much as you would if you took a taxi every time you had to go somewhere.

Most lawyers already know that paying for litigation costs far more than the hours it would take to review contracts and close loopholes before they’re exploited; discovery software maintenance works the same way. It’s more economical to stay on top of updates and patches than it is to put out fires as they happen.

“Tech support can be great for solving one particular problem in the here and now,” says Zack Schanz, Director of Project Management at Contact Discovery Services. “It’s not really built to maintain your environment and prevent problems before they happen. They also don’t have the same knowledge of a client’s environment that we do because we’re in that environment every day.”

“You get a lot of brains for the price of one,” says Scott Keeble, Director of eDiscovery Operations at Contact Discovery. “We have more regular communication between our team members compared to an average tech support line, where maybe Joe is handling this ticket but has no direct communication with Jane who handled your last ticket, just a brief summary in the report. We’re able to quickly reach out to each other and say ‘hey, what did you do last time?’ and get to solutions quicker.”

“Can’t I just have my regular IT team take care of this for me?”

Well, it depends. Yes, technically any IT department could learn to manage an advanced eDiscovery software environment. However, they’re also managing other IT functions too. Your company’s email system; the billing and accounting software; the contract management platform; any other databases your organization needs to function properly; the underlying hosting and internet that all those other things rely on to work.

All of those things need routine updates; All of those things can be potential sources of data breaches if you’re not on top of maintenance. All of those things can become slow and dysfunctional if they’re not supported by the right infrastructure. A good IT team can juggle all those programs and keep technology running smoothly for everyone else.

However, there’s a misconception among non-IT people that once you “work in IT” it’s easy to simply add more programs to your plate. The truth is IT is just like any other job: the longer your list of responsibilities gets, the harder it can be to do all of them well.

We recommend consulting your IT department before any major commitment to a new discovery platform (or any software solution for that matter). They’ll know what they can and can’t handle, what resources they might need for implementation, and they’ll be able to better predict how steep the learning curve will be.

If your internal IT people are already spread pretty thin, a vendor can help. A team of dedicated discovery professionals that are focused on your review software frees up your regular IT department to stay on top of all their other responsibilities. Plus, they can apply their discovery experience with other clients to your technology in a way more generalized IT personnel can’t.

Still Have Questions About How Service Providers Can Keep Your Discovery Programs Up and Running? We’re all ears.

3 Things That Are Wasting Your Legal Budget

Virtually everyone across all industries is currently trying to “do more with less.” The legal world is no different. More and more attorneys want to know what investments will actually get returns, and many have become skeptical of pay models that once seemed infallible.

The best legal budgets that “do more with less” are a perfect calibration of technology investments, internal functionality, and strategic outside partners. At Contact, we pride ourselves on helping legal teams find the right balance that works for them. There are certain challenges we encounter over and over again, and today we’re letting you in on some of the common stumbling blocks that result in overspending.

1. Too Many Vendors

There’s often money to be saved by reducing the total number of vendors that you rely on to help you with litigation. Almost any vendor will offer you better pricing on services if you buy more from them. It also mitigates risk to limit sensitive data to as few people/organizations as possible.

The thing is, no managing partner or general counsel wakes up one day and says “I’d like my sensitive data scattered across as many vendors as possible.” So why is it such a common problem?

One issue could be misunderstanding which vendors are capable of what services. If you hired eDiscovery “R” Us for a processing job last month, but no one thought to ask if they also had forensic services, you might go to a separate vendor for this month’s collection. Meanwhile, you could’ve gotten a better deal by bundling forensics and processing together at eDiscovery “R” Us.

Another issue could be overestimating the need for “specialized” vendors. Many vendors position themselves as “specialists” but it’s not always clear if they’re adding more value than more generalized vendors who can do the same job. Such specialists certainly play a valuable role in the eDiscovery industry; however, it can be incredibly difficult for lawyers to decide if a specialist is necessary for a given matter.

Still another issue could be poor communication between team members who are all hiring vendors. Ideally, you don’t want different lawyers each blasting their own unique network of vendors for each new matter. What if Tom, Dick, and Harry each have their own internal investigation? You might be able to get a better deal by buying legal technology services “in bulk” from one vendor rather than letting Tom, Dick, and Harry each pick their favorite from their own address books. 

We recommend having some kind of system that allows all attorneys to pull their vendors from the same pool, and routinely weeding out the ones that underperform or are overpriced. There are even tech solutions such as Contact’s M8™ that are specifically designed to help you with this. It’s also good to have eDiscovery expertise either internally or in a trusted consultant. This expert can help determine if you need to bring in specialized vendors or if giving the entire job to one comprehensive vendor is the better move.

