ESI - outsource or in-house

It goes without saying, that paper based transactions are declining and communication via email are increasing at a rapid rate. The majority, if not all documents, are created digitally. Taking into account current news headlines, a number of in-house legal teams as well as legal firms will be inundated with enquiries regarding their documentation, including the ESI (Electronically Sourced Information).

In countries such as the United States (E-discovery)  and The United Kingdom (E-Disclosure) are common practice and the rules of court has been substantially adapted to ensure compliance, including extremely tight turnaround times for the production of results.

When confronted with the possibility of any form of litigation, it will mostly be extremely beneficial for the organisation to have an in-house team that is not only IT savvy, but also has the skill set to collect and maintain the authenticity and legality of all information that may be used as evidence at a later stage. Your in -house team will therefore have to maintain a number of skills sets and certifications including maintaining their Continued Education points and maintain a working knowledge and application ability on all:

IT desktop support; Cloud computing (and cloud forensic knowledge), servers, desktop devises, Laptops, Mobile devices (which is further complicated by a the active use of Bring your own device policies held by many organisations; Permissions; Firewalls and other security related aspects that may influence the collection of data (such as system wide to folder specific encryption);The infrastructure and hardware and their specific uses of the organisation; The flow of data and the back-up of all data and what is available; The log file system and it’s influence on the collectability and/or proof of evidence; A working knowledge of the various operating systems utilised by their organisation and keeping updated with the regular updates and the influence these have on your system (many larger organisations maintain a number of OS at the same time as not all devices are upgraded to the newest systems all the time)- these are aspects the majority of organisations assume their IT team to have knowledge of.

In order to ensure that the information obtained from the system is however sound for the purpose of litigation, your team will also have to have specialised knowledge on internationally accepted Standard Operating Procedures for the forensic collection of the information; the expertise to soundly secure the evidence and identify all possible sources (non-compliance of a directive from a legal hold or the inadvertent destruction of data may lead to hefty fines); the ability to distinguish what can be deducted from the varying operating systems, the metadata attached to each document and the differences in interpretation between operating systems and different versions of documents,  must be able to interpret the results of the data collected and be able to testify as to their expertise and the results in a court. 

In-house teams can be supported by numerous forensic tools that is available on the market to support the team in relation to aspects such as automatic collection/ identification of information. These tools are expensive and must also be maintained and operated by persons specifically trained in the use thereof.

The importance of the process followed in processing the data from the moment it is collected and stored and  being able to document the manner in which it is secured and processed before it is reviewed by the in-house or external legal team, cannot be overstated. Data is volatile and the smallest incorrect action can lead to the loss of valuable information in the search for proof or to disproof any allegation.

Maintaining such a multiskilled team fall outside of the budgetary constraints of most organisations. The IT field as well as the legal aspects of the admissibility of data is in constant transformation and teams need to be consistently alert and updated on new developments. 

We recommend that you identify a service provider that maintains a multiskilled team, that is up to date with all Operating Systems, communication methods, hardware and software and maintain their forensic skills on a professional level by specialising in Outsourced Litigation Support Services as part of your Incident Response Plan. Contact them to be part of your project plan from the outset or as early as possible. 

Contributed by:

Cyanre – The Digital Forensic Lab (Pty) Ltd
Tel: + 27 (0) 12 664 0066


Please enter your comment!
Please enter your name here

thirteen + 4 =