The Founder of the biggest computer microprocessor corporation in the world, Intel Corporation, predicted in 1965 that roughly every two years the amount of transistors that could be placed on a silicon chip would double. This theory, referred to as Moore's Law, has held true and has been one main reasons for the tremendous growth of the internet and the continuing complexity, speed and size of electronic information processing and storage systems. This phenomenon, known as "the digital revolution", has led to a fundamental shift in the way information is used and stored.

Information has always been a key driver of markets and society in general, and the advent of the digital revolution has made this information more dynamic, and as the internet has evolved, more readily available in virtual real time, leading to previously un-thought of efficiencies and benefits in all aspects of life.

There has also been a downside to this digital revolution – one is the increase in computer based criminal activities or "cyber crime" where criminals have exploited this readily available information and the technology hosting it for their own means, the other is the vast quantity of data which is stored in a multitude of formats and on various platforms. In order to address these areas, the specialist fields of computer forensics and electronic discovery have evolved.

Digital technology has completely revolutionised the manner in which individuals and corporations create, use, communicate and store information. Information that was traditionally created in a paper based format ("hardcopy format") is now almost exclusively created, stored and used in an electronic format, and is referred to as Electronically Stored Information ("ESI"). This seismic shift in information use and consumption has had a knock on effect in regards to collecting and analysing evidential material, especially in the context of litigation and corporate investigations. Another impact of the proliferation of digital information systems has been the almost continuous digital foot print that is generated by individuals. Being able to effectively extract, analyse and present this information using computer forensics and electronic discovery techniques, tools and methodologies is essential in combating the rise of cyber crime and supporting litigation matters.

With the advent of ever more complex Information Technology systems, information that was traditionally created and archived in hardcopy format has moved into the electronic medium, being stored on ever larger capacity servers, desktops and laptops as well as a dizzying array of personal digital storage devices. Businesses and attorneys given the task of conducting a discovery process relating to an investigation, court supervised legal process or a regulatory compliance exercise have historically been accustomed to sifting through large volumes of hardcopy format documents. With the advances in technology mentioned earlier hardcopy format documents are becoming less important as a primary source of information, as they are being replaced by ESI. Of course the sheer scale of ESI being generated has significantly increased the chances of missing the electronic equivalent of the essential "smoking gun" document that might be crucial in an investigation.

The Paper Trail

Historically in cases of corporate litigation, the discovery process has involved collating all paper based material, and printing out all electronic material for examination or disclosure. This material is then manually reviewed and logged. These processes are time consuming, expensive and not wholly inclusive.

The continuing proliferation of ESI, especially the use of and dependency on email communication, has meant that reviewing data in this traditional way would mean dealing with unmanageable levels of paper documents. For instance, 1 gigabyte of electronic data will typically equate to approximately 110,000 printed pages and a typical business user holds in the region of 5 gigabytes of ESI. This equates to approximately 550,000 printed pages or about 1,100, 500 page lever arch files for each user.

Using traditional review and disclosure methods is not only time consuming and expensive but it also doesn't reveal the potentially crucial information that is 'locked' within an electronic file ("Metadata"). Metadata is akin to an electronic fingerprint of a document and is commonly described as "data about data". It is essentially a hidden level of information embedded in each individual electronic file. For example a Microsoft Word document contains information, or metadata, that reveals amongst other things when the file was created and what particular machine or assigned user created the file, and in the case of emails, data relating to the originating computer for the message and who else received the message as blind copy information can be retrieved from the email metadata. It is easy to see how this metadata can prove crucial in a criminal or civil action. Under a traditional hardcopy review this information would most probably be missed.

Ash Mahmood, an Assistant Manager and computer forensics specialist for Deloitte Cayman, notes that "To conduct a basic hardcopy relevance review of 5 gigabytes of ESI could cost a client somewhere in excess of $100,000 to conduct a a similar soft copy review would cost $15,000 to $20,000. Considering that in most cases the actual quantity of data will far exceed this, the cost associated to conduct a paper based relevancy exercise will often be prohibitive, especially when compared to a soft copy review.

To illustrate his point the table below outlines the amounts of data that can be stored on different IT media and its equivalent hardcopy format size.

(Illustration caption) As illustrated above modern IT systems generate vast amounts of information and it is estimated that on average 90%1 of this information never gets printed to paper.

In a litigation scenario most of this information would need to be reviewed and its relevance graded, and most individual businesses and law firms do not have the necessary skills or the tools required to collect and process data on this scale.

The collection and management of ESI in this context requires expertise to avoid compromising the evidential integrity of the data and to provide a consistent and thorough review in a cost effective manner. The methodologies developed by experts in the computer forensics and electronic discovery arenas encompass the entire discovery process of ESI, from initially collecting the information from IT systems and storage media to using multiple tools that have the ability to process data from different email systems, network files and databases in various electronic formats. Being faced with the task of sifting large amounts of ESI can prove to be quite daunting but having the ability to sift through the available sources of data and removing duplicate versions of the same file or email and finally being able to cull the data for relevancy in a precise and forensically sound manner that will stand up in a court of law, can help law firms and their clients make substantial cost and time savings and find material relevant to the investigation or case. The chances of finding the document that could prove to be the "smoking gun" in a criminal or civil case is greatly increased by adopting a sound electronic discovery methodology.

The need for systems and professionals to deal with the avalanche of electronic data generated as a result of a regulatory request, legal discovery exercise or corporate investigation is increasing exponentially and this increased demand has required businesses and law firms to address the methods by which ESI is collected, processed and analysed. The need for professionals to address these demands has never been greater and has led to professional services firms investing heavily in technology and training to keep ahead of the curve. These developments have propelled electronic data management from a niche service to a service that is becoming an essential part of the legal, corporate investigatory and regulatory landscape.

As Chris Rowland, a Director with Deloitte's Financial Advisory Services group notes, "Any business today faced with a discovery process in the context of potential litigation or regulatory action cannot begin to satisfy those obligations without the use of computer forensics and electronic discovery skills and methodologies. This includes having in place policies and controls relating to the archiving and destruction of data, especially in the time period following the notification of proceedings or the receipt of an order requiring disclosure".

As the pace of technological change keeps increasing unabated, companies need to be putting in place a strategy for dealing effectively with the archiving, destruction and potential discovery of ESI produced and stored within their organisations.


1. USC Berkley study 2003 and Lexis Nexis

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.