2. Investing in outsourcing rather than training.

As the old adage goes, “give a man a fish, he eats for a day. Teach a man to fish, he eats for a lifetime.”

Oftentimes, your internal team is capable of more than you think, they just need the right training. This is especially true as long as law schools focus on the theory and history of the law but devote relatively little time to teaching lawyers how to use technology.

It’s a waste of money to buy technology your team never adopts, but it’s also a waste of money to pay vendors to do things you could do internally. The best way to walk the fine line between these two forms of malinvestment is usually some combination of the right technology paired with proper training on how to use it.

Sometimes legal teams choose to switch to more modern technology, but grossly underestimate the growing pains of that transition. Don’t make that mistake. Understand that there will be an adjustment period, and give your team the requisite empathy. Ask them what resources they’ll need to become confident on the new solution and act on that intel. Maybe you’ll want to plan training workshops, or temporarily hire some extra support staff that can be on-call to answer your team’s questions. 

3. Paying lawyers to do things non-lawyers could do

Lawyers have hard-earned expertise and deserve to be compensated for it. The most efficient organizations tend to make the most of their attorneys’ knowledge and talent. They can’t do that when those lawyers are stuck sifting through spreadsheets or combing through the internet for trademark violations.

Efficient organizations let their lawyers focus on lawyering. If there’s enough grunt work to justify hiring more support staff, they do. That could take the form of an outside service provider, or bringing on more internal hires.

While it could seem counterintuitive to hire more people when budgets are tight, firms that give lawyers the support they need can usually afford to take on heavier caseloads and generate more revenue in the long run. In corporate settings, the legal department is less of a bottleneck when lawyers have ample support staff.

Every case is different, and there is a myriad of different reasons why you might not be making the most of your legal budget. It’s important to get to the root cause of such inefficiencies and come up with long term solutions that will work for you.  

If you have any other questions about how to make the most of your legal budget, reach out to Contact today.

3 Questions to Help You Get the Most Out of Your eDiscovery Vendor


Like it or not, legal tech vendors are often a necessary part of complex matters. There are different ways to go about engaging a vendor, and some approaches can prove more helpful than others. While it’s easy to get swept up in a major litigation or investigation, we like to think that in-depth conversations with vendors are never a waste of time. At least, it’s not if you’re doing them right.

There are certain topics you may have never thought to bring up with your vendor before, but you might be pleasantly surprised where you end up if only you ask the right questions. In that spirit, we’re spotlighting three questions that will help you get more out of your vendor partnerships and why we think they’re important.

1. How Have You Handled Similar Matters for Other Clients?

It’s common for clients to enter into a vendor contract with certain expectations. One of the issues with this is that a client’s idea of what a vendor should do is oftentimes heavily based on how other vendors have handled those matters in the past. That begs the question… If you were satisfied with how that other vendor did things before, why did you seek out a new vendor for this matter?

Asking your vendor “How have you handled similar matters for other clients?” is a great way to signal that you’re open to other solutions beyond the predictable ones you’re used to. A vendor rightfully won’t reveal any identifying details about those other clients, but they can usually give you a general gist of other options on the table. It also mitigates risk if you know they’ve actually implemented the proposed solution before.

Try not to approach vendors with a preconceived notion of how they should handle your project. Instead, describe the project and your goals in as much detail as possible, and ask them what they think makes the most sense. If they’re worth their salt, you’ll probably find their perspective valuable regardless of whether or not you go with their exact plan.

2. Can You Present Several Approaches to This Matter That Would Still Work?

Oftentimes, there’s no “right answer” in eDiscovery. Good vendors can offer several different plans with different pros and cons and then leave the choice up to you. Maybe Strategy 1 is a prudent strategy that conserves budget while maximizing efficiency and Strategy 2 requires a higher investment but would provide for a more thorough approach.

Sometimes vendors will pitch a discovery plan not because they think it’s the best strategy, but because they think it’s the strategy their client wants to hear. Asking for multiple plans can give your vendor the freedom to strut their stuff and come up with a more innovative,  unconventional approach without the fear of losing a more conservative client. If you let them pitch you the “safe” strategy as well as the unexpected-but-potentially-better strategy, you negate that risk for them. The ultimate choice will still be up to you.

It can also reveal a LOT about a vendor if they’re unable to come up with more than one way to approach a problem. When vendors are consistently looking to their clients for guidance, or trying to fit square peg clients into the same round holes, it calls into the question whether they’re truly “experts” in eDiscovery. On the other hand, a vendor who can give you several possible approaches probably knows how to think creatively about your case, and will be able to quickly adapt to your needs should you decide to switch up your strategy later.

3. How Will Your Plan Help Me With Future Matters?

Truly great discovery work doesn’t just leave you with a positive outcome in this specific case. It also helps you win future cases. When you know which information is most relevant and it’s stored in places where the right people can easily recall it, you don’t have to devote as many resources to discovery if a similar case comes up again.

Some vendors are content to just process your data, give it back to you, then move on to the next client. That’s not exactly wrong, they’ve done everything they agreed to do for you; however, they could’ve done even more and established a plan for the future if only you’d asked.

Some data might not be relevant for the case at hand, but might be helpful in the future. If a vendor knows that planning for future matters is a priority, they can point stuff like that out. You can keep it in a safe place in case anyone tries to bring another suit against you later. Maybe your team can look for potential vulnerabilities and recommend you close them before anyone gets the chance to litigate. All of it begins with you telling your vendor that you want a proactive approach.



What questions do you think case teams should ask their vendors? Let us know in the comments!

7 Deadly Sins of Service Providers: Part 3

Note: This post is the conclusion to our blog series, “The 7 Deadly Sins of Legal Service Providers.” You can find the first 3 “sins” in Part 1 and the second 2 in Part 2. Here are the final two things alternative legal service providers do, either intentionally or unintentionally, that hurt their clients in the end.

Sin #6: Seeing your independence as a threat

All too often, eDiscovery service providers try to perpetuate client dependency. They want constant meetings/emails with you. They want you to be in the dark unless you go through them. They fear that giving you the ability to do more discovery work yourself, or more information about the work you’re paying them to do will hurt their business. This should give you pause.

If your service provider truly consists of experts in the field, they should be secure in the knowledge that they will always be helpful to you, no matter how much you internalize discovery. After all, how many lawyers worry about their clients suddenly firing them to defend themselves in court?

They don’t, because they know that their knowledge and expertise eclipses their clients’ knowledge of the law, and likely always will. True expertise will always be in demand. If your service provider is trying to monopolize as much of the process as they can out of fear that you’ll one day learn how easy it is to do it yourself… are they really experts?

Good service providers will let you keep control over the parts of discovery you’d like to control. (As we mentioned in part 1, an all-or-nothing approach is another sin!) Great service providers will even help you take more of the work in-house. That’s because they know that ultimately, they’re the discovery experts and they will always be able to help you in ways you can’t help yourself, much the same way lawyers can always be helpful to their clients.

Sin #7: Putting their own growth above efficiency

Service providers are businesses, and it’s totally normal for businesses to want growth. However, growing too quickly without carefully strategizing how you’re going to scale often leaves once-happy clients frustrated.

The story goes something like this:

  1. Let’s start an eDiscovery business since we know the space well, and are pretty good at it. Great! Clients are happy!

  2. There’s so much work to do! Time to hire more people. Great eDiscovery practitioners can be hard to come by, so maybe we’ll hire a few people here and there that are decent, but not great. We’ll also need more people in different cities to take care of clients in those other markets, which might hinder communication between teams if we’re not careful.

  3. You know what would really help though? Getting an injection of capital from investors who know absolutely nothing about eDiscovery. That way we can hire more new people and open more offices.

  4. Several years have gone by now. Remember those investors who knew nothing about eDiscovery? They’ve continued to take on more and more clients regardless of their team’s ability to keep up. They’ve instituted rigid procedures that their subordinates (who do know how eDiscovery works) have to follow; more work has to get subcontracted out; the ability to routinely reassess and improve procedures as discussed in Part 2 is significantly compromised; worst of all, those once-happy clients find that their once-reliable vendor is getting more and more difficult to work with as each year goes by.

Too often, vendors that do this are able to coast by on the prestige and name recognition they’ve built up despite their decline in quality. They grew, and will likely keep growing, but at the expense of efficiency and client satisfaction.

Now, none of this is to say that any eDiscovery business that’s big is automatically bad. Certainly there are advantages that come along with scale. It’s simply to say that as a service provider scales, it’s important to constantly ask “how will this affect my clients?” Careful, deliberate growth is a good thing, and usually benefits clients as well as service providers. Clients can streamline their outsourcing to fewer vendors as those vendors get big enough to expand their capabilities. Reckless growth that disregards client needs often creates inefficient workflows and lowers that vendor’s ability to tailor services to the matter at hand.


That concludes our 7 Deadly Sins series. We hope these blogs gave you an idea of what to look for in an ALSP if you’re in the market for one, and we hope they help other ALSPs better serve their clients. If you have more questions, or simply want to let us know what you think makes a good ALSP, you can reach out to us at info@contactdiscoveryservices.com or on social media.

Signal vs. Cellebrite: What You Need to Know

If you’re part of legal investigations that involve any kind of electronic data, you need to know what’s happening between Signal and Cellebrite.

Cellebrite makes one of the industry’s most commonly used digital forensics tools, and Signal CEO Moxie Marlinspike has recently publicized alleged vulnerabilities in Cellebrite’s security measures. Continuing to use outdated versions of Cellebrite, especially without other best practices of digital forensics in place, could open the door for system hacks as well as opposing counsel questioning the integrity of your evidence.

These types of legal proceedings can cause substantial disruptions in forensic labs worldwide.  Forensic extractions and analysis would have to pause for the duration of the imaging process; forensic labs would need to relocate sensitive data to other platforms; ultimately the legal costs associated with these additional acquisitions and analysis could be significant. Luckily, there’s a few relatively simple steps you can take now to prevent the astronomical time and expense it would take to deal with any spoliation issues.

The Background

Signal and Cellebrite exist on two opposite sides of the technology spectrum: Signal is a messaging app that offers end-to-end encrypted messaging. Digital privacy is their primary selling point. Cellebrite is a digital forensics company.  When law enforcement seizes an electronic device for an investigation, there are good odds that someone, somewhere is using Cellebrite technology to unlock it and collect data. That means one of their primary selling points is the ability to circumvent privacy measures when the situation calls for it. You can understand why two such companies would end up at odds. It’s a never-ending cat and mouse game: a win in forensics is normally seen as a loss in security and vice versa.

In a blog post, Signal CEO Moxie Marlinspike made several serious allegations against Cellebrite’s security protocols:

  • That Cellebrite has not updated some of their source code files since 2012, despite hundreds of updates to these files becoming available since then.

  • That because most of the data extracted by Cellebrite comes from third-party apps rather than the device itself, it would be possible for any untrusted app developer to put files in their apps that would corrupt Cellebrite output and reporting. 

  • That if such an exploitation were to occur, not only would it undermine that particular collection, but any prior and future collections done with that same Cellebrite device.

  • That “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

  • That Cellebrite appeared to also include unlicensed iTunes software, opening the door for legal challenges from Apple to Cellebrite and its users.

Marlinspike’s blog post also concluded with some “completely unrelated news” about how new updates to Signal would feature files in app storage for “aesthetic purposes.”

Some have interpreted this to mean that not only is Marlinspike saying these vulnerabilities in Cellebrite exist, but that he intends to actively use his own Signal app to wreak havoc on Cellebrite investigations.

Of course, no can know for sure, but if that’s true it poses a substantial threat. Signal had over 40 million users as of January 2021, so it’s only a matter of time until law enforcement ends up investigating a phone where the app is installed.

Other Important Context

While it’s not exactly wrong to say that some of these vulnerabilities look like rookie mistakes to an outsider, it’s important to recognize that unlike the consumer-facing Signal app, Cellebrite is not intended for use by laypeople. Anyone using Cellebrite to extract data from a device is most likely an expert in digital forensics who’s taking other precautions to prevent the kind of corruption that Marlinspike describes.

Cellebrite’s original customer base consisted of government and law enforcement agencies.  Many of these organizations use forensic workstations that are isolated from internet accessible devices. They also sanitize their workspaces between cases to avoid cross-contamination between different devices’ data. Assuming these best practices are in place, the risk of rogue executables coming from mobile devices the way Signal suggests is incredibly low.  

However, as Cellebrite has grown, so has their number of private sector clients who use workstations that rely on the same networks as other company devices. That means that if someone were to exploit the vulnerabilities that Marlinspike mentions in his blog, the ramifications could be company wide, not just a matter of corrupting one device.

More remote collections in light of the pandemic also complicates things. In light of these developments, the concern of untrusted data on a mobile device corrupting an acquisition is real; unlikely, but real none the less. We also have to remember that in forensics, theoretical possibilities matter. Ideally, you do not just want to prove that no one tampered with your data, but that it was highly unlikely that anyone could have tampered with your data.

The publicization of Cellebrite’s vulnerabilities is already having real-world consequences. In Maryland, a defense attorney named Ramon Razos is asking for a re-trial because law enforcement relied heavily upon Cellebrite evidence to convict his client.

So… can I keep using Cellebrite in my investigations?

The short answer is, yes. You can keep using Cellebrite and significantly reduce your risk of data spoliation with just a few best practices of forensics. Namely, run the most recent version of Cellebrite.

According to Vice, Cellebrite issued an update less than a week after Marlinspike published his blog post. While Cellebrite did not explicitly say that these patches were meant to address Marlinspike’s grievances, the timing certainly makes it look that way. In the same Vice article, Cellebrite allegedly asserts that “Based on our reviews, we have not found any instance of this vulnerability being exploited in the real-life usage of our solutions.”

Again, those using Cellebrite should be forensic experts with other tricks up their sleeve. They’re not relying entirely on Cellebrite technology for effective preservation, but some combination of Cellebrite technology and their own failsafe measures. 

A forensic analyst should always spot check their work by manually reviewing the raw files to confirm the forensic software parsed out the intended artifacts. Spot checks of the data on the physical device can also reassure the investigative team that they have maintained data integrity.

If you’re a lawyer who’s paying someone else to handle your forensics, make sure your vendor is aware of the current Cellebrite situation and has applied the most recent patches. It’s also totally fair to ask your vendor what other non-Cellebrite measures are in place to ensure data integrity and defensibility. Are they sanitizing work stations between collections? Are they spot checking their data? You deserve to know.

While the risk of data corruption is most likely far lower than Marlinspike wants Cellebrite customers to believe, it is there, and the consequences of an exploitation are too great not to check all your bases.

If you have any other questions about digital forensics, you can reach out to Contact at info@contactdiscoveryservices.com.

7 Deadly Sins of Legal Service Providers: Part 2

Last week we shared with you the first 3 Deadly Sins of Legal Service Providers. Well, we’re back at it now with part 2! Here are two more “sins” of eDiscovery service providers.

Sin #4: Not reevaluating their own processes often enough

A man once said “I’m starting with the man in the mirror. I’m asking him to change his ways.”

eDiscovery is an ever-changing industry, and it’s easy to get so caught up in client needs that providers never turn their focus inward. However, it’s precisely because of that fast pace and constantly shifting nature of the industry that self-reflection and improvement is important. A workflow that made sense six months ago might not make sense now.  Maybe there’s new software improvements that could streamline processes you’re currently using multiple solutions for.

A good service provider has to be vigilant about their own processes as well as all the work they do for clients. At the end of the day, an eDiscovery vendor that isn’t taking care of itself will struggle to take care of you. Let me repeat that.

An eDiscovery vendor that isn’t taking care of itself will struggle to take care of you.

You probably wouldn’t hire a personal trainer that doesn’t take time for their own workouts. This is no different.

Another great perk to hiring eDiscovery providers who are routinely reevaluating their own processes and implementing their own improvements is that that they can apply that experience to their work for clients.

If a service provider has recently evaluated different technology and implemented it internally, they’re in a great spot to answer your questions about the pros and cons of those solutions. They know what curveballs you should anticipate through implementation. They can help you train your team on new platforms. Their first hand experience translates into valuable knowledge that benefits their clients.

At Contact, we recently decided to merge two departments into one. It’s not that it was bad or wrong to do things the way we were before, we just realized that advancements in technology allowed us to train employees in things they couldn’t do before. Sure, we still would’ve been a functional eDiscovery vendor if we had stuck to our status quo. However, training more employees in more disciplines and making it easier for them to communicate with each other will make us an even more well-oiled machine.

On that note….

Sin #5: Not cross-training your employees

A lot of eDiscovery marketers (myself included) love to talk about their “specialized expertise.” And why not? eDiscovery is a discipline all to itself, apart from the discipline of lawyers. More than that, eDiscovery is the intersection of several very different disciplines, notably technology, law, and business. For that reason, no one can truly be a “specialist” in every last part of the process.

People who make great data engineers are not necessarily well suited for managing document review, and vice versa. People who understand the litigation process inside and out may be completely clueless when it comes to implementing new information governance practices that are compliant and secure. Discovery takes a village.

Sometimes eDiscovery service providers are so dead set on hiring ”specialists” that they lose sight of this bigger picture. They have a lot of people who are great at one specific thing, but lack the knowledge to effectively communicate with their teammates and clients.  

At Contact, we’ve found the key lies somewhere in the middle: hire specialists, but also make sure team members have a firm grasp on each other’s specialties. Our team is able to understand our clients’ larger strategy and how their specialty fits into it. This allows for more collaboration between people of different backgrounds, which often leads to better-fitting solutions for clients’ challenges.

Service providers who use this philosophy are also usually able to deal with the regular (or not-so-regular) curveballs of business with fewer disruptions to service. In March 2020, when nearly every company on the planet had to completely rethink how they do business, we were able to shift to our new COVID-world model with zero disruptions to clients’ cases. That’s partially because so many of our team members understood work outside their specialty.


Curious to know what the final two sins of eDiscovery service providers? Follow us on social media for updates!